Your message dated Wed, 22 Oct 2008 20:54:15 +0200
with message-id <[EMAIL PROTECTED]>
and subject line closing
has caused the Debian Bug report #503118,
regarding vlc: CVE-2008-4686 integer overflow in ty parsing
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
503118: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503118
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: vlc-nox
Version: 0.8.6.h-4
Severity: grave
File: libty_plugin
Tags: security
Justification: user security hole
VLC versions 0.8.2 through 0.9.4 are prone to an exploitable
stack-based buffer overflow in the TY (TiVo) file parser.
See also http://www.videolan.org/security/sa0809.html
N.B.: please give me the CVE ID if you allocate one.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.27 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages vlc-nox depends on:
ii liba52-0.7.4 0.7.4-11 library for decoding ATSC A/52 str
ii libasound2 1.0.16-2 ALSA library
ii libavahi-client3 0.6.23-2 Avahi client library
ii libavahi-common3 0.6.23-2 Avahi common library
ii libavc1394-0 0.5.3-1+b1 control IEEE 1394 audio/video devi
ii libavcodec51 0.svn20080206-14 ffmpeg codec library
ii libavformat52 0.svn20080206-14 ffmpeg file format library
ii libavutil49 0.svn20080206-14 ffmpeg utility library
ii libc6 2.7-15 GNU C Library: Shared libraries
ii libcdio7 0.78.2+dfsg1-3 library to read and control CD-ROM
ii libdbus-1-3 1.2.1-3 simple interprocess messaging syst
ii libdvbpsi4 0.1.5-3.1 library for MPEG TS and DVB PSI ta
ii libdvdnav4 4.1.2-3 DVD navigation library
ii libdvdread3 0.9.7-11 library for reading DVDs
ii libebml0 0.7.7-3.1 access library for the EBML format
ii libfaad0 2.6.1-3.1 freeware Advanced Audio Decoder -
ii libflac8 1.2.1-1.2 Free Lossless Audio Codec - runtim
ii libfreetype6 2.3.7-2 FreeType 2 font engine, shared lib
ii libfribidi0 0.10.9-1 Free Implementation of the Unicode
ii libgcc1 1:4.3.2-1 GCC support library
ii libgcrypt11 1.4.1-1 LGPL Crypto library - runtime libr
ii libgnutls26 2.4.2-1 the GNU TLS library - runtime libr
ii libhal1 0.5.11-5 Hardware Abstraction Layer - share
ii libid3tag0 0.15.1b-10 ID3 tag reading library from the M
ii libiso9660-5 0.78.2+dfsg1-3 library to work with ISO9660 files
ii liblircclient0 0.8.3-3 infra-red remote control support -
ii libmad0 0.15.1b-3 MPEG audio decoder library
ii libmatroska0 0.8.1-1.1 extensible open standard audio/vid
ii libmodplug0c2 1:0.8.4-2 shared libraries for mod music bas
ii libmpcdec3 1.2.2-1 Musepack (MPC) format library
ii libmpeg2-4 0.4.1-3 MPEG1 and MPEG2 video decoder libr
ii libncurses5 5.6+20081011-1 shared libraries for terminal hand
ii libogg0 1.1.3-4 Ogg Bitstream Library
ii libpng12-0 1.2.27-2 PNG library - runtime
ii libpostproc51 0.svn20080206-14 ffmpeg video postprocessing librar
ii libraw1394-8 1.3.0-4 library for direct access to IEEE
ii libsmbclient 2:3.2.3-3 shared library that allows applica
ii libspeex1 1.2~rc1-1 The Speex codec runtime library
ii libstdc++6 4.3.2-1 The GNU Standard C++ Library v3
ii libsysfs2 2.1.0-5 interface library to sysfs
ii libtheora0 1.0~beta3-1 The Theora Video Compression Codec
ii libtwolame0 0.3.12-1 MPEG Audio Layer 2 encoding librar
ii libvcdinfo0 0.7.23-4 library to extract information fro
ii libvlc0 0.8.6.h-4 multimedia player and streamer lib
ii libvorbis0a 1.2.0.dfsg-3.1 The Vorbis General Audio Compressi
ii libvorbisenc2 1.2.0.dfsg-3.1 The Vorbis General Audio Compressi
ii libxml2 2.6.32.dfsg-4 GNOME XML library
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
vlc-nox recommends no packages.
vlc-nox suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 0.9.4-2
Sorry I didn't see you included the second patch as well as
it wasn't mentioned in the changelog.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpmTspafLHKn.pgp
Description: PGP signature
--- End Message ---