Your message dated Sat, 06 Jun 2009 18:32:29 +0000
with message-id <[email protected]>
and subject line Bug#529633: fixed in vlc 0.9.9a-3
has caused the Debian Bug report #529633,
regarding mozilla-plugin-vlc: Logging through Javascript hurts privacy
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
529633: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529633
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: mozilla-plugin-vlc
Version: 0.9.9a-2
Severity: important
Tags: security
Hello,
The logging Javascript API (vlc.log.*) provided by this plugin can leak
sensitive informations to third party websites. For instance, one can
enumerate the content of file system by "opening" a directory and then
watching for playlist item messages.
Please remove this mis-feature.
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (100, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.29.3 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages mozilla-plugin-vlc depends on:
ii libc6 2.9-12 GNU C Library: Shared libraries
ii libgcc1 1:4.4.0-5 GCC support library
ii libstdc++6 4.4.0-5 The GNU Standard C++ Library v3
ii libvlc2 0.9.9a-2 multimedia player and streamer lib
ii libx11-6 2:1.2.1-1 X11 client-side library
ii libxpm4 1:3.5.7-1 X11 pixmap library
ii libxt6 1:1.0.5-3 X11 toolkit intrinsics library
ii vlc 0.9.9a-2 multimedia player and streamer
ii vlc-nox 0.9.9a-2 multimedia player and streamer (wi
mozilla-plugin-vlc recommends no packages.
mozilla-plugin-vlc suggests no packages.
--- End Message ---
--- Begin Message ---
Source: vlc
Source-Version: 0.9.9a-3
We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive:
libvlc-dev_0.9.9a-3_i386.deb
to pool/main/v/vlc/libvlc-dev_0.9.9a-3_i386.deb
libvlc2_0.9.9a-3_i386.deb
to pool/main/v/vlc/libvlc2_0.9.9a-3_i386.deb
libvlccore-dev_0.9.9a-3_i386.deb
to pool/main/v/vlc/libvlccore-dev_0.9.9a-3_i386.deb
libvlccore0_0.9.9a-3_i386.deb
to pool/main/v/vlc/libvlccore0_0.9.9a-3_i386.deb
mozilla-plugin-vlc_0.9.9a-3_i386.deb
to pool/main/v/vlc/mozilla-plugin-vlc_0.9.9a-3_i386.deb
vlc-data_0.9.9a-3_all.deb
to pool/main/v/vlc/vlc-data_0.9.9a-3_all.deb
vlc-dbg_0.9.9a-3_i386.deb
to pool/main/v/vlc/vlc-dbg_0.9.9a-3_i386.deb
vlc-nox_0.9.9a-3_i386.deb
to pool/main/v/vlc/vlc-nox_0.9.9a-3_i386.deb
vlc-plugin-arts_0.9.9a-3_i386.deb
to pool/main/v/vlc/vlc-plugin-arts_0.9.9a-3_i386.deb
vlc-plugin-esd_0.9.9a-3_i386.deb
to pool/main/v/vlc/vlc-plugin-esd_0.9.9a-3_i386.deb
vlc-plugin-ggi_0.9.9a-3_i386.deb
to pool/main/v/vlc/vlc-plugin-ggi_0.9.9a-3_i386.deb
vlc-plugin-jack_0.9.9a-3_i386.deb
to pool/main/v/vlc/vlc-plugin-jack_0.9.9a-3_i386.deb
vlc-plugin-pulse_0.9.9a-3_i386.deb
to pool/main/v/vlc/vlc-plugin-pulse_0.9.9a-3_i386.deb
vlc-plugin-sdl_0.9.9a-3_i386.deb
to pool/main/v/vlc/vlc-plugin-sdl_0.9.9a-3_i386.deb
vlc-plugin-svgalib_0.9.9a-3_i386.deb
to pool/main/v/vlc/vlc-plugin-svgalib_0.9.9a-3_i386.deb
vlc_0.9.9a-3.diff.gz
to pool/main/v/vlc/vlc_0.9.9a-3.diff.gz
vlc_0.9.9a-3.dsc
to pool/main/v/vlc/vlc_0.9.9a-3.dsc
vlc_0.9.9a-3_i386.deb
to pool/main/v/vlc/vlc_0.9.9a-3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christophe Mutricy <[email protected]> (supplier of updated vlc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 06 Jun 2009 16:56:16 +0200
Source: vlc
Binary: vlc vlc-dbg vlc-nox libvlccore0 libvlc2 libvlccore-dev libvlc-dev
vlc-plugin-esd vlc-plugin-sdl vlc-plugin-ggi vlc-plugin-arts mozilla-plugin-vlc
vlc-plugin-svgalib vlc-plugin-jack vlc-plugin-pulse vlc-data
Architecture: source all i386
Version: 0.9.9a-3
Distribution: unstable
Urgency: medium
Maintainer: Debian multimedia packages maintainers
<[email protected]>
Changed-By: Christophe Mutricy <[email protected]>
Description:
libvlc-dev - development files for libvlc
libvlc2 - multimedia player and streamer library
libvlccore-dev - development files for libvlccore
libvlccore0 - base library for VLC and its modules
mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC
vlc - multimedia player and streamer
vlc-data - Common data for VLC
vlc-dbg - debugging symbols for vlc
vlc-nox - multimedia player and streamer (without X support)
vlc-plugin-arts - aRts audio output plugin for VLC
vlc-plugin-esd - Esound audio output plugin for VLC
vlc-plugin-ggi - GGI video output plugin for VLC
vlc-plugin-jack - Jack audio plugins for VLC
vlc-plugin-pulse - PulseAudio plugin for VLC
vlc-plugin-sdl - SDL video and audio output plugin for VLC
vlc-plugin-svgalib - SVGAlib video output plugin for VLC
Closes: 476375 523035 526603 527012 528044 529633
Changes:
vlc (0.9.9a-3) unstable; urgency=medium
.
* Correct typo in 0.9.9a-2 changelog entry
* Disable more optimization with DEB_BUILD_OPTIONS=noopt
* Cache the configure test results as we're running configure several
times
* Fix building as root
* Fix the clean target
* Remove unexistant config options
* Better check commad line
* Use all the procs on i386 and amd64
* Build a version of libvlccore without altivec (Closes: #523035)
* Fix typo (thanks to Salvatore Bonaccorso)(Closes: #528044)
* Reword the command line to get full logs in bug/presubj (Closes: #527012)
* Remove duplicate "extended Settings" entry in context menu
(Closes: #526603) - thanks to Matt Kraai
* Disable the logging facility in the javascript of moz plugin
This was a privacy hole. (urgency=medium)(Closes: #529633)
* Patch to support libmpc new API (Closes: #476375) - thanks to Yavor
Doganov
* Disable-maintener mode
* Make sure unpatch is last in the clean target
Checksums-Sha1:
ed9eb910355f3ea0d13fd0fa74f5ce43216b0768 3269 vlc_0.9.9a-3.dsc
67c57dad7a68295dfadc0761731a3d3add275b31 53387 vlc_0.9.9a-3.diff.gz
56e1c46763227a5acb0c2f8fcf91337c879b98c9 5861734 vlc-data_0.9.9a-3_all.deb
e76983a6adcfe88f537cc5dbbb0eb35e46bd4d1c 1672174 vlc_0.9.9a-3_i386.deb
d038b831f6d1039a3a569499e0b2963fca6e780d 11026590 vlc-dbg_0.9.9a-3_i386.deb
e641c548f055e3498f51d756fafc4782c8631d70 2750774 vlc-nox_0.9.9a-3_i386.deb
ffa16a9e4ab41fb14ba59a81c84c1d452fc27ac9 391080 libvlccore0_0.9.9a-3_i386.deb
84a27dc6080a054f9964d6007457c5e588d2e230 46336 libvlc2_0.9.9a-3_i386.deb
db3ad696e493f051f1b30d58febec44648d56cba 526484
libvlccore-dev_0.9.9a-3_i386.deb
84c57443d1df8ce88d17e2b3f8a1abc34c3eda8d 62166 libvlc-dev_0.9.9a-3_i386.deb
c1cf5f8e555c18a9d6192fe6c6166be763bf551f 4656 vlc-plugin-esd_0.9.9a-3_i386.deb
daaabcc2a4815747e57e5e85afdf0d0ec5eef00b 11444 vlc-plugin-sdl_0.9.9a-3_i386.deb
10b31f857871b8b4e0d6ff0e9c18f186ceaf13e9 5874 vlc-plugin-ggi_0.9.9a-3_i386.deb
3bdb937ba3891c32d8ff56326795c03e65949118 3896 vlc-plugin-arts_0.9.9a-3_i386.deb
dc70789df12191df36a34e41ec2833654f06e20b 38110
mozilla-plugin-vlc_0.9.9a-3_i386.deb
aef9e403643373dfd5d23e25b98aef248e28cb11 4478
vlc-plugin-svgalib_0.9.9a-3_i386.deb
9b9ca20565e5a64f9ac674b0e16a305b76651437 10536
vlc-plugin-jack_0.9.9a-3_i386.deb
9d58e3fb5a6fc0b6d01beb1c01756239abca397e 6760
vlc-plugin-pulse_0.9.9a-3_i386.deb
Checksums-Sha256:
1d31e6d8a8d7a40ec2cda18d1680e6eedb8d3f731132bd0cff3be817acc0c07b 3269
vlc_0.9.9a-3.dsc
8fe706ce2d46e33f7ff3bf2e898ba146d6f6e7a372fcd97557d62511ec6479eb 53387
vlc_0.9.9a-3.diff.gz
6676a1a8705f164265d7f95a7b53105902cc45a2e56c7e7834abc6d583ef6b4c 5861734
vlc-data_0.9.9a-3_all.deb
33e68be8f1ef9cf5280cfccd70c254a065740a37db78c699cfcfb96ddd68c0fe 1672174
vlc_0.9.9a-3_i386.deb
7071cdfb609ecb8dff1ec10e94316fe9f793ba67d3990acfbbd1aeff58ba8d00 11026590
vlc-dbg_0.9.9a-3_i386.deb
3c64d9e8af0b67a85e4c33e57e3bbb6a8cd40cffb4b6ee7f264e09fafc37507b 2750774
vlc-nox_0.9.9a-3_i386.deb
9a5a7550b1c2f9bb3968686e2a3c0f9a11304635681cc5c2c28e9b0d1bf5bd9c 391080
libvlccore0_0.9.9a-3_i386.deb
e6b6a6409fa53ff5f17e6824a5af97a698cbcc64fa3f09eb792acebb95757f72 46336
libvlc2_0.9.9a-3_i386.deb
6dea19830037fa3d79ac733b0242b98c2ba0baace30b30d01c02998dddf6d5a8 526484
libvlccore-dev_0.9.9a-3_i386.deb
d2577a499f1698189913a4e8bb6cf8ef9ac9ef9db79231c79336f018f4ff7be9 62166
libvlc-dev_0.9.9a-3_i386.deb
b96bb5a80908eefea7bf0f43a23387e8c0f4451e2ad66f30c3b3a72801760390 4656
vlc-plugin-esd_0.9.9a-3_i386.deb
a99f0e5bf62732f90eb07f748ca3884c8bb962877613edef63977974bdefc3dc 11444
vlc-plugin-sdl_0.9.9a-3_i386.deb
a12509e934f93f394ac86575402aff30cccd745b8e8a3d7dd6006c82cf782c66 5874
vlc-plugin-ggi_0.9.9a-3_i386.deb
491484411ffaf280ded14ff840b8f2133172ca575683b1f8d45f8e5307826bb6 3896
vlc-plugin-arts_0.9.9a-3_i386.deb
9b60f3e2db0f0cb06f0579f37e68d2a43d34b2964bc4462b03add3dffc3d7ebc 38110
mozilla-plugin-vlc_0.9.9a-3_i386.deb
475a273e41a5fbd561fc8a105fec0718fb107eeb6256142bf19e8b6791bb4913 4478
vlc-plugin-svgalib_0.9.9a-3_i386.deb
9d7b8af2da076b78f6c77bf3608b8f048d615406ff7143298a2924af9c6b56a8 10536
vlc-plugin-jack_0.9.9a-3_i386.deb
59da4c3be59f6bb0a10c2f5a0b95b6cad5b037ba711038d77df36e61f86bb4e9 6760
vlc-plugin-pulse_0.9.9a-3_i386.deb
Files:
7c6b5baaa487ec9705fa22921c46bca6 3269 video optional vlc_0.9.9a-3.dsc
6bc2464939be7be110d5023042481ed0 53387 video optional vlc_0.9.9a-3.diff.gz
f942546b7943bcd6213017b927727853 5861734 video optional
vlc-data_0.9.9a-3_all.deb
cfa3e3d69327be245c1d20f8d8828812 1672174 video optional vlc_0.9.9a-3_i386.deb
49ff8d62892382f8cb535fcfec0c9eaa 11026590 debug extra vlc-dbg_0.9.9a-3_i386.deb
1a3e82b58ab7b7ab9e2a1b0869594134 2750774 video optional
vlc-nox_0.9.9a-3_i386.deb
5fc63836fe654aaee1c8fec954769d27 391080 libs optional
libvlccore0_0.9.9a-3_i386.deb
e8320dcf243300b8fd8e2d8dcb71e637 46336 libs optional libvlc2_0.9.9a-3_i386.deb
ba4f6fe637e97c99a2cffc21130a7dce 526484 libdevel optional
libvlccore-dev_0.9.9a-3_i386.deb
3705ddd53fcfcd695a58638e52dd8799 62166 libdevel optional
libvlc-dev_0.9.9a-3_i386.deb
51fe7aa68432d0e014857cc245e6d8ca 4656 video optional
vlc-plugin-esd_0.9.9a-3_i386.deb
e8ce8f78e1aae1846ccad719fd3b0b9e 11444 video optional
vlc-plugin-sdl_0.9.9a-3_i386.deb
79697e76deb231e3aee4532024e67d83 5874 video optional
vlc-plugin-ggi_0.9.9a-3_i386.deb
a06ab1d92fad8c408156ad42ea5a89b3 3896 video optional
vlc-plugin-arts_0.9.9a-3_i386.deb
dff8c742dbfeadb7329eecdec92f6ab7 38110 video optional
mozilla-plugin-vlc_0.9.9a-3_i386.deb
f3b7e15841b60cf49379e88a363b7724 4478 video optional
vlc-plugin-svgalib_0.9.9a-3_i386.deb
94d2b825fe282e901549089b51e8bcdb 10536 video optional
vlc-plugin-jack_0.9.9a-3_i386.deb
cd975a5f75053b72f5b46d8bd4bf934c 6760 video optional
vlc-plugin-pulse_0.9.9a-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Debian Powered!
iJwEAQECAAYFAkoqswIACgkQ78RAoABp8o8I0AP9GcDspUJFX04XXuGk1oVaKzP+
DwXs4b6OcHL4ouIcjsvHt5MJXNrbl9cKGnp1xYIlazxLN7wF6wB+u79KV8cxPw2L
WCS+VexyVap4h7MIuYlBg0nMqATLIRsi80L2v44C//HRgR87AY6chaONy4qxCEvQ
rQzcfREOq82agYxTdlc=
=2rZg
-----END PGP SIGNATURE-----
--- End Message ---
