Package: iceweasel Version: 31.2.0esr-3 Severity: grave Tags: security Justification: user security hole
Dear Maintainer, I loaded the attached video. This crashed iceweasel with the following message: > out of memory: 0x00000000FFFFFFFF bytes requested > Segmentation fault I am concerned this could be exploitable. -- Package-specific info: -- Addons package information -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 3.13-1-686-pae (SMP w/1 CPU core) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages iceweasel depends on: ii debianutils 4.4 ii fontconfig 2.11.0-6.1 ii libasound2 1.0.28-1 ii libatk1.0-0 2.14.0-1 ii libc6 2.19-11 ii libcairo2 1.12.16-2 ii libdbus-1-3 1.8.8-1+b1 ii libdbus-glib-1-2 0.102-1 ii libevent-2.0-5 2.0.21-stable-1.1 ii libffi6 3.1-2 ii libfontconfig1 2.11.0-6.1 ii libfreetype6 2.5.2-2 ii libgcc1 1:4.9.1-16 ii libgdk-pixbuf2.0-0 2.30.8-1 ii libglib2.0-0 2.42.0-2 ii libgtk2.0-0 2.24.24-1 ii libhunspell-1.3-0 1.3.3-2 ii libnspr4 2:4.10.7-1 ii libnss3 2:3.17.1-1 ii libpango-1.0-0 1.36.8-2 ii libsqlite3-0 3.8.6-1 ii libstartup-notification0 0.12-4 ii libstdc++6 4.9.1-16 ii libvpx1 1.3.0-2.1 ii libx11-6 2:1.6.2-3 ii libxext6 2:1.3.2-1 ii libxrender1 1:0.9.8-1 ii libxt6 1:1.1.4-1 ii procps 2:3.3.9-8 ii zlib1g 1:1.2.8.dfsg-2 iceweasel recommends no packages. Versions of packages iceweasel suggests: pn fonts-mathjax <none> pn fonts-oflb-asana-math <none> pn fonts-stix | otf-stix <none> ii libcanberra0 0.30-2.1 ii libgnomeui-0 2.24.5-3 ii libgssapi-krb5-2 1.12.1+dfsg-10 pn mozplugger <none> -- no debconf information
SHUT-IT-DOWN.webm
Description: video/webm
