Your message dated Mon, 21 Jan 2008 16:02:06 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#461544: fixed in vlc 0.8.6.c-6
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: vlc
Version: 0.8.6-svn20061012.debian-5etch1
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for vlc.
CVE-2008-0296[0]:
| Heap-based buffer overflow in the libaccess_realrtsp plugin in
| VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow
| remote RTSP servers to cause a denial of service (application crash)
| or execute arbitrary code via a long string.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
I contacted upstream for a patch of this.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0296
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpuJqx8sZtw8.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: vlc
Source-Version: 0.8.6.c-6
We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive:
libvlc0-dev_0.8.6.c-6_i386.deb
to pool/main/v/vlc/libvlc0-dev_0.8.6.c-6_i386.deb
libvlc0_0.8.6.c-6_i386.deb
to pool/main/v/vlc/libvlc0_0.8.6.c-6_i386.deb
mozilla-plugin-vlc_0.8.6.c-6_i386.deb
to pool/main/v/vlc/mozilla-plugin-vlc_0.8.6.c-6_i386.deb
vlc-nox_0.8.6.c-6_i386.deb
to pool/main/v/vlc/vlc-nox_0.8.6.c-6_i386.deb
vlc-plugin-alsa_0.8.6.c-6_all.deb
to pool/main/v/vlc/vlc-plugin-alsa_0.8.6.c-6_all.deb
vlc-plugin-arts_0.8.6.c-6_i386.deb
to pool/main/v/vlc/vlc-plugin-arts_0.8.6.c-6_i386.deb
vlc-plugin-esd_0.8.6.c-6_i386.deb
to pool/main/v/vlc/vlc-plugin-esd_0.8.6.c-6_i386.deb
vlc-plugin-ggi_0.8.6.c-6_i386.deb
to pool/main/v/vlc/vlc-plugin-ggi_0.8.6.c-6_i386.deb
vlc-plugin-glide_0.8.6.c-6_i386.deb
to pool/main/v/vlc/vlc-plugin-glide_0.8.6.c-6_i386.deb
vlc-plugin-jack_0.8.6.c-6_i386.deb
to pool/main/v/vlc/vlc-plugin-jack_0.8.6.c-6_i386.deb
vlc-plugin-sdl_0.8.6.c-6_i386.deb
to pool/main/v/vlc/vlc-plugin-sdl_0.8.6.c-6_i386.deb
vlc-plugin-svgalib_0.8.6.c-6_i386.deb
to pool/main/v/vlc/vlc-plugin-svgalib_0.8.6.c-6_i386.deb
vlc_0.8.6.c-6.diff.gz
to pool/main/v/vlc/vlc_0.8.6.c-6.diff.gz
vlc_0.8.6.c-6.dsc
to pool/main/v/vlc/vlc_0.8.6.c-6.dsc
vlc_0.8.6.c-6_i386.deb
to pool/main/v/vlc/vlc_0.8.6.c-6_i386.deb
wxvlc_0.8.6.c-6_all.deb
to pool/main/v/vlc/wxvlc_0.8.6.c-6_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Loic Minier <[EMAIL PROTECTED]> (supplier of updated vlc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 21 Jan 2008 16:16:51 +0100
Source: vlc
Binary: wxvlc vlc-plugin-sdl vlc-plugin-ggi vlc-plugin-alsa vlc-plugin-jack
vlc-plugin-glide vlc-plugin-esd mozilla-plugin-vlc vlc libvlc0 vlc-plugin-arts
vlc-nox vlc-plugin-svgalib libvlc0-dev
Architecture: source all i386
Version: 0.8.6.c-6
Distribution: unstable
Urgency: high
Maintainer: Debian multimedia packages maintainers <[EMAIL PROTECTED]>
Changed-By: Loic Minier <[EMAIL PROTECTED]>
Description:
libvlc0 - multimedia player and streamer library
libvlc0-dev - development files for VLC
mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC
vlc - multimedia player and streamer
vlc-nox - multimedia player and streamer (without X support)
vlc-plugin-alsa - dummy transitional package
vlc-plugin-arts - aRts audio output plugin for VLC
vlc-plugin-esd - Esound audio output plugin for VLC
vlc-plugin-ggi - GGI video output plugin for VLC
vlc-plugin-glide - Glide video output plugin for VLC
vlc-plugin-jack - Jack audio plugins for VLC
vlc-plugin-sdl - SDL video and audio output plugin for VLC
vlc-plugin-svgalib - SVGAlib video output plugin for VLC
wxvlc - dummy transitional package
Closes: 461544
Changes:
vlc (0.8.6.c-6) unstable; urgency=high
.
[ Nico Golde ]
* This update addresses the following security issues (Closes: #461544).
- CVE-2008-0295: Heap-based buffer overflow in real_sdpplin.c
which could lead to user-assisted arbitrary code execution
via crafted SDP data.
- CVE-2008-0296: Heap-based buffer overflow in libaccess_realrtsp plugin
which might lead to arbitrary code execution via a crafted RTSP server.
.
[ Loic Minier ]
* Merge above changes by Nico Golde.
Files:
e50a9490e7e1fcd18bd0f848e74c5fef 2699 graphics optional vlc_0.8.6.c-6.dsc
05872186a1153d140e968e759c50324c 38376 graphics optional vlc_0.8.6.c-6.diff.gz
9d76a8765d3790405eca65095ce48dd2 798 graphics optional
vlc-plugin-alsa_0.8.6.c-6_all.deb
518b07cc03a70ac8a3adaadb76f92c72 794 graphics optional wxvlc_0.8.6.c-6_all.deb
d9b3bd005e14104fae64e4a1e6e9adea 1146550 graphics optional
vlc_0.8.6.c-6_i386.deb
cde49ce6411fd67a0e92e1dadfb92ddc 4696340 net optional
vlc-nox_0.8.6.c-6_i386.deb
976e58bd4e45949ea370b7e12a30f1b7 467448 libs optional
libvlc0_0.8.6.c-6_i386.deb
43b9f2256ccb427b5536ae4807f212a3 510808 libdevel optional
libvlc0-dev_0.8.6.c-6_i386.deb
161ba0e0b73c4d4a9338037d65f92974 4820 graphics optional
vlc-plugin-esd_0.8.6.c-6_i386.deb
43220f5ae796bae0dbef832dd0c2a66d 10886 graphics optional
vlc-plugin-sdl_0.8.6.c-6_i386.deb
f9ced529c365713b5eb80943203c7ead 5928 graphics optional
vlc-plugin-ggi_0.8.6.c-6_i386.deb
686898766e26255daa64b591e4e4d438 4190 graphics optional
vlc-plugin-glide_0.8.6.c-6_i386.deb
d8c1933adf898b1f89ca765d9445af2a 4068 graphics optional
vlc-plugin-arts_0.8.6.c-6_i386.deb
2b434fe5c4659227939d501e1282e211 37768 graphics optional
mozilla-plugin-vlc_0.8.6.c-6_i386.deb
d1ff9a60f3770dd88dacc11449a4e3c1 4526 graphics optional
vlc-plugin-svgalib_0.8.6.c-6_i386.deb
41808e79cc54517f89d60a79a66631eb 4798 graphics optional
vlc-plugin-jack_0.8.6.c-6_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHlL8s4VUX8isJIMARArboAJ9ldXpIgO/Ca6Y1BrZgjOaMqr78zgCfTIB5
ujpzwWYA9qU+I8B0rSmz7gI=
=gztA
-----END PGP SIGNATURE-----
--- End Message ---
