Your message dated Tue, 15 Jul 2008 09:55:17 +0200 with message-id <[EMAIL PROTECTED]> and subject line Re: Bug#490900: vlc: new version 0.8.6i fixes CVE-2008-2430 (integer overflow in WAV demuxer) has caused the Debian Bug report #490900, regarding vlc: new version 0.8.6i fixes CVE-2008-2430 (integer overflow in WAV demuxer) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 490900: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490900 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: vlc Version: 0.8.6.h-1 Severity: grave Tags: security Justification: user security hole Hello, http://wiki.videolan.org/Changelog/0.8.6i Security updates * Fixed integer overflow in WAV demuxer (CVE-2008-2430) ... Thanks for updating the package. Noèl -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.25-2-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages vlc depends on: ii libaa1 1.4p5-37+b1 ascii art library ii libatk1.0-0 1.22.0-1 The ATK accessibility toolkit ii libavcodec51 0.svn20080206-10 ffmpeg codec library ii libc6 2.7-12 GNU C Library: Shared libraries ii libcaca0 0.99.beta14-1 colour ASCII art library ii libcairo2 1.6.4-6 The Cairo 2D vector graphics libra ii libcdio7 0.78.2+dfsg1-3 library to read and control CD-ROM ii libcucul0 0.99.beta14-1 low-level Unicode character drawin ii libdbus-1-3 1.2.1-2 simple interprocess messaging syst ii libdbus-glib-1-2 0.76-1 simple interprocess messaging syst ii libfreetype6 2.3.7-1 FreeType 2 font engine, shared lib ii libfribidi0 0.10.9-1 Free Implementation of the Unicode ii libgcc1 1:4.3.1-6 GCC support library ii libgl1-mesa-glx [libgl 7.0.3-5 A free implementation of the OpenG ii libglib2.0-0 2.16.4-1 The GLib library of C routines ii libglu1-mesa [libglu1] 7.0.3-5 The OpenGL utility library (GLU) ii libgtk2.0-0 2.12.11-1 The GTK+ graphical user interface ii libice6 2:1.0.4-1 X11 Inter-Client Exchange library ii libiso9660-5 0.78.2+dfsg1-3 library to work with ISO9660 files ii libjpeg62 6b-14 The Independent JPEG Group's JPEG ii libnotify1 [libnotify1 0.4.4-3 sends desktop notifications to a n ii libpango1.0-0 1.20.5-1 Layout and rendering of internatio ii libpng12-0 1.2.27-1 PNG library - runtime ii libsdl-image1.2 1.2.6-3 image loading library for Simple D ii libsdl1.2debian 1.2.13-2 Simple DirectMedia Layer ii libsm6 2:1.0.3-2 X11 Session Management library ii libstdc++6 4.3.1-6 The GNU Standard C++ Library v3 ii libtar 1.2.11-5 C library for manipulating tar arc ii libtiff4 3.8.2-10 Tag Image File Format (TIFF) libra ii libvcdinfo0 0.7.23-4 library to extract information fro ii libvlc0 0.8.6.h-1 multimedia player and streamer lib ii libwxbase2.6-0 2.6.3.2.2-2 wxBase library (runtime) - non-GUI ii libwxgtk2.6-0 2.6.3.2.2-2 wxWidgets Cross-platform C++ GUI t ii libx11-6 2:1.1.4-2 X11 client-side library ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar ii libxinerama1 2:1.0.3-2 X11 Xinerama extension library ii libxosd2 2.2.14-1.5 X On-Screen Display library - runt ii libxv1 2:1.0.4-1 X11 Video extension library ii ttf-dejavu-core 2.25-1 Vera font family derivate with add ii vlc-nox 0.8.6.h-1 multimedia player and streamer (wi ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime vlc recommends no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Version: vlc 0.8.6.h-1 Hi, * Noel Köthe <[EMAIL PROTECTED]> [2008-07-15 09:49]: [...] > * Fixed integer overflow in WAV demuxer (CVE-2008-2430) This is already fixed, the current vlc package contains a patch to fix this. Please check the security tracker for the CVE id if you have one before filing a bug. Have a look at http://security-tracker.debian.net/tracker/CVE-2008-2430 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.pgpRZ8rLRxCeN.pgp
Description: PGP signature
--- End Message ---