Bug#490900: marked as done (vlc: new version 0.8.6i fixes CVE-2008-2430 (integer overflow in WAV demuxer))

Debian Bug Tracking System Tue, 15 Jul 2008 01:06:26 -0700

Your message dated Tue, 15 Jul 2008 09:55:17 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Re: Bug#490900: vlc: new version 0.8.6i fixes CVE-2008-2430 
(integer overflow in WAV demuxer)
has caused the Debian Bug report #490900,
regarding vlc: new version 0.8.6i fixes CVE-2008-2430 (integer overflow in WAV 
demuxer)
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
490900: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490900
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems

--- Begin Message ---

Package: vlc
Version: 0.8.6.h-1
Severity: grave
Tags: security
Justification: user security hole

Hello,

http://wiki.videolan.org/Changelog/0.8.6i

  Security updates

      * Fixed integer overflow in WAV demuxer (CVE-2008-2430) 
  ...

Thanks for updating the package.

Noèl

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.25-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages vlc depends on:
ii  libaa1                 1.4p5-37+b1       ascii art library
ii  libatk1.0-0            1.22.0-1          The ATK accessibility toolkit
ii  libavcodec51           0.svn20080206-10  ffmpeg codec library
ii  libc6                  2.7-12            GNU C Library: Shared libraries
ii  libcaca0               0.99.beta14-1     colour ASCII art library
ii  libcairo2              1.6.4-6           The Cairo 2D vector graphics libra
ii  libcdio7               0.78.2+dfsg1-3    library to read and control CD-ROM
ii  libcucul0              0.99.beta14-1     low-level Unicode character drawin
ii  libdbus-1-3            1.2.1-2           simple interprocess messaging syst
ii  libdbus-glib-1-2       0.76-1            simple interprocess messaging syst
ii  libfreetype6           2.3.7-1           FreeType 2 font engine, shared lib
ii  libfribidi0            0.10.9-1          Free Implementation of the Unicode
ii  libgcc1                1:4.3.1-6         GCC support library
ii  libgl1-mesa-glx [libgl 7.0.3-5           A free implementation of the OpenG
ii  libglib2.0-0           2.16.4-1          The GLib library of C routines
ii  libglu1-mesa [libglu1] 7.0.3-5           The OpenGL utility library (GLU)
ii  libgtk2.0-0            2.12.11-1         The GTK+ graphical user interface 
ii  libice6                2:1.0.4-1         X11 Inter-Client Exchange library
ii  libiso9660-5           0.78.2+dfsg1-3    library to work with ISO9660 files
ii  libjpeg62              6b-14             The Independent JPEG Group's JPEG 
ii  libnotify1 [libnotify1 0.4.4-3           sends desktop notifications to a n
ii  libpango1.0-0          1.20.5-1          Layout and rendering of internatio
ii  libpng12-0             1.2.27-1          PNG library - runtime
ii  libsdl-image1.2        1.2.6-3           image loading library for Simple D
ii  libsdl1.2debian        1.2.13-2          Simple DirectMedia Layer
ii  libsm6                 2:1.0.3-2         X11 Session Management library
ii  libstdc++6             4.3.1-6           The GNU Standard C++ Library v3
ii  libtar                 1.2.11-5          C library for manipulating tar arc
ii  libtiff4               3.8.2-10          Tag Image File Format (TIFF) libra
ii  libvcdinfo0            0.7.23-4          library to extract information fro
ii  libvlc0                0.8.6.h-1         multimedia player and streamer lib
ii  libwxbase2.6-0         2.6.3.2.2-2       wxBase library (runtime) - non-GUI
ii  libwxgtk2.6-0          2.6.3.2.2-2       wxWidgets Cross-platform C++ GUI t
ii  libx11-6               2:1.1.4-2         X11 client-side library
ii  libxext6               2:1.0.4-1         X11 miscellaneous extension librar
ii  libxinerama1           2:1.0.3-2         X11 Xinerama extension library
ii  libxosd2               2.2.14-1.5        X On-Screen Display library - runt
ii  libxv1                 2:1.0.4-1         X11 Video extension library
ii  ttf-dejavu-core        2.25-1            Vera font family derivate with add
ii  vlc-nox                0.8.6.h-1         multimedia player and streamer (wi
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

vlc recommends no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

Version: vlc 0.8.6.h-1

Hi,
* Noel Köthe <[EMAIL PROTECTED]> [2008-07-15 09:49]:
[...] 
>       * Fixed integer overflow in WAV demuxer (CVE-2008-2430) 

This is already fixed, the current vlc package contains a 
patch to fix this.
Please check the security tracker for the CVE id 
if you have one before filing a bug.

Have a look at http://security-tracker.debian.net/tracker/CVE-2008-2430

Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

pgpRZ8rLRxCeN.pgp
Description: PGP signature

--- End Message ---

Bug#490900: marked as done (vlc: new version 0.8.6i fixes CVE-2008-2430 (integer overflow in WAV demuxer))

Reply via email to