Your message dated Wed, 13 Aug 2008 19:17:06 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#492870: fixed in xine-lib 1.1.14-2
has caused the Debian Bug report #492870,
regarding CVE-2008-3231: DoS via crafted OGG file
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
492870: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492870
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: libxine1-ffmpeg
Version: 1.1.14-1
Severity: important
Tags: security
Hi,
as discussed on IRC, here it goes.
The following CVE (Common Vulnerabilities & Exposures) id was
published for libxine1-ffmpeg.
CVE-2008-3231[0]:
| xine allows user-assisted attackers to cause a denial of service
| (application crash) via a crafted OGG file, as demonstrated by
| lol-ffplay.ogg.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3231
http://security-tracker.debian.net/tracker/CVE-2008-3231
--- End Message ---
--- Begin Message ---
Source: xine-lib
Source-Version: 1.1.14-2
We believe that the bug you reported is fixed in the latest version of
xine-lib, which is due to be installed in the Debian FTP archive:
libxine-dev_1.1.14-2_amd64.deb
to pool/main/x/xine-lib/libxine-dev_1.1.14-2_amd64.deb
libxine1-all-plugins_1.1.14-2_all.deb
to pool/main/x/xine-lib/libxine1-all-plugins_1.1.14-2_all.deb
libxine1-bin_1.1.14-2_amd64.deb
to pool/main/x/xine-lib/libxine1-bin_1.1.14-2_amd64.deb
libxine1-console_1.1.14-2_amd64.deb
to pool/main/x/xine-lib/libxine1-console_1.1.14-2_amd64.deb
libxine1-dbg_1.1.14-2_amd64.deb
to pool/main/x/xine-lib/libxine1-dbg_1.1.14-2_amd64.deb
libxine1-doc_1.1.14-2_all.deb
to pool/main/x/xine-lib/libxine1-doc_1.1.14-2_all.deb
libxine1-ffmpeg_1.1.14-2_amd64.deb
to pool/main/x/xine-lib/libxine1-ffmpeg_1.1.14-2_amd64.deb
libxine1-gnome_1.1.14-2_amd64.deb
to pool/main/x/xine-lib/libxine1-gnome_1.1.14-2_amd64.deb
libxine1-misc-plugins_1.1.14-2_amd64.deb
to pool/main/x/xine-lib/libxine1-misc-plugins_1.1.14-2_amd64.deb
libxine1-plugins_1.1.14-2_all.deb
to pool/main/x/xine-lib/libxine1-plugins_1.1.14-2_all.deb
libxine1-x_1.1.14-2_amd64.deb
to pool/main/x/xine-lib/libxine1-x_1.1.14-2_amd64.deb
libxine1_1.1.14-2_amd64.deb
to pool/main/x/xine-lib/libxine1_1.1.14-2_amd64.deb
xine-lib_1.1.14-2.diff.gz
to pool/main/x/xine-lib/xine-lib_1.1.14-2.diff.gz
xine-lib_1.1.14-2.dsc
to pool/main/x/xine-lib/xine-lib_1.1.14-2.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Darren Salt <[EMAIL PROTECTED]> (supplier of updated xine-lib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 13 Aug 2008 19:17:10 +0100
Source: xine-lib
Binary: libxine1-doc libxine1 libxine1-bin libxine-dev libxine1-ffmpeg
libxine1-gnome libxine1-console libxine1-x libxine1-misc-plugins libxine1-dbg
libxine1-plugins libxine1-all-plugins
Architecture: source all amd64
Version: 1.1.14-2
Distribution: unstable
Urgency: high
Maintainer: [EMAIL PROTECTED]
Changed-By: Darren Salt <[EMAIL PROTECTED]>
Description:
libxine-dev - the xine video player library, development packages
libxine1 - the xine video/media player library, meta-package
libxine1-all-plugins - the xine video/media player library, meta package
libxine1-bin - the xine video/media player library, binary files
libxine1-console - libaa/libcaca/framebuffer/directfb related plugins for
libxine1
libxine1-dbg - debug symbols for libxine1
libxine1-doc - the xine video player library, documentation files
libxine1-ffmpeg - MPEG-related plugins for libxine1
libxine1-gnome - GNOME-related plugins for libxine1
libxine1-misc-plugins - Input, audio output and post plugins for libxine1
libxine1-plugins - the xine video/media player library, meta package
libxine1-x - X desktop video output plugins for libxine1
Closes: 491671 492870
Changes:
xine-lib (1.1.14-2) unstable; urgency=high
.
* Fixes from upstream hg:
- CVE-2008-3231: denial of service (application crash) via a crafted OGG
file. (Closes: #492870)
- DoS (application crashes) via crafted Windows Media & AVI files.
- Fix crashes with some MP3 files on i386. (Closes: #491671)
- Avoid Xv deinterlacer image corruption on some chipsets.
- V4L buffer overflow & cleanup crash fixes.
- V4L CVBS & S-Video input fix.
* Fix a DoS (application crash) via crafted AAC files. This uses external
libfaad and, consequently, adds a build-dependency on libfaad-dev.
* Use standards version 3.8.0.
* Adjust libcdio-dev build-dep versioning (lintian warning).
Checksums-Sha1:
2d352b590113a175ae4a5444d539ab3533056eea 2205 xine-lib_1.1.14-2.dsc
fa86dd8914c2093620baef178e2f9eb5aa2698bd 33631 xine-lib_1.1.14-2.diff.gz
588130764ef82b9a57cc367640b589167d867a95 145144 libxine1-doc_1.1.14-2_all.deb
27b29d50c6cfdfcf8efdedc687fa873ca38bc4b3 53344
libxine1-plugins_1.1.14-2_all.deb
f2aafdee633d339f7f2db84104a5f8cb3ad07757 53354
libxine1-all-plugins_1.1.14-2_all.deb
7faa023a752f8e085b2e63150b70f0bedd867279 1260 libxine1_1.1.14-2_amd64.deb
66ec910361bfc542a18487c93af5dcd781f5b8ae 1617038
libxine1-bin_1.1.14-2_amd64.deb
2816d922997523efd92b9d6c2a2378ab83f2c599 334188 libxine-dev_1.1.14-2_amd64.deb
12bce0372c3f6594dc38048c4370097fbdb0868e 231638
libxine1-ffmpeg_1.1.14-2_amd64.deb
457135248c281adc34bdac494e1686af84ac1fb0 15450
libxine1-gnome_1.1.14-2_amd64.deb
d8a4de1b90bd51e0740d22039b0f8d275a5421cd 58496
libxine1-console_1.1.14-2_amd64.deb
67515771cc3496eaa3d0c140de18ae2387e4e85d 216472 libxine1-x_1.1.14-2_amd64.deb
ee2afa8b8678fae9460e83583f24ce88137040d5 931654
libxine1-misc-plugins_1.1.14-2_amd64.deb
a8870afa7ab5da4a9b1b67776030fa800cd72607 3706556
libxine1-dbg_1.1.14-2_amd64.deb
Checksums-Sha256:
70faca140924e9f210014cacf366a554cf561de3b3c2bed9940fa48d46bd696c 2205
xine-lib_1.1.14-2.dsc
c6fca96414c5e3b1caaf1e73927a6a21ed89a0cbd1433c0442077a793f478738 33631
xine-lib_1.1.14-2.diff.gz
7241f3967f8a330f4e089c35989d667f1ed0f52526dc08da55e22ac93ebc142b 145144
libxine1-doc_1.1.14-2_all.deb
df45187ce47e017fe2b771189b919d88aab6fca297a4940a2ab568409dd8e844 53344
libxine1-plugins_1.1.14-2_all.deb
0e7ba00cded5fdd002858246040b58a17c2aac4e35a589225a382bc022bc00d4 53354
libxine1-all-plugins_1.1.14-2_all.deb
8a025aad5bdfa11d3c53c38a64ca6b37f2e821c64639eac91614dbe053944018 1260
libxine1_1.1.14-2_amd64.deb
8637cb670201badb5b829146973bfb635fe3d537f28d6a72d99d0b13b06a0641 1617038
libxine1-bin_1.1.14-2_amd64.deb
58496ff5207cd21106609bfa6d22c28e1177f32b966c3a210fa6f2960bde11a5 334188
libxine-dev_1.1.14-2_amd64.deb
7169da1f42daec7fc40c9689b88137f8814ce70a8c0d28311b32364f138e5fc4 231638
libxine1-ffmpeg_1.1.14-2_amd64.deb
dd486c8bd8cff7abcb37a956ffa891a07f8252ab4ab4638e9fc4eabdba736831 15450
libxine1-gnome_1.1.14-2_amd64.deb
b47acccc2783c43c2060929633fbff6bbedea02eaea01ea4f78e986198c40263 58496
libxine1-console_1.1.14-2_amd64.deb
4cbc01b2de953276ede076464e35ec6fd2fd64a8dd29964e83989b6f494f5731 216472
libxine1-x_1.1.14-2_amd64.deb
8364bc985cb253c502d0c93591ce4f25d99bf1b3ad104c8166400604e13f1931 931654
libxine1-misc-plugins_1.1.14-2_amd64.deb
b0536af06590684601d8247b23aa5c45670979178991c62ae47d35034bca6326 3706556
libxine1-dbg_1.1.14-2_amd64.deb
Files:
e6b16ed9a9050e81f5958082b4fbb185 2205 libs optional xine-lib_1.1.14-2.dsc
5b0d09f1188ae841158275c4adb827f9 33631 libs optional xine-lib_1.1.14-2.diff.gz
0698d419ef686cdff37f58ff03c6c0ea 145144 doc optional
libxine1-doc_1.1.14-2_all.deb
548600fbdd933e527982447f30587519 53344 libs extra
libxine1-plugins_1.1.14-2_all.deb
e7a83c8368aa331af25df1a926730e85 53354 libs extra
libxine1-all-plugins_1.1.14-2_all.deb
b17eaf8492f8050dc651cb52a3d0d39e 1260 libs optional libxine1_1.1.14-2_amd64.deb
b7becd6e146268cc7c7a6ef5f55ad8d8 1617038 libs optional
libxine1-bin_1.1.14-2_amd64.deb
d5067fd47dc4b2c6e33d8f946c74b3fc 334188 libdevel optional
libxine-dev_1.1.14-2_amd64.deb
e123b0062b206652c21e69fc668fbdae 231638 libs optional
libxine1-ffmpeg_1.1.14-2_amd64.deb
a383c70f030813b01576ed4b8f8d5dc1 15450 libs optional
libxine1-gnome_1.1.14-2_amd64.deb
a923767d63a790ed44d05a4aabdf99e5 58496 libs extra
libxine1-console_1.1.14-2_amd64.deb
c2edcd723819b992aa5ec5a81c1d3822 216472 libs optional
libxine1-x_1.1.14-2_amd64.deb
a457171b4b81ced289f9c143305bef1b 931654 libs optional
libxine1-misc-plugins_1.1.14-2_amd64.deb
d793ce440066f847ee5d895128009aab 3706556 libs extra
libxine1-dbg_1.1.14-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIoyqTsBKtjPGfWZ8RAg01AJ4kJdHOARkA+UYTsT1vpeV+cRU5AwCfQe9T
i6FeAomzJDeFDbVrdM+ebwQ=
=lhE0
-----END PGP SIGNATURE-----
--- End Message ---
