Bug#503118: marked as done (vlc: CVE-2008-4686 integer overflow in ty parsing)

Wed, 22 Oct 2008 12:00:18 -0700 

Your message dated Wed, 22 Oct 2008 20:54:15 +0200
with message-id <[EMAIL PROTECTED]>
and subject line closing
has caused the Debian Bug report #503118,
regarding vlc: CVE-2008-4686 integer overflow in ty parsing
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
503118: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503118
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message --- 
Package: vlc-nox
Version: 0.8.6.h-4
Severity: grave
File: libty_plugin
Tags: security
Justification: user security hole


VLC versions 0.8.2 through 0.9.4 are prone to an exploitable
stack-based buffer overflow in the TY (TiVo) file parser.

See also http://www.videolan.org/security/sa0809.html

N.B.: please give me the CVE ID if you allocate one.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.27 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages vlc-nox depends on:
ii  liba52-0.7.4           0.7.4-11          library for decoding ATSC A/52 str
ii  libasound2             1.0.16-2          ALSA library
ii  libavahi-client3       0.6.23-2          Avahi client library
ii  libavahi-common3       0.6.23-2          Avahi common library
ii  libavc1394-0           0.5.3-1+b1        control IEEE 1394 audio/video devi
ii  libavcodec51           0.svn20080206-14  ffmpeg codec library
ii  libavformat52          0.svn20080206-14  ffmpeg file format library
ii  libavutil49            0.svn20080206-14  ffmpeg utility library
ii  libc6                  2.7-15            GNU C Library: Shared libraries
ii  libcdio7               0.78.2+dfsg1-3    library to read and control CD-ROM
ii  libdbus-1-3            1.2.1-3           simple interprocess messaging syst
ii  libdvbpsi4             0.1.5-3.1         library for MPEG TS and DVB PSI ta
ii  libdvdnav4             4.1.2-3           DVD navigation library
ii  libdvdread3            0.9.7-11          library for reading DVDs
ii  libebml0               0.7.7-3.1         access library for the EBML format
ii  libfaad0               2.6.1-3.1         freeware Advanced Audio Decoder - 
ii  libflac8               1.2.1-1.2         Free Lossless Audio Codec - runtim
ii  libfreetype6           2.3.7-2           FreeType 2 font engine, shared lib
ii  libfribidi0            0.10.9-1          Free Implementation of the Unicode
ii  libgcc1                1:4.3.2-1         GCC support library
ii  libgcrypt11            1.4.1-1           LGPL Crypto library - runtime libr
ii  libgnutls26            2.4.2-1           the GNU TLS library - runtime libr
ii  libhal1                0.5.11-5          Hardware Abstraction Layer - share
ii  libid3tag0             0.15.1b-10        ID3 tag reading library from the M
ii  libiso9660-5           0.78.2+dfsg1-3    library to work with ISO9660 files
ii  liblircclient0         0.8.3-3           infra-red remote control support -
ii  libmad0                0.15.1b-3         MPEG audio decoder library
ii  libmatroska0           0.8.1-1.1         extensible open standard audio/vid
ii  libmodplug0c2          1:0.8.4-2         shared libraries for mod music bas
ii  libmpcdec3             1.2.2-1           Musepack (MPC) format library
ii  libmpeg2-4             0.4.1-3           MPEG1 and MPEG2 video decoder libr
ii  libncurses5            5.6+20081011-1    shared libraries for terminal hand
ii  libogg0                1.1.3-4           Ogg Bitstream Library
ii  libpng12-0             1.2.27-2          PNG library - runtime
ii  libpostproc51          0.svn20080206-14  ffmpeg video postprocessing librar
ii  libraw1394-8           1.3.0-4           library for direct access to IEEE 
ii  libsmbclient           2:3.2.3-3         shared library that allows applica
ii  libspeex1              1.2~rc1-1         The Speex codec runtime library
ii  libstdc++6             4.3.2-1           The GNU Standard C++ Library v3
ii  libsysfs2              2.1.0-5           interface library to sysfs
ii  libtheora0             1.0~beta3-1       The Theora Video Compression Codec
ii  libtwolame0            0.3.12-1          MPEG Audio Layer 2 encoding librar
ii  libvcdinfo0            0.7.23-4          library to extract information fro
ii  libvlc0                0.8.6.h-4         multimedia player and streamer lib
ii  libvorbis0a            1.2.0.dfsg-3.1    The Vorbis General Audio Compressi
ii  libvorbisenc2          1.2.0.dfsg-3.1    The Vorbis General Audio Compressi
ii  libxml2                2.6.32.dfsg-4     GNOME XML library
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

vlc-nox recommends no packages.

vlc-nox suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Version: 0.9.4-2

Sorry I didn't see you included the second patch as well as 
it wasn't mentioned in the changelog.

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpMNkMS99MSK.pgp
Description: PGP signature


--- End Message ---

Reply via email to