Bug#646937: marked as done (CVE-2011-3625: Buffer overflow in SAMI parsing)

Debian Bug Tracking System Sat, 29 Oct 2011 01:51:24 -0700

Your message dated Sat, 29 Oct 2011 08:49:26 +0000
with message-id <[email protected]>
and subject line Bug#646937: fixed in mplayer2 2.0-134-g84d8671-9
has caused the Debian Bug report #646937,
regarding CVE-2011-3625: Buffer overflow in SAMI parsing
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
646937: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646937
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: mplayer2
Version: 2.0-134-g84d8671-8
Severity: grave
Tags: security
Justification: user security hole

Please see:
http://www.openwall.com/lists/oss-security/2011/10/14/1
http://labs.mwrinfosecurity.com/files/Advisories/mwri_mplayer-sami-subtitles_2011-08-12.pdf

Fix:
http://git.mplayer2.org/mplayer2/commit/?id=27b88a09c5319deb62221b8cd0ecc14cd1136e4a

Regards,

-- 
Mehdi


-- System Information:
Debian Release: 6.0.3
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 
'proposed-updates')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---

--- Begin Message ---

Source: mplayer2
Source-Version: 2.0-134-g84d8671-9

We believe that the bug you reported is fixed in the latest version of
mplayer2, which is due to be installed in the Debian FTP archive:

mplayer2-dbg_2.0-134-g84d8671-9_amd64.deb
  to main/m/mplayer2/mplayer2-dbg_2.0-134-g84d8671-9_amd64.deb
mplayer2_2.0-134-g84d8671-9.debian.tar.gz
  to main/m/mplayer2/mplayer2_2.0-134-g84d8671-9.debian.tar.gz
mplayer2_2.0-134-g84d8671-9.dsc
  to main/m/mplayer2/mplayer2_2.0-134-g84d8671-9.dsc
mplayer2_2.0-134-g84d8671-9_amd64.deb
  to main/m/mplayer2/mplayer2_2.0-134-g84d8671-9_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Reinhard Tartler <[email protected]> (supplier of updated mplayer2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 29 Oct 2011 10:38:32 +0200
Source: mplayer2
Binary: mplayer2 mplayer2-dbg
Architecture: source amd64
Version: 2.0-134-g84d8671-9
Distribution: unstable
Urgency: high
Maintainer: Reinhard Tartler <[email protected]>
Changed-By: Reinhard Tartler <[email protected]>
Description: 
 mplayer2   - next generation movie player for Unix-like systems
 mplayer2-dbg - Debugging symbols for mplayer2
Closes: 646937
Changes: 
 mplayer2 (2.0-134-g84d8671-9) unstable; urgency=high
 .
   * Bug Fix: "CVE-2011-3625: Buffer overflow in SAMI parsing"
     Thanks to Mehdi Dogguy <[email protected]> for reporting (Closes: #646937)
   * Bumped urgency for fixing security issue.
Checksums-Sha1: 
 879fb59a64a3708dea02ed09a13ecdbe38874a2c 2578 mplayer2_2.0-134-g84d8671-9.dsc
 05dbf81cf539d36f80b31976cc51df7de66aac61 9993 
mplayer2_2.0-134-g84d8671-9.debian.tar.gz
 460c3359246fec2652fb21905ce662efc0d6e801 1324968 
mplayer2_2.0-134-g84d8671-9_amd64.deb
 f0fdd17c60dd97cfca342435fd072a266e8d231e 10950110 
mplayer2-dbg_2.0-134-g84d8671-9_amd64.deb
Checksums-Sha256: 
 3b4fe03b0994e8a6a8cb052d16cf1f24b9ca9ff5c4240c7c10e33b6ae0935d49 2578 
mplayer2_2.0-134-g84d8671-9.dsc
 adf36a9971aaa17479e39d417e47feb3de9acffad6d3d7bb0a20a1837f87da8e 9993 
mplayer2_2.0-134-g84d8671-9.debian.tar.gz
 efe7b391713ed0a858465dabf3855f38988f64b56fa4ee09256450db40bcb6d2 1324968 
mplayer2_2.0-134-g84d8671-9_amd64.deb
 125ef0593b7ce1195129823a7148a92b8d14953b083eb46e22aef96a52e8ce64 10950110 
mplayer2-dbg_2.0-134-g84d8671-9_amd64.deb
Files: 
 3af2021ab20afa386945fd972fecc876 2578 video extra 
mplayer2_2.0-134-g84d8671-9.dsc
 45790a98d1ba934b484a32400af45b93 9993 video extra 
mplayer2_2.0-134-g84d8671-9.debian.tar.gz
 6220551f6e34c86235d338419843f8f9 1324968 video extra 
mplayer2_2.0-134-g84d8671-9_amd64.deb
 aaa6ab6975a89adf4dc8c19d171465c2 10950110 debug extra 
mplayer2-dbg_2.0-134-g84d8671-9_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Debian Powered!

iEYEARECAAYFAk6rvMwACgkQmAg1RJRTSKQ9NACfTBKrbSUDrvDsO9IqsgSy5MXf
AU0AnR6/LCZIwcw30eIVZhODdnM8qFQw
=Ur11
-----END PGP SIGNATURE-----

--- End Message ---

Bug#646937: marked as done (CVE-2011-3625: Buffer overflow in SAMI parsing)

Reply via email to