Bug#407369: [xine-devel] [SALVETTI Djoume] Bug#407369: xine-ui: [CVE-2007-0254] Format string vulnerability bogus?
Diego 'Flameeyes' Pettenò wrote: On Thursday 18 January 2007, Reinhard Tartler wrote: Could you have a look at it and tell me if you think there is a vulnerability? Yes there's one and it's not isolated, there are a few others too, but as Matthias said, they are all fixed in CVS. 0.99.4 release was very very unsafe when it came to format strings; CVS version is fine, but it has a nasty bug (double click on the video window does not fullscreen.. it crashes down. This crash has been fixed in xitk/xine-toolkit/xitk.c r1.152 and reviewed in r1.157. Cheers, Hans-Dieter
Bug#407369: [xine-devel] [SALVETTI Djoume] Bug#407369: xine-ui: [CVE-2007-0254] Format string vulnerability bogus?
On Jan 18, 07 09:18:46 +0100, Reinhard Tartler wrote: I just got the following bugreport on xine-ui. Could you have a look at it and tell me if you think there is a vulnerability? In this case, I'd have to update the xine-ui package despite debian's freeze. To be sure, I wanted to check with you. Here we go: This is already fixed in CVS. | Format string vulnerability in the errors_create_window function in | errors.c in xine-ui allows attackers to execute arbitrary code via | unknown vectors. I take a look at the errors_create_window function in errors.c, the vulnerable code seems to be on line 67 : | xw = xitk_window_dialog_two_buttons_with_width(gGui-imlib_data, title, | _(Done), _(More...), | NULL, _errors_display_log, | NULL, 400, ALIGN_CENTER, | %s, message); This used to be NULL, 400, ALIGN_CENTER, message); (%s, missing), which was indeed vulnerable. Thanks Matthias -- Matthias Hopf [EMAIL PROTECTED] ____ __ Maxfeldstr. 5 / 90409 Nuernberg (_ | | (_ |__ [EMAIL PROTECTED] Phone +49-911-74053-715 __) |_| __) |__ R D www.mshopf.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#407369: [xine-devel] [SALVETTI Djoume] Bug#407369: xine-ui: [CVE-2007-0254] Format string vulnerability bogus?
On Thursday 18 January 2007, Reinhard Tartler wrote: Could you have a look at it and tell me if you think there is a vulnerability? Yes there's one and it's not isolated, there are a few others too, but as Matthias said, they are all fixed in CVS. 0.99.4 release was very very unsafe when it came to format strings; CVS version is fine, but it has a nasty bug (double click on the video window does not fullscreen.. it crashes down. -- Diego Flameeyes Pettenò - http://farragut.flameeyes.is-a-geek.org/ Gentoo/Alt lead, Gentoo/FreeBSD, Video, Sound, ALSA, PAM, KDE, CJK, Ruby ... pgpmtDny6AOiB.pgp Description: PGP signature
Bug#407369: [xine-devel] [SALVETTI Djoume] Bug#407369: xine-ui: [CVE-2007-0254] Format string vulnerability bogus?
Diego 'Flameeyes' Pettenò [EMAIL PROTECTED] writes: On Thursday 18 January 2007, Reinhard Tartler wrote: Could you have a look at it and tell me if you think there is a vulnerability? Yes there's one and it's not isolated, there are a few others too, but as Matthias said, they are all fixed in CVS. 0.99.4 release was very very unsafe when it came to format strings; CVS version is fine, but it has a nasty bug (double click on the video window does not fullscreen.. it crashes down. Debian currently ships an CVS snapshot of November 11 2006, not a plain 0.99.4. There wasn't any later release, so I decided to have an snapshot uploaded. I'll check the logs for further supicous (read: security related) commits later today. Thanks for your comment! -- Gruesse/greetings, Reinhard Tartler, KeyID 945348A4 pgp3w7maRon9O.pgp Description: PGP signature
