Bug#498243: xine-lib: multiple heap overflows
severity 498243 grave thanks On Sat, Oct 25, 2008 at 11:40:44PM -0400, David Moreno wrote: > tags 498243 + upstream > stop > > Issues 3A-3G haven't been addressed yet by Xine, not even in release > 1.1.15, tagging upstream. > > As Reinhard Tartler suggests, the severity can be downgraded now; the > remaining issues subjected "unexpected process termination and other > issues" are not considered to be grave-wise anymore since they are not > representing security holes exposing user data or data loss, but only > random different problems prone to unexpected crashes or segmentation > faults: 'important' severity. The ocert advisory states that code injection is possible for some of the issues in 3A-3G and Will knows what he's doing. Given that his report also has precise information, where the specific bugs are present, this should rather be patched than downgraded. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#498243: xine-lib: multiple heap overflows
tags 498243 + upstream severity 498243 important stop Issues 3A-3G haven't been addressed yet by Xine, not even in release 1.1.15, tagging upstream. As Reinhard Tartler suggests, the severity can be downgraded now; the remaining issues subjected "unexpected process termination and other issues" are not considered to be grave-wise anymore since they are not representing security holes exposing user data or data loss, but only random different problems prone to unexpected crashes or segmentation faults: 'important' severity. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#498243: xine-lib: multiple heap overflows
Darren Salt is a maintainer of both upstream xine-lib and the Debian package. It appears that he has applied all the upstream security fixes since 1.1.14 to the Debian package as well. That leaves issues 1B-1D to be checked and 3A-3G to be addressed. Ben. signature.asc Description: This is a digitally signed message part
Bug#498243: xine-lib: multiple heap overflows
Package: xine-lib Severity: grave Tags: security Justification: user security hole Hi, As you are probably aware oCERT released an advisory[0] about several issues they found in xine-lib. I am just wondering, how we are going to address the debian versions? Cheers Steffen [0]: http://www.ocert.org/advisories/ocert-2008-008.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]