Bug#480370: marked as done (mozilla-plugin-vlc: CVE-2007-6683 is not fixed at all)
Your message dated Sat, 17 May 2008 12:47:15 + with message-id [EMAIL PROTECTED] and subject line Bug#480370: fixed in vlc 0.8.6.c-6+lenny5 has caused the Debian Bug report #480370, regarding mozilla-plugin-vlc: CVE-2007-6683 is not fixed at all to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 480370: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480370 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: mozilla-plugin-vlc Version: 0.8.6.e-2.1 Severity: grave Tags: security patch Justification: user security hole The vlc binary package part of CVE-2007-6683 has been fixed as per #458318. However, the issue affecting the mozilla plugin as noted here: http://mailman.videolan.org/pipermail/vlc-devel/2007-December/037726.html seems to still be wide open. Upstream patch is here, but note that this will partially disable existing functionality: http://git.videolan.org/?p=vlc.git;a=commit;h=b426b192c7712eaa08c5f55d08ef648226d6d421 As far as I know affects both Etch and Lenny. Regards, -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (100, 'unstable'), (100, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.25 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages mozilla-plugin-vlc depends on: ii libc6 2.7-10 GNU C Library: Shared libraries ii libgcc1 1:4.3.0-4GCC support library ii libice6 2:1.0.4-1X11 Inter-Client Exchange library ii libsm6 2:1.0.3-1+b1 X11 Session Management library ii libstdc++6 4.3.0-4 The GNU Standard C++ Library v3 ii libvlc0 0.8.6.e-2.1 multimedia player and streamer lib ii libx11-62:1.0.3-7X11 client-side library ii libxt6 1:1.0.5-3X11 toolkit intrinsics library ii vlc 0.8.6.e-2.1 multimedia player and streamer ii vlc-nox 0.8.6.e-2.1 multimedia player and streamer (wi mozilla-plugin-vlc recommends no packages. -- no debconf information ---End Message--- ---BeginMessage--- Source: vlc Source-Version: 0.8.6.c-6+lenny5 We believe that the bug you reported is fixed in the latest version of vlc, which is due to be installed in the Debian FTP archive: libvlc0-dev_0.8.6.c-6+lenny5_amd64.deb to pool/main/v/vlc/libvlc0-dev_0.8.6.c-6+lenny5_amd64.deb libvlc0_0.8.6.c-6+lenny5_amd64.deb to pool/main/v/vlc/libvlc0_0.8.6.c-6+lenny5_amd64.deb mozilla-plugin-vlc_0.8.6.c-6+lenny5_amd64.deb to pool/main/v/vlc/mozilla-plugin-vlc_0.8.6.c-6+lenny5_amd64.deb vlc-nox_0.8.6.c-6+lenny5_amd64.deb to pool/main/v/vlc/vlc-nox_0.8.6.c-6+lenny5_amd64.deb vlc-plugin-alsa_0.8.6.c-6+lenny5_all.deb to pool/main/v/vlc/vlc-plugin-alsa_0.8.6.c-6+lenny5_all.deb vlc-plugin-arts_0.8.6.c-6+lenny5_amd64.deb to pool/main/v/vlc/vlc-plugin-arts_0.8.6.c-6+lenny5_amd64.deb vlc-plugin-esd_0.8.6.c-6+lenny5_amd64.deb to pool/main/v/vlc/vlc-plugin-esd_0.8.6.c-6+lenny5_amd64.deb vlc-plugin-ggi_0.8.6.c-6+lenny5_amd64.deb to pool/main/v/vlc/vlc-plugin-ggi_0.8.6.c-6+lenny5_amd64.deb vlc-plugin-jack_0.8.6.c-6+lenny5_amd64.deb to pool/main/v/vlc/vlc-plugin-jack_0.8.6.c-6+lenny5_amd64.deb vlc-plugin-sdl_0.8.6.c-6+lenny5_amd64.deb to pool/main/v/vlc/vlc-plugin-sdl_0.8.6.c-6+lenny5_amd64.deb vlc-plugin-svgalib_0.8.6.c-6+lenny5_amd64.deb to pool/main/v/vlc/vlc-plugin-svgalib_0.8.6.c-6+lenny5_amd64.deb vlc_0.8.6.c-6+lenny5.diff.gz to pool/main/v/vlc/vlc_0.8.6.c-6+lenny5.diff.gz vlc_0.8.6.c-6+lenny5.dsc to pool/main/v/vlc/vlc_0.8.6.c-6+lenny5.dsc vlc_0.8.6.c-6+lenny5_amd64.deb to pool/main/v/vlc/vlc_0.8.6.c-6+lenny5_amd64.deb wxvlc_0.8.6.c-6+lenny5_all.deb to pool/main/v/vlc/wxvlc_0.8.6.c-6+lenny5_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nico Golde [EMAIL PROTECTED] (supplier of updated vlc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Fri, 16 May 2008 17:45:15 +0200 Source: vlc Binary: vlc vlc-nox libvlc0 libvlc0-dev
Bug#480370: marked as done (mozilla-plugin-vlc: CVE-2007-6683 is not fixed at all)
Your message dated Fri, 16 May 2008 15:47:18 + with message-id [EMAIL PROTECTED] and subject line Bug#480370: fixed in vlc 0.8.6.e-2.2 has caused the Debian Bug report #480370, regarding mozilla-plugin-vlc: CVE-2007-6683 is not fixed at all to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 480370: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480370 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: mozilla-plugin-vlc Version: 0.8.6.e-2.1 Severity: grave Tags: security patch Justification: user security hole The vlc binary package part of CVE-2007-6683 has been fixed as per #458318. However, the issue affecting the mozilla plugin as noted here: http://mailman.videolan.org/pipermail/vlc-devel/2007-December/037726.html seems to still be wide open. Upstream patch is here, but note that this will partially disable existing functionality: http://git.videolan.org/?p=vlc.git;a=commit;h=b426b192c7712eaa08c5f55d08ef648226d6d421 As far as I know affects both Etch and Lenny. Regards, -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (100, 'unstable'), (100, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.25 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages mozilla-plugin-vlc depends on: ii libc6 2.7-10 GNU C Library: Shared libraries ii libgcc1 1:4.3.0-4GCC support library ii libice6 2:1.0.4-1X11 Inter-Client Exchange library ii libsm6 2:1.0.3-1+b1 X11 Session Management library ii libstdc++6 4.3.0-4 The GNU Standard C++ Library v3 ii libvlc0 0.8.6.e-2.1 multimedia player and streamer lib ii libx11-62:1.0.3-7X11 client-side library ii libxt6 1:1.0.5-3X11 toolkit intrinsics library ii vlc 0.8.6.e-2.1 multimedia player and streamer ii vlc-nox 0.8.6.e-2.1 multimedia player and streamer (wi mozilla-plugin-vlc recommends no packages. -- no debconf information ---End Message--- ---BeginMessage--- Source: vlc Source-Version: 0.8.6.e-2.2 We believe that the bug you reported is fixed in the latest version of vlc, which is due to be installed in the Debian FTP archive: libvlc0-dev_0.8.6.e-2.2_amd64.deb to pool/main/v/vlc/libvlc0-dev_0.8.6.e-2.2_amd64.deb libvlc0_0.8.6.e-2.2_amd64.deb to pool/main/v/vlc/libvlc0_0.8.6.e-2.2_amd64.deb mozilla-plugin-vlc_0.8.6.e-2.2_amd64.deb to pool/main/v/vlc/mozilla-plugin-vlc_0.8.6.e-2.2_amd64.deb vlc-nox_0.8.6.e-2.2_amd64.deb to pool/main/v/vlc/vlc-nox_0.8.6.e-2.2_amd64.deb vlc-plugin-alsa_0.8.6.e-2.2_all.deb to pool/main/v/vlc/vlc-plugin-alsa_0.8.6.e-2.2_all.deb vlc-plugin-arts_0.8.6.e-2.2_amd64.deb to pool/main/v/vlc/vlc-plugin-arts_0.8.6.e-2.2_amd64.deb vlc-plugin-esd_0.8.6.e-2.2_amd64.deb to pool/main/v/vlc/vlc-plugin-esd_0.8.6.e-2.2_amd64.deb vlc-plugin-ggi_0.8.6.e-2.2_amd64.deb to pool/main/v/vlc/vlc-plugin-ggi_0.8.6.e-2.2_amd64.deb vlc-plugin-jack_0.8.6.e-2.2_amd64.deb to pool/main/v/vlc/vlc-plugin-jack_0.8.6.e-2.2_amd64.deb vlc-plugin-sdl_0.8.6.e-2.2_amd64.deb to pool/main/v/vlc/vlc-plugin-sdl_0.8.6.e-2.2_amd64.deb vlc-plugin-svgalib_0.8.6.e-2.2_amd64.deb to pool/main/v/vlc/vlc-plugin-svgalib_0.8.6.e-2.2_amd64.deb vlc_0.8.6.e-2.2.diff.gz to pool/main/v/vlc/vlc_0.8.6.e-2.2.diff.gz vlc_0.8.6.e-2.2.dsc to pool/main/v/vlc/vlc_0.8.6.e-2.2.dsc vlc_0.8.6.e-2.2_amd64.deb to pool/main/v/vlc/vlc_0.8.6.e-2.2_amd64.deb wxvlc_0.8.6.e-2.2_all.deb to pool/main/v/vlc/wxvlc_0.8.6.e-2.2_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nico Golde [EMAIL PROTECTED] (supplier of updated vlc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Fri, 16 May 2008 16:18:04 +0200 Source: vlc Binary: vlc vlc-nox libvlc0 libvlc0-dev vlc-plugin-esd vlc-plugin-alsa vlc-plugin-sdl vlc-plugin-ggi vlc-plugin-glide vlc-plugin-arts mozilla-plugin-vlc vlc-plugin-svgalib wxvlc vlc-plugin-jack Architecture: