[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
Launchpad has imported 18 comments from the remote bug at https://bugs.gentoo.org/show_bug.cgi?id=217715. If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. On 2008-04-14T20:01:33+00:00 rbu wrote: xiph's (lib)speex 1.2 beta 3.2 has been tagged that fixes CVE-2008-1686 directly in the the speex_header_to_packet() function which applications use. Sanitations inside applications are therefore unnecessary. Patch: https://trac.xiph.org/changeset/14701 Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/11 On 2008-04-15T09:35:05+00:00 ssuominen wrote: And we have it in Portage now, *speex-1.2_beta3_p2 (15 Apr 2008) 15 Apr 2008; Samuli Suominen -speex-1.1.7.ebuild, +speex-1.2_beta3_p2.ebuild: Version bump. Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/13 On 2008-04-15T10:38:43+00:00 rbu wrote: Arch Security Liaisons, please test and mark stable: =media-libs/speex-1.2_beta3_p2 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sh sparc x86" CC'ing current Liaisons: alpha : ferdy amd64 : welp hppa : jer ppc : dertobi123 ppc64 : corsair release : pva sparc : fmccor x86 : opfer Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/14 On 2008-04-15T13:17:57+00:00 armin76 wrote: Adding Tobias for alpha Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/15 On 2008-04-15T13:46:01+00:00 fmccor wrote: Sparc stable (tested with {.wav}). Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/16 On 2008-04-15T16:17:10+00:00 corsair wrote: ppc64 stable Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/18 On 2008-04-15T16:51:29+00:00 ssuominen wrote: amd64 stable, tested by playing with ogg123 (vorbis-tools using USE speex) and converting .spx to .wav and back to .spx using speexdec and speexenc also tested by an AT (VQuickSilver, Freenode), thanks to him Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/19 On 2008-04-15T20:00:45+00:00 klausman wrote: Stable for alpha. Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/21 On 2008-04-15T21:53:19+00:00 rbu wrote: *** Bug 217820 has been marked as a duplicate of this bug. *** Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/22 On 2008-04-16T19:08:12+00:00 dertobi123 wrote: ppc stable Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/23 On 2008-04-17T01:04:10+00:00 maekke wrote: x86 stable Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/24 On 2008-04-17T09:42:39+00:00 vorlon wrote: now public via http://www.ocert.org/advisories/ocert-2008-004.html Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/29 On 2008-04-17T09:59:20+00:00 vorlon wrote: removing arch security liaisons, adding missing arches, adding sound herd hope I didn't forget to remove/add anyone glsa request filed Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/30 On 2008-04-17T10:02:30+00:00 vorlon wrote: really removing this time Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/31 On 2008-04-17T10:18:10+00:00 armin76 wrote: ia64 stable Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/32 On 2008-04-17T10:53:48+00:00 klausman wrote: Removing myself since I stood in for ferdy as sec liaison for Alpha. Reply at:
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
Launchpad has imported 17 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=441239. If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. On 2008-04-07T11:41:09+00:00 Tomas wrote: Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1686 to the following vulnerability: Quoting oCert advisory: The libfishsound decoder library incorrectly implements the reference speex decoder from the Speex library, performing insufficient boundary checks on a header structure read from user input. A user controlled field in the header structure is used to build a function pointer. The libfishsound implementation does not check for negative values for the field, allowing the function pointer to be pointed at an arbitary position in memory. This allows remote code execution. Affected version: <= 0.9.0 Fixed version: 0.9.1 Upstream patch in trunk: http://trac.annodex.net/changeset/3536 References: http://www.ocert.org/advisories/ocert-2008-2.html http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/0 On 2008-04-07T12:48:20+00:00 Tomas wrote: oCert-2008-2 was updated to list speex as affected as well: Additional affected packages: Speex <= 1.1.6, the reference implementation from which libfishsound is derived. Current Fedora speex packages are not affected by this problem. Affected speex packages are shipped in Red Hat Enterprise Linux 4 and 5. Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/1 On 2008-04-07T12:55:52+00:00 Tomas wrote: For speex, fix first occurred in 1.2.0beta1. Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/2 On 2008-04-07T17:51:19+00:00 Tomas wrote: Some more info in Contrad Parker's blog: http://blog.kfish.org/2008/04/release-libfishsound-091.html Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/3 On 2008-04-11T11:24:34+00:00 Tomas wrote: So far, same issue was identified in following other projects: - gstreamer-plugins-good-0.10.6 - vorbis-tools-1.1.1 (ogg123) - sweep-0.9.2 - xine-lib-1.1.11.1 - vlc-0.8.6f (not shipped in Fedora or Red Hat Enterprise Linux) - SDL_sound-1.0.1 Fedora packages seems unaffected, as they do not seem to be linked against libspeex despite --enable-speex and speex-devel BuildRequires Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/4 On 2008-04-11T11:25:53+00:00 Tomas wrote: So far, fixed upstream in: - gstreamer-plugins-good http://webcvs.freedesktop.org/gstreamer/gst-plugins-good/ext/speex/gstspeexdec.c?r1=1.40=1.41 - sweep http://trac.metadecks.org/changeset/554 Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/5 On 2008-04-12T17:11:09+00:00 Tomas wrote: Speex upstream added check in speex_packet_to_header(), so that can address this problem for all affected apps, that use speex_packet_to_header and check its return value (all applications seem to do that correctly). For caller of speex_packet_to_header that does not check return value, it will reduce problem to a crash caused by NULL pointer dereference. Patch applied to speex_packet_to_header(): $ svn diff -c 14701 http://svn.xiph.org/trunk/speex/libspeex/ Index: speex_header.c === --- speex_header.c (revision 14700) +++ speex_header.c (revision 14701) @@ -178,6 +178,13 @@ ENDIAN_SWITCH(le_header->frames_per_packet); ENDIAN_SWITCH(le_header->extra_headers); + if (le_header->mode >= SPEEX_NB_MODES || le_header->mode < 0) + { + speex_notify("Invalid mode specified in Speex header"); + speex_free (le_header); + return NULL; + } + if (le_header->nb_channels>2) le_header->nb_channels = 2; if (le_header->nb_channels<1) $ svn log -r 14701 http://svn.xiph.org/trunk/speex/libspeex/ r14701 | jm | 2008-04-11 05:48:46 +0200 (Fri, 11 Apr 2008) | 5 lines Patch by kfish that checks for headers with invalid mode numbers. Technically, it should have been the application's responsability, but many didn't, so we ended up with security issues. Considering that
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: xine-lib Importance: Unknown = High -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in Ubuntu. https://bugs.launchpad.net/bugs/218652 Title: CVE-2008-1686: Multiple speex implementations insufficient boundary checks To manage notifications about this bug go to: https://bugs.launchpad.net/vorbis-tools/+bug/218652/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: speex (Gentoo Linux) Importance: Unknown = Medium -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. https://bugs.launchpad.net/bugs/218652 Title: CVE-2008-1686: Multiple speex implementations insufficient boundary checks -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
This bug was fixed in the package libfishsound - 0.7.0-2.1ubuntu0.1 --- libfishsound (0.7.0-2.1ubuntu0.1) hardy-security; urgency=low [ Brian Thomason ] * SECURITY UPDATE: uncontrolled array index (LP: #218652) - src/libfishsound/speex.c - Added check for negative offset. Based on Debian patch. - CVE-2008-1686 [ Jamie Strandboge ] * debian/control: adjust section from 'unknown' to 'sound' -- Brian Thomason brian.thoma...@canonical.com Tue, 29 Jun 2010 16:24:03 -0400 ** Changed in: libfishsound (Ubuntu Hardy) Status: Fix Committed = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Branch linked: lp:ubuntu/hardy-security/libfishsound -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
Desktop support has end for Dapper. ** Changed in: vlc (Ubuntu Dapper) Status: Confirmed = Won't Fix ** Changed in: libannodex (Ubuntu Dapper) Status: Confirmed = Won't Fix ** Changed in: libfishsound (Ubuntu Dapper) Status: Confirmed = Won't Fix ** Changed in: libsdl-sound1.2 (Ubuntu Dapper) Status: Confirmed = Won't Fix ** Changed in: sweep (Ubuntu Dapper) Status: Confirmed = Won't Fix -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
ACK libfishsound for hardy. ** Tags removed: patch ** Changed in: libfishsound (Ubuntu Hardy) Status: Confirmed = Fix Committed -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
This patch provides the fix from Debian for libfishsound in Hardy. ** Patch added: libfishsound speex patch for hardy http://launchpadlibrarian.net/51133711/libfishsound_0.7.0-2.1ubuntu0.1.debdiff -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Tags added: patch -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Branch linked: lp:ubuntu/dapper-security/gst-plugins-good0.10 ** Branch linked: lp:ubuntu/feisty-security/gst-plugins-good0.10 ** Branch linked: lp:ubuntu/gutsy-security/gst-plugins-good0.10 ** Branch linked: lp:ubuntu/hardy-updates/gst-plugins-good0.10 -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Branch linked: lp:ubuntu/karmic/xine-lib -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Branch linked: lp:~ubuntu-branches/ubuntu/dapper/vorbis-tools/dapper- security ** Branch linked: lp:~ubuntu-branches/ubuntu/feisty/vorbis-tools/feisty- security ** Branch linked: lp:~ubuntu-branches/ubuntu/gutsy/vorbis-tools/gutsy- security ** Branch linked: lp:~ubuntu-branches/ubuntu/hardy/vorbis-tools/hardy- security -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Branch linked: lp:~ubuntu-branches/ubuntu/dapper/speex/dapper- security ** Branch linked: lp:ubuntu/feisty-updates/speex ** Branch linked: lp:~ubuntu-branches/ubuntu/hardy/speex/hardy-security ** Branch linked: lp:~ubuntu-branches/ubuntu/gutsy/speex/gutsy-security -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
The 18 month support period for Gutsy Gibbon 7.10 has reached its end of life - http://www.ubuntu.com/news/ubuntu-7.10-eol . As a result, we are closing the Gutsy task. ** Changed in: libannodex (Ubuntu Gutsy) Status: Confirmed = Won't Fix ** Changed in: libfishsound (Ubuntu Gutsy) Status: Confirmed = Won't Fix ** Changed in: libsdl-sound1.2 (Ubuntu Gutsy) Status: Confirmed = Won't Fix ** Changed in: sweep (Ubuntu Gutsy) Status: Confirmed = Won't Fix ** Changed in: vlc (Ubuntu Gutsy) Status: Confirmed = Won't Fix ** Changed in: xmms-speex (Ubuntu Gutsy) Status: Confirmed = Won't Fix -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: xmms-speex (Ubuntu Gutsy) Status: New = Confirmed ** Changed in: libannodex (Ubuntu Dapper) Status: New = Confirmed ** Changed in: libannodex (Ubuntu Gutsy) Status: New = Confirmed ** Changed in: libannodex (Ubuntu Hardy) Status: New = Confirmed ** Changed in: libfishsound (Ubuntu Dapper) Status: New = Confirmed ** Changed in: libfishsound (Ubuntu Gutsy) Status: New = Confirmed ** Changed in: libfishsound (Ubuntu Hardy) Status: New = Confirmed ** Changed in: libsdl-sound1.2 (Ubuntu Dapper) Status: New = Confirmed ** Changed in: libsdl-sound1.2 (Ubuntu Gutsy) Status: New = Confirmed ** Changed in: libsdl-sound1.2 (Ubuntu Hardy) Status: New = Confirmed ** Changed in: sweep (Ubuntu Dapper) Status: New = Confirmed ** Changed in: sweep (Ubuntu Gutsy) Status: New = Confirmed ** Changed in: sweep (Ubuntu Hardy) Status: New = Confirmed ** Changed in: vlc (Ubuntu Dapper) Status: New = Confirmed ** Changed in: vlc (Ubuntu Gutsy) Status: New = Confirmed -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: libannodex (Ubuntu) Status: New = Confirmed ** Changed in: libfishsound (Ubuntu) Status: New = Confirmed ** Changed in: libsdl-sound1.2 (Ubuntu) Status: New = Confirmed ** Changed in: sweep (Ubuntu) Status: New = Confirmed -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
Ubuntu Feisty Fawn is no longer supported, so a SRU will not be issued for this release. Marking Feisty as Won't Fix. ** Changed in: libannodex (Ubuntu Feisty) Status: New = Won't Fix ** Changed in: libfishsound (Ubuntu Feisty) Status: New = Won't Fix ** Changed in: libsdl-sound1.2 (Ubuntu Feisty) Status: New = Won't Fix ** Changed in: sweep (Ubuntu Feisty) Status: New = Won't Fix ** Changed in: vlc (Ubuntu Feisty) Status: New = Won't Fix ** Changed in: xmms-speex (Ubuntu Feisty) Status: New = Won't Fix -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: vlc (Ubuntu Hardy) Status: In Progress = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: xine-lib (Ubuntu Dapper) Status: In Progress = Fix Released ** Changed in: xine-lib (Ubuntu Feisty) Status: In Progress = Fix Released ** Changed in: xine-lib (Ubuntu Gutsy) Status: In Progress = Fix Released ** Changed in: xine-lib (Ubuntu Hardy) Status: In Progress = Fix Released ** Changed in: gst-plugins-good0.10 (Ubuntu Dapper) Status: Fix Committed = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
Debian fixed this in 1.2.0-2, and Intrepid now has 1.2.0-5 ** Changed in: vorbis-tools (Ubuntu) Status: Confirmed = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
My last comment was for vorbis-tools. -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
This bug was fixed in the package xine-lib - 1.1.14-1ubuntu1 --- xine-lib (1.1.14-1ubuntu1) intrepid; urgency=low * merge from debian unstable. Remaining changes: - disable the jack plugin in libxine1-bin to make dapper-hardy upgrades work (LP #203605) - Modify Maintainer value to match the DebianMaintainerField specification. * New upstream fixes: - playback of MJPEG files LP: #93076 - CVE-2008-1878 LP: #235904 - CVE-2008-1686 LP: #218652 * remove Replaces: libxine-main1 ( 1.1.2+repacked1-0ubuntu1). We don't support upgrades from dapper/feisty anymore. xine-lib (1.1.14-1) unstable; urgency=low * The beat the freeze release. * New upstream release. - All patches in 1.1.12-2 are present upstream. - MIME types added. (Closes: #472869) * Build-depend on libmagick9-dev | libmagick-dev | libmagickwand-dev. * Build-depend on ghostscript | gs | gs-gpl. -- Reinhard Tartler [EMAIL PROTECTED] Tue, 08 Jul 2008 22:35:48 +0200 ** Changed in: xine-lib (Ubuntu) Status: Fix Committed = Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1878 -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: vlc (Ubuntu) Assignee: (unassigned) = William Grant (wgrant) Status: New = Fix Released ** Changed in: vlc (Ubuntu Hardy) Assignee: (unassigned) = William Grant (wgrant) Status: New = In Progress -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
new upstream (1.1.14) fixing this issue is prepared. ** Changed in: xine-lib (Ubuntu) Assignee: (unassigned) = Reinhard Tartler (siretart) Status: New = Fix Committed -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
VLC patch at http://trac.videolan.org/vlc/changeset/c1c81073e661f7d80197711ab11753e1e170b44c. -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: speex (Fedora) Status: In Progress = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
http://www.ubuntu.com/usn/usn-611-1 ** Changed in: speex (Ubuntu Dapper) Status: Fix Committed = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
http://www.ubuntu.com/usn/usn-611-2 ** Changed in: vorbis-tools (Ubuntu Dapper) Status: Fix Committed = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: speex (Fedora) Status: Fix Released = In Progress -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: speex (Fedora) Status: In Progress = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Bug watch added: Gentoo Bugzilla #217715 http://bugs.gentoo.org/show_bug.cgi?id=217715 ** Also affects: speex (Gentoo Linux) via http://bugs.gentoo.org/show_bug.cgi?id=217715 Importance: Unknown Status: Unknown ** Bug watch added: Red Hat Bugzilla #441239 https://bugzilla.redhat.com/show_bug.cgi?id=441239 ** Also affects: speex (Fedora) via https://bugzilla.redhat.com/show_bug.cgi?id=441239 Importance: Unknown Status: Unknown ** Bug watch added: Xiph.org Trac #1347 http://trac.xiph.org/ticket/1347 ** Also affects: vorbis-tools via http://trac.xiph.org/ticket/1347 Importance: Unknown Status: Unknown -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: speex (Gentoo Linux) Status: Unknown = Fix Released ** Changed in: speex (Fedora) Status: Unknown = In Progress ** Changed in: vorbis-tools Status: Unknown = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Bug watch added: Xine Bugzilla #83 http://bugs.xine-project.org/show_bug.cgi?id=83 ** Also affects: xine-lib via http://bugs.xine-project.org/show_bug.cgi?id=83 Importance: Unknown Status: Unknown -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: xine-lib Status: Unknown = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
This bug was fixed in the package speex - 1.1.12-3ubuntu0.8.04.1 --- speex (1.1.12-3ubuntu0.8.04.1) hardy-security; urgency=low * SECURITY UPDATE: array index vulnerability (LP: #218652) * fix for libspeex/speex_header.c to properly validate its input * References CVE-2008-1686 -- Jamie Strandboge [EMAIL PROTECTED] Wed, 07 May 2008 13:40:18 -0400 ** Changed in: speex (Ubuntu Hardy) Status: Fix Committed = Fix Released ** Changed in: speex (Ubuntu Gutsy) Status: Fix Committed = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
This bug was fixed in the package speex - 1.1.12-3ubuntu0.7.10.1 --- speex (1.1.12-3ubuntu0.7.10.1) gutsy-security; urgency=low * SECURITY UPDATE: array index vulnerability (LP: #218652) * fix for libspeex/speex_header.c to properly validate its input * References CVE-2008-1686 -- Jamie Strandboge [EMAIL PROTECTED] Wed, 07 May 2008 13:42:28 -0400 ** Changed in: speex (Ubuntu Feisty) Status: Fix Committed = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
This bug was fixed in the package speex - 1.1.12-3ubuntu0.7.04.1 --- speex (1.1.12-3ubuntu0.7.04.1) feisty-security; urgency=low * SECURITY UPDATE: array index vulnerability (LP: #218652) * fix for libspeex/speex_header.c to properly validate its input * References CVE-2008-1686 -- Jamie Strandboge [EMAIL PROTECTED] Wed, 07 May 2008 13:43:25 -0400 -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
This bug was fixed in the package vorbis-tools - 1.1.1-15ubuntu0.1 --- vorbis-tools (1.1.1-15ubuntu0.1) hardy-security; urgency=low * SECURITY UPDATE: array index vulnerability (LP: #218652) * debian/patches/SECURITY_CVE-2008-1686.diff: fix for ogg123/speex_format.c to properly validate its input * References CVE-2008-1686 -- Jamie Strandboge [EMAIL PROTECTED] Wed, 07 May 2008 13:53:17 -0400 ** Changed in: vorbis-tools (Ubuntu Hardy) Status: Fix Committed = Fix Released ** Changed in: vorbis-tools (Ubuntu Gutsy) Status: Fix Committed = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
This bug was fixed in the package vorbis-tools - 1.1.1-13ubuntu0.1 --- vorbis-tools (1.1.1-13ubuntu0.1) gutsy-security; urgency=low * SECURITY UPDATE: array index vulnerability (LP: #218652) * debian/patches/SECURITY_CVE-2008-1686.diff: fix for ogg123/speex_format.c to properly validate its input * References CVE-2008-1686 -- Jamie Strandboge [EMAIL PROTECTED] Wed, 07 May 2008 13:57:07 -0400 ** Changed in: vorbis-tools (Ubuntu Feisty) Status: Fix Committed = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
This bug was fixed in the package vorbis-tools - 1.1.1-6ubuntu0.1 --- vorbis-tools (1.1.1-6ubuntu0.1) feisty-security; urgency=low * SECURITY UPDATE: array index vulnerability (LP: #218652) * debian/patches/SECURITY_CVE-2008-1686.diff: fix for ogg123/speex_format.c to properly validate its input * References CVE-2008-1686 -- Jamie Strandboge [EMAIL PROTECTED] Wed, 07 May 2008 13:58:41 -0400 -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
This bug was fixed in the package gst-plugins-good0.10 - 0.10.7-3ubuntu0.1 --- gst-plugins-good0.10 (0.10.7-3ubuntu0.1) hardy-security; urgency=low * SECURITY UPDATE: array index vulnerability (LP: #218652) * debian/patches/99_SECURITY_CVE-2008-1686.patch: fix for ext/speex/gstspeexdec.c to properly validate its input * References CVE-2008-1686 -- Jamie Strandboge [EMAIL PROTECTED] Wed, 07 May 2008 13:09:52 -0400 ** Changed in: gst-plugins-good0.10 (Ubuntu Hardy) Status: Fix Committed = Fix Released ** Changed in: gst-plugins-good0.10 (Ubuntu Gutsy) Status: Fix Committed = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
This bug was fixed in the package gst-plugins-good0.10 - 0.10.6-0ubuntu4.1 --- gst-plugins-good0.10 (0.10.6-0ubuntu4.1) gutsy-security; urgency=low * SECURITY UPDATE: array index vulnerability (LP: #218652) * debian/patches/04_SECURITY_CVE-2008-1686.patch: fix for ext/speex/gstspeexdec.c to properly validate its input * References CVE-2008-1686 -- Jamie Strandboge [EMAIL PROTECTED] Wed, 07 May 2008 13:14:21 -0400 ** Changed in: gst-plugins-good0.10 (Ubuntu Feisty) Status: Fix Committed = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
This bug was fixed in the package gst-plugins-good0.10 - 0.10.5-1ubuntu2.1 --- gst-plugins-good0.10 (0.10.5-1ubuntu2.1) feisty-security; urgency=low * SECURITY UPDATE: array index vulnerability (LP: #218652) * debian/patches/02_SECURITY_CVE-2008-1686.patch: fix for ext/speex/gstspeexdec.c to properly validate its input * References CVE-2008-1686 -- Jamie Strandboge [EMAIL PROTECTED] Wed, 07 May 2008 13:16:52 -0400 -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: gst-plugins-good0.10 (Ubuntu Dapper) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: gst-plugins-good0.10 (Ubuntu Feisty) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: gst-plugins-good0.10 (Ubuntu Gutsy) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: xmms-speex (Ubuntu) Status: New = Invalid ** Changed in: xmms-speex (Ubuntu Dapper) Status: New = Invalid ** Changed in: xmms-speex (Ubuntu Hardy) Status: New = Invalid ** Changed in: gst-plugins-good0.10 (Ubuntu Hardy) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: speex (Ubuntu Dapper) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: speex (Ubuntu Feisty) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: speex (Ubuntu Gutsy) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: speex (Ubuntu Hardy) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: vorbis-tools (Ubuntu Dapper) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: vorbis-tools (Ubuntu Feisty) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: vorbis-tools (Ubuntu Gutsy) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: vorbis-tools (Ubuntu Hardy) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: xine-lib (Ubuntu Dapper) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: xine-lib (Ubuntu Feisty) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: xine-lib (Ubuntu Gutsy) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: xine-lib (Ubuntu Hardy) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: gst-plugins-good0.10 (Ubuntu Dapper) Importance: Undecided = Medium Status: In Progress = Fix Committed ** Changed in: gst-plugins-good0.10 (Ubuntu Feisty) Importance: Undecided = Medium Status: In Progress = Fix Committed ** Changed in: gst-plugins-good0.10 (Ubuntu Gutsy) Importance: Undecided = Medium Status: In Progress = Fix Committed ** Changed in: gst-plugins-good0.10 (Ubuntu Hardy) Importance: Undecided = Medium Status: In Progress = Fix Committed ** Changed in: gst-plugins-good0.10 (Ubuntu) Status: New = Confirmed ** Changed in: speex (Ubuntu Dapper) Importance: Undecided = Medium Status: In Progress = Fix Committed ** Changed in: speex (Ubuntu Feisty) Importance: Undecided = Medium Status: In Progress = Fix Committed ** Changed in: speex (Ubuntu Gutsy) Importance: Undecided = Medium Status: In Progress = Fix Committed ** Changed in: speex (Ubuntu Hardy) Importance: Undecided = Medium Status: In Progress = Fix Committed -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
1.2~beta3.2-1 in Intrepid is not affected. ** Changed in: speex (Ubuntu) Status: New = Invalid ** Changed in: vorbis-tools (Ubuntu Dapper) Importance: Undecided = Medium Status: In Progress = Fix Committed ** Changed in: vorbis-tools (Ubuntu Feisty) Importance: Undecided = Medium Status: In Progress = Fix Committed ** Changed in: vorbis-tools (Ubuntu Gutsy) Importance: Undecided = Medium Status: In Progress = Fix Committed ** Changed in: vorbis-tools (Ubuntu Hardy) Importance: Undecided = Medium Status: In Progress = Fix Committed ** Changed in: vorbis-tools (Ubuntu) Status: New = Confirmed -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
gst-plugins-good0.10.8 is not affected despite oCERT advisory. From ChangeLog: 2008-04-11 Jan Schmidt [EMAIL PROTECTED] * ext/speex/gstspeexdec.c: (speex_dec_chain_parse_header): Fix bounds checking of mode in Speex header, which may produce negative numbers in speex = 1.1.12 I also verified the source. ** Changed in: gst-plugins-good0.10 (Ubuntu) Status: Confirmed = Invalid -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs