[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
Launchpad has imported 18 comments from the remote bug at
https://bugs.gentoo.org/show_bug.cgi?id=217715.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.
On 2008-04-14T20:01:33+00:00 rbu wrote:
xiph's (lib)speex 1.2 beta 3.2 has been tagged that fixes CVE-2008-1686
directly in the the speex_header_to_packet() function which applications
use. Sanitations inside applications are therefore unnecessary.
Patch:
https://trac.xiph.org/changeset/14701
Reply at:
https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/11
On 2008-04-15T09:35:05+00:00 ssuominen wrote:
And we have it in Portage now,
*speex-1.2_beta3_p2 (15 Apr 2008)
15 Apr 2008; Samuli Suominen -speex-1.1.7.ebuild,
+speex-1.2_beta3_p2.ebuild:
Version bump.
Reply at:
https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/13
On 2008-04-15T10:38:43+00:00 rbu wrote:
Arch Security Liaisons, please test and mark stable:
=media-libs/speex-1.2_beta3_p2
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sh sparc x86"
CC'ing current Liaisons:
alpha : ferdy
amd64 : welp
hppa : jer
ppc : dertobi123
ppc64 : corsair
release : pva
sparc : fmccor
x86 : opfer
Reply at:
https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/14
On 2008-04-15T13:17:57+00:00 armin76 wrote:
Adding Tobias for alpha
Reply at:
https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/15
On 2008-04-15T13:46:01+00:00 fmccor wrote:
Sparc stable (tested with {.wav}).
Reply at:
https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/16
On 2008-04-15T16:17:10+00:00 corsair wrote:
ppc64 stable
Reply at:
https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/18
On 2008-04-15T16:51:29+00:00 ssuominen wrote:
amd64 stable, tested by playing with ogg123 (vorbis-tools using USE speex) and
converting .spx to .wav and back to .spx using speexdec and speexenc
also tested by an AT (VQuickSilver, Freenode), thanks to him
Reply at:
https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/19
On 2008-04-15T20:00:45+00:00 klausman wrote:
Stable for alpha.
Reply at:
https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/21
On 2008-04-15T21:53:19+00:00 rbu wrote:
*** Bug 217820 has been marked as a duplicate of this bug. ***
Reply at:
https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/22
On 2008-04-16T19:08:12+00:00 dertobi123 wrote:
ppc stable
Reply at:
https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/23
On 2008-04-17T01:04:10+00:00 maekke wrote:
x86 stable
Reply at:
https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/24
On 2008-04-17T09:42:39+00:00 vorlon wrote:
now public via http://www.ocert.org/advisories/ocert-2008-004.html
Reply at:
https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/29
On 2008-04-17T09:59:20+00:00 vorlon wrote:
removing arch security liaisons, adding missing arches, adding sound herd
hope I didn't forget to remove/add anyone
glsa request filed
Reply at:
https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/30
On 2008-04-17T10:02:30+00:00 vorlon wrote:
really removing this time
Reply at:
https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/31
On 2008-04-17T10:18:10+00:00 armin76 wrote:
ia64 stable
Reply at:
https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/32
On 2008-04-17T10:53:48+00:00 klausman wrote:
Removing myself since I stood in for ferdy as sec liaison for Alpha.
Reply at:
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
Launchpad has imported 17 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=441239.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.
On 2008-04-07T11:41:09+00:00 Tomas wrote:
Common Vulnerabilities and Exposures assigned an identifier
CVE-2008-1686 to the following vulnerability:
Quoting oCert advisory:
The libfishsound decoder library incorrectly implements the reference speex
decoder from the Speex library, performing insufficient boundary checks on a
header structure read from user input.
A user controlled field in the header structure is used to build a function
pointer. The libfishsound implementation does not check for negative values for
the field, allowing the function pointer to be pointed at an arbitary position
in memory. This allows remote code execution.
Affected version: <= 0.9.0
Fixed version: 0.9.1
Upstream patch in trunk:
http://trac.annodex.net/changeset/3536
References:
http://www.ocert.org/advisories/ocert-2008-2.html
http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html
Reply at:
https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/0
On 2008-04-07T12:48:20+00:00 Tomas wrote:
oCert-2008-2 was updated to list speex as affected as well:
Additional affected packages:
Speex <= 1.1.6, the reference implementation from which libfishsound is derived.
Current Fedora speex packages are not affected by this problem. Affected speex
packages are shipped in Red Hat Enterprise Linux 4 and 5.
Reply at:
https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/1
On 2008-04-07T12:55:52+00:00 Tomas wrote:
For speex, fix first occurred in 1.2.0beta1.
Reply at:
https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/2
On 2008-04-07T17:51:19+00:00 Tomas wrote:
Some more info in Contrad Parker's blog:
http://blog.kfish.org/2008/04/release-libfishsound-091.html
Reply at:
https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/3
On 2008-04-11T11:24:34+00:00 Tomas wrote:
So far, same issue was identified in following other projects:
- gstreamer-plugins-good-0.10.6
- vorbis-tools-1.1.1 (ogg123)
- sweep-0.9.2
- xine-lib-1.1.11.1
- vlc-0.8.6f (not shipped in Fedora or Red Hat Enterprise Linux)
- SDL_sound-1.0.1
Fedora packages seems unaffected, as they do not seem to be linked against
libspeex despite --enable-speex and speex-devel BuildRequires
Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/4
On 2008-04-11T11:25:53+00:00 Tomas wrote:
So far, fixed upstream in:
- gstreamer-plugins-good
http://webcvs.freedesktop.org/gstreamer/gst-plugins-good/ext/speex/gstspeexdec.c?r1=1.40=1.41
- sweep
http://trac.metadecks.org/changeset/554
Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/5
On 2008-04-12T17:11:09+00:00 Tomas wrote:
Speex upstream added check in speex_packet_to_header(), so that can address this
problem for all affected apps, that use speex_packet_to_header and check its
return value (all applications seem to do that correctly). For caller of
speex_packet_to_header that does not check return value, it will reduce problem
to a crash caused by NULL pointer dereference.
Patch applied to speex_packet_to_header():
$ svn diff -c 14701 http://svn.xiph.org/trunk/speex/libspeex/
Index: speex_header.c
===
--- speex_header.c (revision 14700)
+++ speex_header.c (revision 14701)
@@ -178,6 +178,13 @@
ENDIAN_SWITCH(le_header->frames_per_packet);
ENDIAN_SWITCH(le_header->extra_headers);
+ if (le_header->mode >= SPEEX_NB_MODES || le_header->mode < 0)
+ {
+ speex_notify("Invalid mode specified in Speex header");
+ speex_free (le_header);
+ return NULL;
+ }
+
if (le_header->nb_channels>2)
le_header->nb_channels = 2;
if (le_header->nb_channels<1)
$ svn log -r 14701 http://svn.xiph.org/trunk/speex/libspeex/
r14701 | jm | 2008-04-11 05:48:46 +0200 (Fri, 11 Apr 2008) | 5 lines
Patch by kfish that checks for headers with invalid mode numbers. Technically,
it should have been the application's responsability, but many didn't, so
we ended up with security issues. Considering that
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: xine-lib Importance: Unknown = High -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in Ubuntu. https://bugs.launchpad.net/bugs/218652 Title: CVE-2008-1686: Multiple speex implementations insufficient boundary checks To manage notifications about this bug go to: https://bugs.launchpad.net/vorbis-tools/+bug/218652/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: speex (Gentoo Linux) Importance: Unknown = Medium -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. https://bugs.launchpad.net/bugs/218652 Title: CVE-2008-1686: Multiple speex implementations insufficient boundary checks -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
This bug was fixed in the package libfishsound - 0.7.0-2.1ubuntu0.1 --- libfishsound (0.7.0-2.1ubuntu0.1) hardy-security; urgency=low [ Brian Thomason ] * SECURITY UPDATE: uncontrolled array index (LP: #218652) - src/libfishsound/speex.c - Added check for negative offset. Based on Debian patch. - CVE-2008-1686 [ Jamie Strandboge ] * debian/control: adjust section from 'unknown' to 'sound' -- Brian Thomason brian.thoma...@canonical.com Tue, 29 Jun 2010 16:24:03 -0400 ** Changed in: libfishsound (Ubuntu Hardy) Status: Fix Committed = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Branch linked: lp:ubuntu/hardy-security/libfishsound -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
Desktop support has end for Dapper. ** Changed in: vlc (Ubuntu Dapper) Status: Confirmed = Won't Fix ** Changed in: libannodex (Ubuntu Dapper) Status: Confirmed = Won't Fix ** Changed in: libfishsound (Ubuntu Dapper) Status: Confirmed = Won't Fix ** Changed in: libsdl-sound1.2 (Ubuntu Dapper) Status: Confirmed = Won't Fix ** Changed in: sweep (Ubuntu Dapper) Status: Confirmed = Won't Fix -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
ACK libfishsound for hardy. ** Tags removed: patch ** Changed in: libfishsound (Ubuntu Hardy) Status: Confirmed = Fix Committed -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
This patch provides the fix from Debian for libfishsound in Hardy. ** Patch added: libfishsound speex patch for hardy http://launchpadlibrarian.net/51133711/libfishsound_0.7.0-2.1ubuntu0.1.debdiff -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Tags added: patch -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Branch linked: lp:ubuntu/dapper-security/gst-plugins-good0.10 ** Branch linked: lp:ubuntu/feisty-security/gst-plugins-good0.10 ** Branch linked: lp:ubuntu/gutsy-security/gst-plugins-good0.10 ** Branch linked: lp:ubuntu/hardy-updates/gst-plugins-good0.10 -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Branch linked: lp:ubuntu/karmic/xine-lib -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Branch linked: lp:~ubuntu-branches/ubuntu/dapper/vorbis-tools/dapper- security ** Branch linked: lp:~ubuntu-branches/ubuntu/feisty/vorbis-tools/feisty- security ** Branch linked: lp:~ubuntu-branches/ubuntu/gutsy/vorbis-tools/gutsy- security ** Branch linked: lp:~ubuntu-branches/ubuntu/hardy/vorbis-tools/hardy- security -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Branch linked: lp:~ubuntu-branches/ubuntu/dapper/speex/dapper- security ** Branch linked: lp:ubuntu/feisty-updates/speex ** Branch linked: lp:~ubuntu-branches/ubuntu/hardy/speex/hardy-security ** Branch linked: lp:~ubuntu-branches/ubuntu/gutsy/speex/gutsy-security -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
The 18 month support period for Gutsy Gibbon 7.10 has reached its end of life - http://www.ubuntu.com/news/ubuntu-7.10-eol . As a result, we are closing the Gutsy task. ** Changed in: libannodex (Ubuntu Gutsy) Status: Confirmed = Won't Fix ** Changed in: libfishsound (Ubuntu Gutsy) Status: Confirmed = Won't Fix ** Changed in: libsdl-sound1.2 (Ubuntu Gutsy) Status: Confirmed = Won't Fix ** Changed in: sweep (Ubuntu Gutsy) Status: Confirmed = Won't Fix ** Changed in: vlc (Ubuntu Gutsy) Status: Confirmed = Won't Fix ** Changed in: xmms-speex (Ubuntu Gutsy) Status: Confirmed = Won't Fix -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: xmms-speex (Ubuntu Gutsy) Status: New = Confirmed ** Changed in: libannodex (Ubuntu Dapper) Status: New = Confirmed ** Changed in: libannodex (Ubuntu Gutsy) Status: New = Confirmed ** Changed in: libannodex (Ubuntu Hardy) Status: New = Confirmed ** Changed in: libfishsound (Ubuntu Dapper) Status: New = Confirmed ** Changed in: libfishsound (Ubuntu Gutsy) Status: New = Confirmed ** Changed in: libfishsound (Ubuntu Hardy) Status: New = Confirmed ** Changed in: libsdl-sound1.2 (Ubuntu Dapper) Status: New = Confirmed ** Changed in: libsdl-sound1.2 (Ubuntu Gutsy) Status: New = Confirmed ** Changed in: libsdl-sound1.2 (Ubuntu Hardy) Status: New = Confirmed ** Changed in: sweep (Ubuntu Dapper) Status: New = Confirmed ** Changed in: sweep (Ubuntu Gutsy) Status: New = Confirmed ** Changed in: sweep (Ubuntu Hardy) Status: New = Confirmed ** Changed in: vlc (Ubuntu Dapper) Status: New = Confirmed ** Changed in: vlc (Ubuntu Gutsy) Status: New = Confirmed -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: libannodex (Ubuntu) Status: New = Confirmed ** Changed in: libfishsound (Ubuntu) Status: New = Confirmed ** Changed in: libsdl-sound1.2 (Ubuntu) Status: New = Confirmed ** Changed in: sweep (Ubuntu) Status: New = Confirmed -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
Ubuntu Feisty Fawn is no longer supported, so a SRU will not be issued for this release. Marking Feisty as Won't Fix. ** Changed in: libannodex (Ubuntu Feisty) Status: New = Won't Fix ** Changed in: libfishsound (Ubuntu Feisty) Status: New = Won't Fix ** Changed in: libsdl-sound1.2 (Ubuntu Feisty) Status: New = Won't Fix ** Changed in: sweep (Ubuntu Feisty) Status: New = Won't Fix ** Changed in: vlc (Ubuntu Feisty) Status: New = Won't Fix ** Changed in: xmms-speex (Ubuntu Feisty) Status: New = Won't Fix -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: vlc (Ubuntu Hardy) Status: In Progress = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: xine-lib (Ubuntu Dapper) Status: In Progress = Fix Released ** Changed in: xine-lib (Ubuntu Feisty) Status: In Progress = Fix Released ** Changed in: xine-lib (Ubuntu Gutsy) Status: In Progress = Fix Released ** Changed in: xine-lib (Ubuntu Hardy) Status: In Progress = Fix Released ** Changed in: gst-plugins-good0.10 (Ubuntu Dapper) Status: Fix Committed = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
Debian fixed this in 1.2.0-2, and Intrepid now has 1.2.0-5 ** Changed in: vorbis-tools (Ubuntu) Status: Confirmed = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
My last comment was for vorbis-tools. -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
This bug was fixed in the package xine-lib - 1.1.14-1ubuntu1 --- xine-lib (1.1.14-1ubuntu1) intrepid; urgency=low * merge from debian unstable. Remaining changes: - disable the jack plugin in libxine1-bin to make dapper-hardy upgrades work (LP #203605) - Modify Maintainer value to match the DebianMaintainerField specification. * New upstream fixes: - playback of MJPEG files LP: #93076 - CVE-2008-1878 LP: #235904 - CVE-2008-1686 LP: #218652 * remove Replaces: libxine-main1 ( 1.1.2+repacked1-0ubuntu1). We don't support upgrades from dapper/feisty anymore. xine-lib (1.1.14-1) unstable; urgency=low * The beat the freeze release. * New upstream release. - All patches in 1.1.12-2 are present upstream. - MIME types added. (Closes: #472869) * Build-depend on libmagick9-dev | libmagick-dev | libmagickwand-dev. * Build-depend on ghostscript | gs | gs-gpl. -- Reinhard Tartler [EMAIL PROTECTED] Tue, 08 Jul 2008 22:35:48 +0200 ** Changed in: xine-lib (Ubuntu) Status: Fix Committed = Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1878 -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: vlc (Ubuntu) Assignee: (unassigned) = William Grant (wgrant) Status: New = Fix Released ** Changed in: vlc (Ubuntu Hardy) Assignee: (unassigned) = William Grant (wgrant) Status: New = In Progress -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
new upstream (1.1.14) fixing this issue is prepared. ** Changed in: xine-lib (Ubuntu) Assignee: (unassigned) = Reinhard Tartler (siretart) Status: New = Fix Committed -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
VLC patch at http://trac.videolan.org/vlc/changeset/c1c81073e661f7d80197711ab11753e1e170b44c. -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: speex (Fedora) Status: In Progress = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
http://www.ubuntu.com/usn/usn-611-1 ** Changed in: speex (Ubuntu Dapper) Status: Fix Committed = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
http://www.ubuntu.com/usn/usn-611-2 ** Changed in: vorbis-tools (Ubuntu Dapper) Status: Fix Committed = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: speex (Fedora) Status: Fix Released = In Progress -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: speex (Fedora) Status: In Progress = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Bug watch added: Gentoo Bugzilla #217715 http://bugs.gentoo.org/show_bug.cgi?id=217715 ** Also affects: speex (Gentoo Linux) via http://bugs.gentoo.org/show_bug.cgi?id=217715 Importance: Unknown Status: Unknown ** Bug watch added: Red Hat Bugzilla #441239 https://bugzilla.redhat.com/show_bug.cgi?id=441239 ** Also affects: speex (Fedora) via https://bugzilla.redhat.com/show_bug.cgi?id=441239 Importance: Unknown Status: Unknown ** Bug watch added: Xiph.org Trac #1347 http://trac.xiph.org/ticket/1347 ** Also affects: vorbis-tools via http://trac.xiph.org/ticket/1347 Importance: Unknown Status: Unknown -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: speex (Gentoo Linux) Status: Unknown = Fix Released ** Changed in: speex (Fedora) Status: Unknown = In Progress ** Changed in: vorbis-tools Status: Unknown = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Bug watch added: Xine Bugzilla #83 http://bugs.xine-project.org/show_bug.cgi?id=83 ** Also affects: xine-lib via http://bugs.xine-project.org/show_bug.cgi?id=83 Importance: Unknown Status: Unknown -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: xine-lib Status: Unknown = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
This bug was fixed in the package speex - 1.1.12-3ubuntu0.8.04.1 --- speex (1.1.12-3ubuntu0.8.04.1) hardy-security; urgency=low * SECURITY UPDATE: array index vulnerability (LP: #218652) * fix for libspeex/speex_header.c to properly validate its input * References CVE-2008-1686 -- Jamie Strandboge [EMAIL PROTECTED] Wed, 07 May 2008 13:40:18 -0400 ** Changed in: speex (Ubuntu Hardy) Status: Fix Committed = Fix Released ** Changed in: speex (Ubuntu Gutsy) Status: Fix Committed = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
This bug was fixed in the package speex - 1.1.12-3ubuntu0.7.10.1 --- speex (1.1.12-3ubuntu0.7.10.1) gutsy-security; urgency=low * SECURITY UPDATE: array index vulnerability (LP: #218652) * fix for libspeex/speex_header.c to properly validate its input * References CVE-2008-1686 -- Jamie Strandboge [EMAIL PROTECTED] Wed, 07 May 2008 13:42:28 -0400 ** Changed in: speex (Ubuntu Feisty) Status: Fix Committed = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
This bug was fixed in the package speex - 1.1.12-3ubuntu0.7.04.1 --- speex (1.1.12-3ubuntu0.7.04.1) feisty-security; urgency=low * SECURITY UPDATE: array index vulnerability (LP: #218652) * fix for libspeex/speex_header.c to properly validate its input * References CVE-2008-1686 -- Jamie Strandboge [EMAIL PROTECTED] Wed, 07 May 2008 13:43:25 -0400 -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
This bug was fixed in the package vorbis-tools - 1.1.1-15ubuntu0.1 --- vorbis-tools (1.1.1-15ubuntu0.1) hardy-security; urgency=low * SECURITY UPDATE: array index vulnerability (LP: #218652) * debian/patches/SECURITY_CVE-2008-1686.diff: fix for ogg123/speex_format.c to properly validate its input * References CVE-2008-1686 -- Jamie Strandboge [EMAIL PROTECTED] Wed, 07 May 2008 13:53:17 -0400 ** Changed in: vorbis-tools (Ubuntu Hardy) Status: Fix Committed = Fix Released ** Changed in: vorbis-tools (Ubuntu Gutsy) Status: Fix Committed = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
This bug was fixed in the package vorbis-tools - 1.1.1-13ubuntu0.1 --- vorbis-tools (1.1.1-13ubuntu0.1) gutsy-security; urgency=low * SECURITY UPDATE: array index vulnerability (LP: #218652) * debian/patches/SECURITY_CVE-2008-1686.diff: fix for ogg123/speex_format.c to properly validate its input * References CVE-2008-1686 -- Jamie Strandboge [EMAIL PROTECTED] Wed, 07 May 2008 13:57:07 -0400 ** Changed in: vorbis-tools (Ubuntu Feisty) Status: Fix Committed = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
This bug was fixed in the package vorbis-tools - 1.1.1-6ubuntu0.1 --- vorbis-tools (1.1.1-6ubuntu0.1) feisty-security; urgency=low * SECURITY UPDATE: array index vulnerability (LP: #218652) * debian/patches/SECURITY_CVE-2008-1686.diff: fix for ogg123/speex_format.c to properly validate its input * References CVE-2008-1686 -- Jamie Strandboge [EMAIL PROTECTED] Wed, 07 May 2008 13:58:41 -0400 -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
This bug was fixed in the package gst-plugins-good0.10 - 0.10.7-3ubuntu0.1 --- gst-plugins-good0.10 (0.10.7-3ubuntu0.1) hardy-security; urgency=low * SECURITY UPDATE: array index vulnerability (LP: #218652) * debian/patches/99_SECURITY_CVE-2008-1686.patch: fix for ext/speex/gstspeexdec.c to properly validate its input * References CVE-2008-1686 -- Jamie Strandboge [EMAIL PROTECTED] Wed, 07 May 2008 13:09:52 -0400 ** Changed in: gst-plugins-good0.10 (Ubuntu Hardy) Status: Fix Committed = Fix Released ** Changed in: gst-plugins-good0.10 (Ubuntu Gutsy) Status: Fix Committed = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
This bug was fixed in the package gst-plugins-good0.10 - 0.10.6-0ubuntu4.1 --- gst-plugins-good0.10 (0.10.6-0ubuntu4.1) gutsy-security; urgency=low * SECURITY UPDATE: array index vulnerability (LP: #218652) * debian/patches/04_SECURITY_CVE-2008-1686.patch: fix for ext/speex/gstspeexdec.c to properly validate its input * References CVE-2008-1686 -- Jamie Strandboge [EMAIL PROTECTED] Wed, 07 May 2008 13:14:21 -0400 ** Changed in: gst-plugins-good0.10 (Ubuntu Feisty) Status: Fix Committed = Fix Released -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
This bug was fixed in the package gst-plugins-good0.10 - 0.10.5-1ubuntu2.1 --- gst-plugins-good0.10 (0.10.5-1ubuntu2.1) feisty-security; urgency=low * SECURITY UPDATE: array index vulnerability (LP: #218652) * debian/patches/02_SECURITY_CVE-2008-1686.patch: fix for ext/speex/gstspeexdec.c to properly validate its input * References CVE-2008-1686 -- Jamie Strandboge [EMAIL PROTECTED] Wed, 07 May 2008 13:16:52 -0400 -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: gst-plugins-good0.10 (Ubuntu Dapper) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: gst-plugins-good0.10 (Ubuntu Feisty) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: gst-plugins-good0.10 (Ubuntu Gutsy) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: xmms-speex (Ubuntu) Status: New = Invalid ** Changed in: xmms-speex (Ubuntu Dapper) Status: New = Invalid ** Changed in: xmms-speex (Ubuntu Hardy) Status: New = Invalid ** Changed in: gst-plugins-good0.10 (Ubuntu Hardy) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: speex (Ubuntu Dapper) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: speex (Ubuntu Feisty) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: speex (Ubuntu Gutsy) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: speex (Ubuntu Hardy) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: vorbis-tools (Ubuntu Dapper) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: vorbis-tools (Ubuntu Feisty) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: vorbis-tools (Ubuntu Gutsy) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: vorbis-tools (Ubuntu Hardy) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: xine-lib (Ubuntu Dapper) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: xine-lib (Ubuntu Feisty) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: xine-lib (Ubuntu Gutsy) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress ** Changed in: xine-lib (Ubuntu Hardy) Assignee: (unassigned) = Jamie Strandboge (jdstrand) Status: New = In Progress -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: gst-plugins-good0.10 (Ubuntu Dapper) Importance: Undecided = Medium Status: In Progress = Fix Committed ** Changed in: gst-plugins-good0.10 (Ubuntu Feisty) Importance: Undecided = Medium Status: In Progress = Fix Committed ** Changed in: gst-plugins-good0.10 (Ubuntu Gutsy) Importance: Undecided = Medium Status: In Progress = Fix Committed ** Changed in: gst-plugins-good0.10 (Ubuntu Hardy) Importance: Undecided = Medium Status: In Progress = Fix Committed ** Changed in: gst-plugins-good0.10 (Ubuntu) Status: New = Confirmed ** Changed in: speex (Ubuntu Dapper) Importance: Undecided = Medium Status: In Progress = Fix Committed ** Changed in: speex (Ubuntu Feisty) Importance: Undecided = Medium Status: In Progress = Fix Committed ** Changed in: speex (Ubuntu Gutsy) Importance: Undecided = Medium Status: In Progress = Fix Committed ** Changed in: speex (Ubuntu Hardy) Importance: Undecided = Medium Status: In Progress = Fix Committed -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
1.2~beta3.2-1 in Intrepid is not affected. ** Changed in: speex (Ubuntu) Status: New = Invalid ** Changed in: vorbis-tools (Ubuntu Dapper) Importance: Undecided = Medium Status: In Progress = Fix Committed ** Changed in: vorbis-tools (Ubuntu Feisty) Importance: Undecided = Medium Status: In Progress = Fix Committed ** Changed in: vorbis-tools (Ubuntu Gutsy) Importance: Undecided = Medium Status: In Progress = Fix Committed ** Changed in: vorbis-tools (Ubuntu Hardy) Importance: Undecided = Medium Status: In Progress = Fix Committed ** Changed in: vorbis-tools (Ubuntu) Status: New = Confirmed -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] Re: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
gst-plugins-good0.10.8 is not affected despite oCERT advisory. From ChangeLog: 2008-04-11 Jan Schmidt [EMAIL PROTECTED] * ext/speex/gstspeexdec.c: (speex_dec_chain_parse_header): Fix bounds checking of mode in Speex header, which may produce negative numbers in speex = 1.1.12 I also verified the source. ** Changed in: gst-plugins-good0.10 (Ubuntu) Status: Confirmed = Invalid -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
