Bug#893544: mp4v2: CVE-2018-7339
Source: mp4v2 Version: 2.0.0~dfsg0-1 Severity: important Tags: security upstream Hi, the following vulnerability was published for mp4v2. CVE-2018-7339[0]: | The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles | Entry Number validation for the MP4 Table Property, which allows remote | attackers to cause a denial of service (overflow, insufficient memory | allocation, and segmentation fault) or possibly have unspecified other | impact via a crafted mp4 file. Not clear, is there still an upstream active? If so has the report been make aware to the developers? If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-7339 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7339 [1] https://github.com/pingsuewim/libmp4_bof Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#892526: gpac: CVE-2018-7752: Stack buffer overflow in av_parsers.c
Source: gpac Version: 0.5.2-426-gc5ad4e4+dfsg5-3 Severity: important Tags: patch security upstream Forwarded: https://github.com/gpac/gpac/issues/997 Hi, the following vulnerability was published for gpac. CVE-2018-7752[0]: | GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps | function in media_tools/av_parsers.c, a different vulnerability than | CVE-2018-1000100. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-7752 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7752 [1] https://github.com/gpac/gpac/issues/997 [2] https://github.com/gpac/gpac/commit/90dc7f853d31b0a4e9441cba97feccf36d8b69a4 Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#889915: libfaad2 in Wheezy contains patches for some security bugs. They were not backported to Jessie.
Hi Fabian, On Fri, Feb 09, 2018 at 08:26:10AM +0100, Fabian Greffrath wrote: > tags 889915 +security +jessie > thanks > > Forwarding this to the security team. The current issues which were fixed in DLA-1077-1 are all no-dsa, so thei did not warrant a DSA via security.d.o. Can you fix those issues via upcoming point releases? Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#888654: mpv: CVE-2018-6360
Source: mpv Version: 0.23.0-1 Severity: grave Tags: security upstream Forwarded: https://github.com/mpv-player/mpv/issues/5456 Hi, the following vulnerability was published for mpv. CVE-2018-6360[0]: | mpv through 0.28.0 allows remote attackers to execute arbitrary code | via a crafted web site, because it reads HTML documents containing | VIDEO elements, and accepts arbitrary URLs in a src attribute without a | protocol whitelist in player/lua/ytdl_hook.lua. For example, an | av://lavfi:ladspa=file= URL signifies that the product should call | dlopen on a shared object file located at an arbitrary local pathname. | The issue exists because the product does not consider that youtube-dl | can provide a potentially unsafe URL. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-6360 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6360 [1] https://github.com/mpv-player/mpv/issues/5456 Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: ffmpeg 3.2.10 update
Hi James, On Sat, Jan 27, 2018 at 10:19:19AM +, James Cowgill wrote: > Hi, > > On 26/01/18 17:53, Moritz Mühlenhoff wrote: > > On Fri, Jan 26, 2018 at 05:13:54PM +, James Cowgill wrote: > >> Hi, > >> > >> I've pushed ffmpeg 3.2.10 here: > >> https://salsa.debian.org/multimedia-team/ffmpeg/tree/debian/stretch > >> > >> Since I've not been doing these updates before, what is the correct > >> procedure. Do I just upload it to security-master, or should I contact > >> the security team first? > > > > For ffmpeg (since it's following the 3.2.x series) uploading to > > security-master is fine (unless some update happens to provide > > changes in debian/ beyond the changelog, then please send us a > > debdiff). > > I've uploaded it and attached the debdiff. There are some minor > modifications to debian/ outside the changelog, but I don't think > they'll be controversial. Something whent wrong, presumably the upload interupted? The upload is missing the orig.tar.xz: [...] Jan 27 10:20:39 processing /ffmpeg_3.2.10-1~deb9u1_source.changes Jan 27 10:20:39 ffmpeg_3.2.10.orig.tar.xz doesn't exist (ignored for now) Jan 27 10:25:39 processing /ffmpeg_3.2.10-1~deb9u1_source.changes Jan 27 10:25:39 ffmpeg_3.2.10.orig.tar.xz doesn't exist (ignored for now) [...] You should be able to just push ffmpeg_3.2.10.orig.tar.xz in the next few hours, and the upload beeing processed. Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#884735: libsndfile: CVE-2017-17456 CVE-2017-17457
Source: libsndfile Version: 1.0.28-4 Severity: important Tags: security upstream Forwarded: https://github.com/erikd/libsndfile/issues/344 Hi, the following vulnerabilities were published for libsndfile. CVE-2017-17456[0]: | The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lead | to a remote DoS attack (SEGV on unknown address 0x), a | different vulnerability than CVE-2017-14245. CVE-2017-17457[1]: | The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead | to a remote DoS attack (SEGV on unknown address 0x), a | different vulnerability than CVE-2017-14246. Note, as mentioned in the CVE assingments, that are different from CVE-2017-14245 and CVE-2017-14246, crash poc files are attaced to upstream bug report and demostrable with e.g. an ASAN build of libsndfile. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-17456 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17456 [1] https://security-tracker.debian.org/tracker/CVE-2017-17457 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17457 Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#884232: ffmpeg: CVE-2017-17555
Control: reassign -1 src:aubio 0.4.5-1 Hi Carl, On Tue, Dec 12, 2017 at 11:20:42PM +0100, Carl Eugen Hoyos wrote: > This is not a bug in FFmpeg: > aubio initializes libswresample with 2 channels and then passes data > that contains just one channel. > > That cant really work or how could it ? > swresample has no knowledge about what is in the array except what it > is told > There are multiple ways to provide this information to swr > > (Answer from Michael on ffmpeg-security) Thanks for your's and MIchael's analysis/comment. So let's reassign this to src:aubio since it would need to be fixed there. Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#884232: ffmpeg: CVE-2017-17555
Source: ffmpeg Version: 7:3.4-4 Severity: normal Tags: security upstream Control: found -1 7:3.4.1-1 Hi, the following vulnerability was published for ffmpeg. CVE-2017-17555[0]: | The swri_audio_convert function in audioconvert.c in FFmpeg | libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, | and other products, allows remote attackers to cause a denial of | service (NULL pointer dereference and application crash) via a crafted | audio file. The issue is triggerable/demostrable with the POC attached to [1]: $ ./aubio/build/examples/aubiomfcc ./crash-2-null-ptr [mp3 @ 0x61b00080] Format mp3 detected only with low score of 1, misdetection possible! [mp3 @ 0x61b00080] Skipping 3350 bytes of junk at 0. [mp3 @ 0x61b00080] Estimating duration from bitrate, this may be inaccurate 0.00-18.015953 -0.012183 -0.867832 -0.616462 0.813869 -1.063807 -0.276262 -0.236723 -1.673019 1.016008 -0.041898 0.450148 -0.699137 ASAN:DEADLYSIGNAL = ==13255==ERROR: AddressSanitizer: SEGV on unknown address 0x (pc 0x7fd18a85df33 bp 0x0004 sp 0x7ffec8afd8e8 T0) ==13255==The signal is caused by a READ memory access. ==13255==Hint: address points to the zero page. #0 0x7fd18a85df32 (/usr/lib/x86_64-linux-gnu/libswresample.so.2+0x11f32) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/usr/lib/x86_64-linux-gnu/libswresample.so.2+0x11f32) ==13255==ABORTING Backtrace: Program received signal SIGSEGV, Segmentation fault. 0x72af0f33 in ff_int16_to_float_a_sse2.next () at src/libswresample/x86/audio_convert.asm:656 656 src/libswresample/x86/audio_convert.asm: No such file or directory. (gdb) bt #0 0x72af0f33 in ff_int16_to_float_a_sse2.next () at src/libswresample/x86/audio_convert.asm:656 #1 0x72ae78de in swri_audio_convert (ctx=0x60701740, out=out@entry=0x632037d0, in=in@entry=0x632035b0, len=len@entry=384) at src/libswresample/audioconvert.c:226 #2 0x72aee190 in swr_convert_internal (s=s@entry=0x63200800, out=out@entry=0x63203e30, out_count=out_count@entry=384, in=in@entry=0x632035b0, in_count=in_count@entry=384) at src/libswresample/swresample.c:633 #3 0x72aef252 in swr_convert_internal (in_count=384, in=0x632035b0, out_count=384, out=0x63203e30, s=0x63200800) at src/libswresample/swresample.c:470 #4 0x72aef252 in swr_convert (s=0x63200800, out_arg=, out_count=, in_arg=, in_count=) at src/libswresample/swresample.c:800 #5 0x76c08af5 in aubio_source_avcodec_readframe () at /usr/lib/x86_64-linux-gnu/libaubio.so.5 #6 0x76c08c65 in aubio_source_avcodec_do () at /usr/lib/x86_64-linux-gnu/libaubio.so.5 #7 0x9db4 in examples_common_process (process_func=0x91fb , print=0x9266 ) at ../examples/utils.c:160 #8 0x9875 in main (argc=2, argv=0x7fffeb88) at ../examples/aubiomfcc.c:66 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-17555 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17555 [1] https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20swri_audio_convert%20of%20ffmpeg%20libswresample.md Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#876783: libsndfile: CVE-2017-14634
Hi On Mon, Sep 25, 2017 at 10:24:01PM +0200, Salvatore Bonaccorso wrote: > Forwarded: https://github.com/erikd/libsndfile/issues/318 Upstream fix: https://github.com/erikd/libsndfile/commit/85c877d5072866aadbe8ed0c3e0590fbb5e16788 Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#878809: closed by Jaromír Mikeš <mira.mi...@seznam.cz> (Bug#878809: fixed in sox 14.4.2-1)
Source: sox Source-Version: 14.4.2-1 Hi Jaromir, On Sun, Nov 19, 2017 at 10:23:01PM +0100, Jaromír Mikeš wrote: > 2017-11-19 21:11 GMT+01:00 Salvatore Bonaccorso <car...@debian.org>: > > > Control: reopen -1 > > Control: found -1 14.4.1-5 > > Control: found -1 14.4.2-1 > > Control: tags -1 + moreinfo > > > > Hi Jaromir, > > > > Are you sure #878809 is yet fixed? > > > > With the patches applied on top of 14.4.2 we see still that sox aborts > > with: > > > > $ ./sox-14.4.2/src/sox 03-abort out.wav > > sox: formats.c:227: sox_append_comment: Assertion `comment' failed. > > Aborted > > > > So the assertion is still reachable, so at least > > 0005-CVE-2017-15371.patch did not solve the problem? > > > > What am I missing here? Note, I'm just reopening the bug as > > safetymeasure to double-check. If I turn to be wrong (likely) we can > > reclose it, but I wanted to be sure. > > > > Hi Salvatore, > > can you provide some more details please. Upstream developers claims that > issue should be solved > by 0005-CVE-2017-15371.patch sure, but all I have is basically the above with the poc attached in the initial message. But I just reverified and I got probably an error in my initial retest. The assertion is not reached anymore with the experimental version: $ sox --version sox: SoX v14.4.2 $ sox 03-abort out.vaw sox FAIL formats: can't open input file `03-abort': FLAC ERROR whilst decoding metadata Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#876783: libsndfile: CVE-2017-14634
Source: libsndfile Version: 1.0.28-4 Severity: normal Tags: upstream security Forwarded: https://github.com/erikd/libsndfile/issues/318 Control: found -1 1.0.25-9.1 Hi, the following vulnerability was published for libsndfile. CVE-2017-14634[0]: | In libsndfile 1.0.28, a divide-by-zero error exists in the function | double64_init() in double64.c, which may lead to DoS when playing a | crafted audio file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14634 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14634 [1] https://github.com/erikd/libsndfile/issues/318 Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#873718: Fixes for security vulnerabilities on libgig?
On Wed, Aug 30, 2017 at 04:34:44PM +0200, Salvatore Bonaccorso wrote: > Hi > > All, but not CVE-2017-12951 are probably fixed already with the > 4.0.0-4 upload to unstable today. Might actually just uncover another problem after the fix. Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#873718: Fixes for security vulnerabilities on libgig?
Hi All, but not CVE-2017-12951 are probably fixed already with the 4.0.0-4 upload to unstable today. Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#871931: libvpx: CVE-2017-0641
Hi On Sat, Aug 12, 2017 at 01:52:43PM -0400, Ondrej Novy wrote: > Hi, > > we are already using: > > --size-limit=16384x16384 Yupp, I know that, I added that comment to the tracker. It's not clear to me if we need to limit it quite further. The android approach is to limit it to 4k frames. Mabe inded we shoult mark it as fixed for that version where the size-limit was added (which should be 1.4.0-4. But the size-limit to 16384x16384 was back in 2015 added to mitigate/workaround CVE-2015-1258. So I suspect we will need to limit it further. *but* cc'ing Moritz, who added libvpx to our DSA needed list on that purpose. Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#871931: libvpx: CVE-2017-0641
Source: libvpx Version: 1.6.1-3 Severity: important Tags: security upstream Hi, the following vulnerability was published for libvpx. CVE-2017-0641[0]: | A remote denial of service vulnerability in libvpx in Mediaserver | could enable an attacker to use a specially crafted file to cause a | device hang or reboot. This issue is rated as High severity due to the | possibility of remote denial of service. Product: Android. Versions: | 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: | A-34360591. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-0641 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0641 Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#870809: lame: CVE-2017-11720: duplicate, already fixed in all versions
Control: notfound -1 3.99.5+repack1-7 Control: found -1 3.99.5+repack1-3 Control: fixed -1 3.99.5+repack1-3+deb7u1 Control: fixed -1 3.99.5+repack1-6 Hi On Tue, Aug 08, 2017 at 03:53:35PM -0400, Hugo Lefeuvre wrote: > Hi, > > This bug is a duplicate of #777159, which is already fixed in all debian > versions of lame. In meanwhile the reporter indeed has provided the password for the report_poc.zip in public (was unfortunately not the case until 2 days ago ...), so that could be verified and you are correct. Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#870856: soundtouch: CVE-2017-9259
Source: soundtouch Version: 1.9.2-2 Severity: important Tags: security upstream Hi, the following vulnerability was published for soundtouch. CVE-2017-9259[0]: | The TDStretch::acceptNewOverlapLength function in | source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote | attackers to cause a denial of service (memory allocation error and | application crash) via a crafted wav file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-9259 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9259 Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#870857: soundtouch: CVE-2017-9260
Source: soundtouch Version: 1.9.2-2 Severity: important Tags: upstream security Hi, the following vulnerability was published for soundtouch. CVE-2017-9260[0]: | The TDStretchSSE::calcCrossCorr function in | source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote | attackers to cause a denial of service (heap-based buffer over-read and | application crash) via a crafted wav file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-9260 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9260 Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#870854: soundtouch: CVE-2017-9258
Source: soundtouch Version: 1.9.2-2 Severity: important Tags: security upstream Hi, the following vulnerability was published for soundtouch. There is as well CVE-2017-9259 and CVE-2017-9260, but since I have not verified if the issues are all commont back to jessie, fill individual bugs. OTOH I do not think they deserve a DSA, let us know though if you disagree. CVE-2017-9258[0]: | The TDStretch::processSamples function in | source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote | attackers to cause a denial of service (infinite loop and CPU | consumption) via a crafted wav file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-9258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9258 Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#870809: lame: CVE-2017-11720
Source: lame Version: 3.99.5+repack1-7 Severity: important Tags: security upstream Forwarded: https://sourceforge.net/p/lame/bugs/460/ Hi, the following vulnerability was published for lame. CVE-2017-11720[0]: | There is a division-by-zero vulnerability in LAME 3.99.5, caused by a | malformed input file. This should be/is almost surely a the same as reported in [2]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-11720 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11720 [1] https://sourceforge.net/p/lame/bugs/460/ [2] https://blogs.gentoo.org/ago/2017/06/17/lame-divide-by-zero-in-parse_wave_header-get_audio-c/ Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#870799: mpg123: CVE-2017-9545
Source: mpg123 Version: 1.23.8-1 Severity: important Tags: security upstream Hi, the following vulnerability was published for mpg123. CVE-2017-9545[0]: | The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows | remote attackers to cause a denial of service (buffer over-read) via a | crafted mp3 file. Not sure if the reporter has reported that upstream. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-9545 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9545 [1] http://seclists.org/fulldisclosure/2017/Jul/65 Please adjust the affected versions in the BTS as needed, checked only versions back to 1.23.8-1 in stretch. Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#866860: mpg123: CVE-2017-10683
Control: tags -1 + patch On Sun, Jul 02, 2017 at 11:12:36AM +0200, Salvatore Bonaccorso wrote: > Source: mpg123 > Version: 1.25.0-1 > Severity: important > Tags: upstream security > > Hi, > > the following vulnerability was published for mpg123. > > CVE-2017-10683[0]: > | In mpg123 1.25.0, there is a heap-based buffer over-read in the > | convert_latin1 function in libmpg123/id3.c. A crafted input will lead > | to a remote denial of service attack. > > This was reported at [1], but Hanno Boeck recently reported [2] as > well. > > Looking at both cases i think those should be the same issues, and > upstream has a patch for the issue. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2017-10683 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10683 > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1465819 > [2] https://sourceforge.net/p/mpg123/bugs/252/ Attaching the extracted patch. Regards, Salvatore Index: NEWS === --- NEWS (revision 4251) +++ NEWS (revision 4252) @@ -2,6 +2,9 @@ --- - libmpg123: -- Avoid memset(NULL, 0, 0) to calm down the paranoid. +-- Fix bug 252, invalid read of size 1 in ID3v2 parser due to forgotten + offset from the frame flag bytes (unnoticed in practice for a long + time). 1.25.0: MP3 now patent-free worldwide! --- Index: src/libmpg123/id3.c === --- src/libmpg123/id3.c (revision 4251) +++ src/libmpg123/id3.c (revision 4252) @@ -700,6 +700,8 @@ /* length-10 or length-20 (footer present); 4 synchsafe integers == 28 bit number */ /* we have already read 10 bytes, so left are length or length+10 bytes belonging to tag */ + /* Note: This is an 28 bit value in 32 bit storage, plenty of space for */ + /* length+x for reasonable x. */ if(!synchsafe_to_long(buf+2,length)) { if(NOQUIET) error4("Bad tag length (not synchsafe): 0x%02x%02x%02x%02x; You got a bad ID3 tag here.", buf[2],buf[3],buf[4],buf[5]); @@ -764,13 +766,16 @@ char id[5]; unsigned long framesize; unsigned long fflags; /* need 16 bits, actually */ + /* bytes of frame title and of framesize value */ + int head_part = fr->id3v2.version > 2 ? 4 : 3; + int flag_part = fr->id3v2.version > 2 ? 2 : 0; id[4] = 0; /* pos now advanced after ext head, now a frame has to follow */ - while(tagpos < length-10) /* I want to read at least a full header */ + /* I want to read at least one full header now. */ + while(tagpos <= length-head_part-head_part-flag_part) { int i = 0; unsigned long pos = tagpos; - int head_part = fr->id3v2.version == 2 ? 3 : 4; /* bytes of frame title and of framesize value */ /* level 1,2,3 - 0 is info from lame/info tag! */ /* rva tags with ascending significance, then general frames */ enum frame_types tt = unknown; @@ -801,7 +806,7 @@ } if(VERBOSE3) fprintf(stderr, "Note: ID3v2 %s frame of size %lu\n", id, framesize); tagpos += head_part + framesize; /* the important advancement in whole tag */ - if(tagpos > length) + if(tagpos > length-flag_part) { if(NOQUIET) error("Whoa! ID3v2 frame claims to be larger than the whole rest of the tag."); break; Index: . === --- . (revision 4251) +++ . (revision 4252) Property changes on: . ___ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /trunk:r4249 ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#866860: mpg123: CVE-2017-10683
Source: mpg123 Version: 1.25.0-1 Severity: important Tags: upstream security Hi, the following vulnerability was published for mpg123. CVE-2017-10683[0]: | In mpg123 1.25.0, there is a heap-based buffer over-read in the | convert_latin1 function in libmpg123/id3.c. A crafted input will lead | to a remote denial of service attack. This was reported at [1], but Hanno Boeck recently reported [2] as well. Looking at both cases i think those should be the same issues, and upstream has a patch for the issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-10683 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10683 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1465819 [2] https://sourceforge.net/p/mpg123/bugs/252/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#865909: faac: CVE-2017-9129 CVE-2017-9130
Source: faac Version: 1.28+cvs20151130-1 Severity: important Tags: security upstream Hi, the following vulnerabilities were published for faac. CVE-2017-9129[0]: | The wav_open_read function in frontend/input.c in Freeware Advanced | Audio Coder (FAAC) 1.28 allows remote attackers to cause a denial of | service (large loop) via a crafted wav file. CVE-2017-9130[1]: | The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio | Coder (FAAC) 1.28 allows remote attackers to cause a denial of service | (invalid memory read and application crash) via a crafted wav file. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-9129 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9129 [1] https://security-tracker.debian.org/tracker/CVE-2017-9130 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9130 [2] https://www.exploit-db.com/exploits/42207/ Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#863230: kodi: malicious subtitle zip files vulnerability
Control: retitle -1 kodi: CVE-2017-8314: malicious subtitle zip files vulnerability Control: tags -1 + upstream security On Wed, May 24, 2017 at 09:35:29AM +0200, Jonatan Nyberg wrote: > Package: kodi > severity: important > > Dear Maintainer, > > Kodi 17.2 have an important fix for the malicious subtitles > vulnerability that has the potential to compromise your machine. It is > important to update to this version as soon as possible. > > http://blog.checkpoint.com/2017/05/23/hacked-in-translation/ This got a CVE assigned (CVE-2017-8314) Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#857651: Multiple security issues
On Mon, Mar 13, 2017 at 07:59:34PM +0100, Moritz Muehlenhoff wrote: > Source: audiofile > Severity: grave > Tags: security > > Hi, > please see these security tracker entries for details, which > have all the links to the reports, github issues and patches: > > https://security-tracker.debian.org/tracker/CVE-2017-6829 > https://security-tracker.debian.org/tracker/CVE-2017-6831 > https://security-tracker.debian.org/tracker/CVE-2017-6832 > https://security-tracker.debian.org/tracker/CVE-2017-6833 > https://security-tracker.debian.org/tracker/CVE-2017-6834 > https://security-tracker.debian.org/tracker/CVE-2017-6835 > https://security-tracker.debian.org/tracker/CVE-2017-6836 > https://security-tracker.debian.org/tracker/CVE-2017-6837 > https://security-tracker.debian.org/tracker/CVE-2017-6838 > https://security-tracker.debian.org/tracker/CVE-2017-6839 Two more were assigned: https://security-tracker.debian.org/tracker/CVE-2017-6827 and https://security-tracker.debian.org/tracker/CVE-2017-6828 Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#840338: libass: CVE-2016-7971: large allocation leading to crash
Control: notfound -1 0.13.4-1 Hi On Tue, Nov 01, 2016 at 08:13:56PM +0100, Salvatore Bonaccorso wrote: > Control: severity -1 minor > > After feedback from MITRE marked it as unimportant, and lowering the > severity. Reasoning in > http://www.openwall.com/lists/oss-security/2016/11/01/10 This CVE has now explicitly been rejected, we can close the bug. Tracker already updated from libass (unimporant) to not track it for libass. Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#855225: kodi: CVE-2017-5982: Unrestricted file download
Source: kodi Severity: important Tags: upstream security Forwarded: http://trac.kodi.tv/ticket/17314 Hi, the following vulnerability was published for kodi. I did not had the time to verify if 17.0 is affected. Could you please check and add according found versions to this bug please or otherwise close after checking? CVE-2017-5982[0]: local file inclusion If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-5982 Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#855099: libquicktime: CVE-2016-2399
Source: libquicktime Version: 2:1.2.4-7 Severity: important Tags: security upstream Hi, the following vulnerability was published for libquicktime. CVE-2016-2399[0]: | Integer overflow in the quicktime_read_pascal function in libquicktime | 1.2.4 and earlier allows remote attackers to cause a denial of service | or possibly have other unspecified impact via a crafted hdlr MP4 atom. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-2399 Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#853076: wavpack: CVE-2016-10169 CVE-2016-10170 CVE-2016-10171 CVE-2016-10172
Source: wavpack Version: 5.0.0-1 Severity: important Tags: security upstream patch fixed-upstream Hi, the following vulnerabilities were published for wavpack. CVE-2016-10169[0]: global buffer overread in read_code / read_words.c CVE-2016-10170[1]: heap out of bounds read in WriteCaffHeader / caff.c CVE-2016-10171[2]: heap out of bounds read in unreorder_channels / wvunpack.c CVE-2016-10172[3]: heap oob read in read_new_config_info / open_utils.c They are all fixed by the same commit [4] upstream. Unless I'm wrong, I think those issues would not warrant a DSA for jessie, but could you please make the fix be included in stretch so that we do not ship wavpack affected by these? If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-10169 [1] https://security-tracker.debian.org/tracker/CVE-2016-10170 [2] https://security-tracker.debian.org/tracker/CVE-2016-10171 [3] https://security-tracker.debian.org/tracker/CVE-2016-10172 [4] https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc Please adjust the affected versions in the BTS as needed. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: Bug#842093: embedded copies of libupnp
Hi Sebastian, On Fri, Dec 09, 2016 at 11:28:53AM +0100, Sebastian Ramacher wrote: > On 2016-12-09 10:16:25, James Cowgill wrote: > > Hi, > > > > On 09/12/16 09:27, Uwe Kleine-König wrote: > > > Hello, > > > > > > there are two source packages (in sid, found via codesearch.d.n) that > > > include embedded copies of libupnp: djmount and mediatomb (maintainers > > > on Cc:). > > > > > > djmount build-depends on libupnp-dev and calls configure with > > > --with-external-libupnp, so fixing libupnp should be good enough here. > > > > > > mediatomb doesn't build-depend on libupnp-dev and looking at > > > https://buildd.debian.org/status/fetch.php?pkg=mediatomb=armhf=0.12.1-47-g7ab7616-1%2Bb4=1460993907 > > > it seems that the embedded copy is used, so mediatomb needs additional > > > handling to fix the bug. Also the copy is vulnerable. > > > > The Fedora maintainer asked upstream about it a while back: > > https://sourceforge.net/p/mediatomb/bugs/114/ > > > > I have not checked how extensive the patching is, but I expect > > unbundling libupnp from mediatomb would be a lot of work which noone > > has volunteered to do. > > > > Upstream appears to be dead which is why they haven't fixed it. > > Maybe it's time to get mediatomb removed. It was not part of jessie and in its > current state it will not be part of stretch. I think this makes sense. Can you request the removal from unstable? Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#840338: libass: CVE-2016-7971: large allocation leading to crash
Control: severity -1 minor After feedback from MITRE marked it as unimportant, and lowering the severity. Reasoning in http://www.openwall.com/lists/oss-security/2016/11/01/10 Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#840338: libass: CVE-2016-7971: large allocation leading to crash
Hi, On Wed, Oct 26, 2016 at 09:46:57PM +0200, Ola Lundqvist wrote: > Hi > > I had a quick look at libass today regarding CVE-2016-7971. > > When I read the discussion thread about this issue it looks like the > problem is not only disputed upstream, but actually disputed by the person > reporting the issue. Or rather the person reporting the issue has carified > that the problem is not in libass but rather in the application using > libass. > > So if you do not mind I think we should both claim that the libass is not > vulnerable and also close #840338. > > If I do not hear an objection about this I will do so. I asked for clarification here: http://www.openwall.com/lists/oss-security/2016/10/27/5 Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#840434: ffmpeg: CVE-2016-7122 CVE-2016-7450 CVE-2016-7502 CVE-2016-7555 CVE-2016-7562 CVE-2016-7785 CVE-2016-7905
Source: ffmpeg Version: 7:3.1.3-2 Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerabilities were published for ffmpeg. CVE-2016-7122[0], CVE-2016-7450[1], CVE-2016-7502[2], CVE-2016-7555[3], CVE-2016-7562[4], CVE-2016-7785[5], CVE-2016-7905[6]. The upstream commits are referenced on the security-tracker pages and updating to 3.1.4 would fix all of them. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-7122 [1] https://security-tracker.debian.org/tracker/CVE-2016-7450 [2] https://security-tracker.debian.org/tracker/CVE-2016-7502 [3] https://security-tracker.debian.org/tracker/CVE-2016-7555 [4] https://security-tracker.debian.org/tracker/CVE-2016-7562 [5] https://security-tracker.debian.org/tracker/CVE-2016-7785 [6] https://security-tracker.debian.org/tracker/CVE-2016-7905 Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#840338: libass: CVE-2016-7971: large allocation leading to crash
Source: libass Version: 0.13.4-1 Severity: normal Tags: security upstream Hi, the following vulnerability was published for libass. This is to help tracking the issue in the BTS. This CVE is for the issue which remained unfixed in the recent upstream version, and so far has no good solution at the time of writing. CVE-2016-7971[0]: large allocation leading to crash If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-7971 [1] http://www.openwall.com/lists/oss-security/2016/10/05/2 Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#838960: denial of service with crafted id3v2 tags in all mpg123 versions since 0.60
Hi Thomas, On Fri, Sep 30, 2016 at 08:05:14AM +0200, Thomas Orgis wrote: > Am Thu, 29 Sep 2016 01:20:05 +0200 > schrieb Thomas Orgis: > > > Still nothing. I don't expect anything to arrive anymore. Perhaps that > > Google Docs form was a joke anyway. So, please let's just get a number > > via Debian and get on with it. > > Nope, eh … yes. I got a reply now from the distributed weakness > reporting project and probably a CVE will follow. Sorry if I'm causing > a mess with this. It is my first time getting involved in this directly. Any news from the DWF project on the assigned CVE? Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: Wheezy update of vlc?
Hi, On Sun, May 29, 2016 at 10:10:20PM -0400, Reinhard Tartler wrote: > Also note that https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5108 > doesn't provide and useful information about this issue. Is that issue also > known by a different identifier? MITRE has just not yet updated their description for the issue. CVE-2016-5108 was assigned here: https://marc.info/?l=oss-security=146436956931554=2 Cf. https://security-tracker.debian.org/tracker/CVE-2016-5108 HTH, Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#801102: Fix for security issue in audiofile (CVE-2015-7747)?
Hi, On Tue, Jun 14, 2016 at 03:00:08PM +0100, James Cowgill wrote: > On Tue, 2016-06-14 at 15:43 +0200, Petter Reinholdtsen wrote: > > [James Cowgill] > > > I can fix it right now in Debian (along with a few other things). Hold > > > on a moment... > > > > Very good. Via the upstream github pull request I discovered that > > Ubuntu already uploaded a fix, available as a rather messy patch from > > . > > > > I look forward to seeing the fix in Debian unstable. Do you plan to fix > > it in stable too? > > After I've fixed it in unstable, I'll ping the security team and see > what they have to say about stable updates. Jessie has 0.3.6 as well so > the patch should be identical. We marked the issue as no-dsa a while back. Could you (once the fix landed in unstable) address this via a stable update via jessie-pu, see https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#upload-stable for documentation. Thanks a lot for your work, Regards, Salvatore signature.asc Description: PGP signature ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#825728: vlc: CVE-2016-5108
Source: vlc Version: 2.2.3-1 Severity: important Tags: security upstream patch Hi, the following vulnerability was published for vlc. CVE-2016-5108[0]: crash and potential code execution when processing QuickTime IMA files If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-5108 [1] http://www.openwall.com/lists/oss-security/2016/05/27/3 [2] https://git.videolan.org/?p=vlc.git;a=commit;h=458ed62bbeb9d1bddf7b8df104e14936408a3db9 Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#823723: mplayer: CVE-2016-4352: Mplayer/Mencoder integer overflow parsing gif files
Source: mplayer Version: 2:1.0~rc4.dfsg1+svn34540-1 Severity: important Tags: security upstream fixed-upstream Forwarded: https://trac.mplayerhq.hu/ticket/2295 Control: found -1 2:1.3.0-1 Hi, the following vulnerability was published for mplayer. CVE-2016-4352[0]: Mplayer/Mencoder integer overflow parsing gif files The issue seems present sourcewise up to 2:1.3.0-1 in unstable. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-4352 Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#806519: ffmpeg: CVE-2015-8363 CVE-2015-8364 CVE-2015-8365
Hi Andreas, On Sat, Nov 28, 2015 at 11:34:57AM +0100, Andreas Cadhalpun wrote: > Control: tag -1 pending > > Hi Salvatore, > > On 28.11.2015 11:28, Salvatore Bonaccorso wrote: > > the following vulnerabilities were published for ffmpeg. > > > > CVE-2015-8363[0]: > > CVE-2015-8364[1]: > > CVE-2015-8365[2]: > > > > If you fix the vulnerabilities please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. > > That's already fixed in git, see [3]. Thanks! I will update the security-tracker information with the fixed version once it enters unstable. Thanks for your work, Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#796255: vlc: CVE-2015-5949
Source: vlc Version: 2.2.0~rc2-2 Severity: grave Tags: security upstream patch fixed-upstream Justification: user security hole Control: fixed -1 2.2.0~rc2-2+deb8u1 Hi, the following vulnerability was published for vlc. CVE-2015-5949[0]: No description was found (try on a search engine) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-5949 [1] http://www.ocert.org/advisories/ocert-2015-009.html [2] https://lists.debian.org/debian-security-announce/2015/msg00241.html Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
cloning 786688, reassign -1 to src:kodi, found -1 in 14.2+dfsg1-1, retitle -1 to kodi: CVE-2015-3885
clone 786688 -1 reassign -1 src:kodi found -1 14.2+dfsg1-1 retitle -1 kodi: CVE-2015-3885 thanks ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#781806: das-watchdog: diff for NMU version 0.9.0-3.1
Control: tags 781806 + pending Dear maintainer, I've prepared an NMU for das-watchdog (versioned as 0.9.0-3.1) and uploaded it due to the close Jessie release. Attached here is the used debdiff for the upload. Regards, Salvatore diff -Nru das-watchdog-0.9.0/debian/changelog das-watchdog-0.9.0/debian/changelog --- das-watchdog-0.9.0/debian/changelog 2013-10-16 18:37:01.0 +0200 +++ das-watchdog-0.9.0/debian/changelog 2015-04-10 22:34:03.0 +0200 @@ -1,3 +1,13 @@ +das-watchdog (0.9.0-3.1) unstable; urgency=high + + * Non-maintainer upload. + * Fix buffer overflow in the handling of the XAUTHORITY env variable +(CVE-2015-2831) (Closes: #781806) + * Remove duplicate check for temp[i] == '\0' in das_watchdog.c + * Fix infinite loop on platforms where char is unsigned + + -- Salvatore Bonaccorso car...@debian.org Fri, 10 Apr 2015 22:19:18 +0200 + das-watchdog (0.9.0-3) unstable; urgency=low * Team upload. diff -Nru das-watchdog-0.9.0/debian/patches/0001-Fix-memory-overflow-if-the-name-of-an-environment-is.patch das-watchdog-0.9.0/debian/patches/0001-Fix-memory-overflow-if-the-name-of-an-environment-is.patch --- das-watchdog-0.9.0/debian/patches/0001-Fix-memory-overflow-if-the-name-of-an-environment-is.patch 1970-01-01 01:00:00.0 +0100 +++ das-watchdog-0.9.0/debian/patches/0001-Fix-memory-overflow-if-the-name-of-an-environment-is.patch 2015-04-10 22:34:03.0 +0200 @@ -0,0 +1,41 @@ +From bd20bb02e75e2c0483832b52f2577253febfb690 Mon Sep 17 00:00:00 2001 +From: Kjetil Matheussen k.s.matheus...@usit.uio.no +Date: Wed, 1 Apr 2015 16:06:48 +0200 +Subject: [PATCH] Fix memory overflow if the name of an environment is larger + than 500 characters. Bug found by Adam Sampson. + +--- + das_watchdog.c | 10 +- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/das_watchdog.c b/das_watchdog.c +index c98bbea..8473fe8 100644 +--- a/das_watchdog.c b/das_watchdog.c +@@ -306,7 +306,9 @@ static int checksoftirq(int force){ + + + static char *get_pid_environ_val(pid_t pid,char *val){ +- char temp[500]; ++ int temp_size = 500; ++ char *temp = malloc(temp_size); ++ + int i=0; + int foundit=0; + FILE *fp; +@@ -319,6 +321,12 @@ static char *get_pid_environ_val(pid_t pid,char *val){ + + + for(;;){ ++ ++if (i = temp_size) { ++ temp_size *= 2; ++ temp = realloc(temp, temp_size); ++} ++ + temp[i]=fgetc(fp); + + if(foundit==1 (temp[i]==0 || temp[i]=='\0' || temp[i]==EOF)){ +-- +2.1.4 + diff -Nru das-watchdog-0.9.0/debian/patches/0001-Fixed-memory-leak-in-bd20bb02e75e2c0483832b52f257725.patch das-watchdog-0.9.0/debian/patches/0001-Fixed-memory-leak-in-bd20bb02e75e2c0483832b52f257725.patch --- das-watchdog-0.9.0/debian/patches/0001-Fixed-memory-leak-in-bd20bb02e75e2c0483832b52f257725.patch 1970-01-01 01:00:00.0 +0100 +++ das-watchdog-0.9.0/debian/patches/0001-Fixed-memory-leak-in-bd20bb02e75e2c0483832b52f257725.patch 2015-04-10 22:34:03.0 +0200 @@ -0,0 +1,50 @@ +From 286489dd7dad59f8b5a9b9fdfececb95bcf5c570 Mon Sep 17 00:00:00 2001 +From: Kjetil Matheussen k.s.matheus...@usit.uio.no +Date: Wed, 1 Apr 2015 16:12:39 +0200 +Subject: [PATCH] Fixed memory leak in bd20bb02e75e2c0483832b52f2577253febfb690 + +--- + das_watchdog.c | 13 ++--- + 1 file changed, 6 insertions(+), 7 deletions(-) + +diff --git a/das_watchdog.c b/das_watchdog.c +index 8381d56..26385b2 100644 +--- a/das_watchdog.c b/das_watchdog.c +@@ -316,9 +316,10 @@ static char *get_pid_environ_val(pid_t pid,char *val){ + sprintf(temp,/proc/%d/environ,pid); + + fp=fopen(temp,r); +- if(fp==NULL) ++ if(fp==NULL){ ++free(temp); + return NULL; +- ++ } + + for(;;){ + +@@ -330,17 +331,15 @@ static char *get_pid_environ_val(pid_t pid,char *val){ + temp[i]=fgetc(fp); + + if(foundit==1 (temp[i]==0 || temp[i]=='\0' || temp[i]==EOF)){ +- char *ret; +- temp[i]=0; +- ret=malloc(strlen(temp)+10); +- sprintf(ret,%s,temp); + fclose(fp); +- return ret; ++ temp[i]=0; ++ return temp; + } + + switch(temp[i]){ + case EOF: + fclose(fp); ++ free(temp); + return NULL; + case '=': + temp[i]=0; +-- +2.1.4 + diff -Nru das-watchdog-0.9.0/debian/patches/0001-Remove-duplicate-check-for-temp-i-0.patch das-watchdog-0.9.0/debian/patches/0001-Remove-duplicate-check-for-temp-i-0.patch --- das-watchdog-0.9.0/debian/patches/0001-Remove-duplicate-check-for-temp-i-0.patch 1970-01-01 01:00:00.0 +0100 +++ das-watchdog-0.9.0/debian/patches/0001-Remove-duplicate-check-for-temp-i-0.patch 2015-04-10 22:34:03.0 +0200 @@ -0,0 +1,25 @@ +From b76e17f733bddb5295ef34eed4dd444b31c7b12f Mon Sep 17 00:00:00 2001 +From: Adam Sampson a...@offog.org +Date: Wed, 1 Apr 2015 20:28:28 +0100 +Subject: [PATCH 1/3] Remove duplicate check for temp[i] == '\0' + +--- + das_watchdog.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git
Bug#775866: vlc: multiple vulnerabilities
Hi! On Tue, Jan 20, 2015 at 09:47:26PM +0100, Yves-Alexis Perez wrote: CVEs should follow soon. Also, I guess Wheezy and Jessie are affected too, so a DSA might be needed. They were assigned now: http://www.openwall.com/lists/oss-security/2015/01/20/11 Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#747428: [xbmc] passwords are stored in plain xml file
Hi, CVE-2014-3800 was assigned now for the issue that mode 0644 is used for the file containing the password, see [1]. [1] http://www.openwall.com/lists/oss-security/2014/05/20/5 Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#745301: libmms: CVE-2014-2892: heap-based buffer overflow
Source: libmms Version: 0.6-1 Severity: grave Tags: security upstream fixed-upstream Hi, the following vulnerability was published for libmms. CVE-2014-2892[0]: heap-based buffer overflow If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2892 https://security-tracker.debian.org/tracker/CVE-2014-2892 [1] http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8 Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#736154: cantata: Information disclosure (no CVE assigned yet)
Control: retitle -1 cantata: Information disclosure (CVE-2013-7300 CVE-2013-7301) Hi On Mon, Jan 20, 2014 at 12:34:45PM +0100, Moritz Muehlenhoff wrote: Package: cantata Severity: grave Tags: security Justification: user security hole Hi, the following was reported on oss-security: https://code.google.com/p/cantata/issues/detail?id=356 Two CVEs were assigned: CVE-2013-7300 and CVE-2013-7301. See [1] for details. [1] http://www.openwall.com/lists/oss-security/2014/01/20/5 Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#672030: beast: FTBFS: birnetutils.cc:725:44: error: 'access' was not declared in this scope
Hi On Thu, Jun 21, 2012 at 09:54:15PM +0100, Steven Chamberlain wrote: # the fix for this seems finalised in VCS tags 672030 + patch I tried to build beast in current state of the git repository, it succeeds at least at the previous part but now the package FTBFS later on (build segfaults). Attached is my log. Regards, Salvatore beast_0.7.4-4.1_amd64.build.gz Description: Binary data signature.asc Description: Digital signature ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#624666: vlc: security update breaks mp3 support
Hi Are there any news on this? Bests Salvatore signature.asc Description: Digital signature ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers