Launchpad has imported 18 comments from the remote bug at
https://bugs.gentoo.org/show_bug.cgi?id=217715.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.la
Launchpad has imported 17 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=441239.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://hel
** Changed in: xine-lib
Importance: Unknown => High
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gst-plugins-good0.10 in Ubuntu.
https://bugs.launchpad.net/bugs/218652
Title:
CVE-2008-1686: Multiple speex implementations insuf
** Changed in: speex (Gentoo Linux)
Importance: Unknown => Medium
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu.
https://bugs.launchpad.net/bugs/218652
Title:
CVE-2008-1686: Multiple speex impleme
** Branch linked: lp:ubuntu/hardy-security/libfishsound
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/218652
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gst-plugins-good0
This bug was fixed in the package libfishsound - 0.7.0-2.1ubuntu0.1
---
libfishsound (0.7.0-2.1ubuntu0.1) hardy-security; urgency=low
[ Brian Thomason ]
* SECURITY UPDATE: uncontrolled array index (LP: #218652)
- src/libfishsound/speex.c - Added check for negative offset.
Ba
ACK libfishsound for hardy.
** Tags removed: patch
** Changed in: libfishsound (Ubuntu Hardy)
Status: Confirmed => Fix Committed
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/218652
You received this bug notification because
Desktop support has end for Dapper.
** Changed in: vlc (Ubuntu Dapper)
Status: Confirmed => Won't Fix
** Changed in: libannodex (Ubuntu Dapper)
Status: Confirmed => Won't Fix
** Changed in: libfishsound (Ubuntu Dapper)
Status: Confirmed => Won't Fix
** Changed in: libsdl-so
** Tags added: patch
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/218652
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu.
--
desktop-bugs ma
This patch provides the fix from Debian for libfishsound in Hardy.
** Patch added: "libfishsound speex patch for hardy"
http://launchpadlibrarian.net/51133711/libfishsound_0.7.0-2.1ubuntu0.1.debdiff
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.la
** Branch linked: lp:ubuntu/dapper-security/gst-plugins-good0.10
** Branch linked: lp:ubuntu/feisty-security/gst-plugins-good0.10
** Branch linked: lp:ubuntu/gutsy-security/gst-plugins-good0.10
** Branch linked: lp:ubuntu/hardy-updates/gst-plugins-good0.10
--
CVE-2008-1686: Multiple speex impl
** Branch linked: lp:ubuntu/karmic/xine-lib
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/218652
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubunt
** Branch linked: lp:~ubuntu-branches/ubuntu/dapper/speex/dapper-
security
** Branch linked: lp:ubuntu/feisty-updates/speex
** Branch linked: lp:~ubuntu-branches/ubuntu/hardy/speex/hardy-security
** Branch linked: lp:~ubuntu-branches/ubuntu/gutsy/speex/gutsy-security
--
CVE-2008-1686: Multiple
** Branch linked: lp:~ubuntu-branches/ubuntu/dapper/vorbis-tools/dapper-
security
** Branch linked: lp:~ubuntu-branches/ubuntu/feisty/vorbis-tools/feisty-
security
** Branch linked: lp:~ubuntu-branches/ubuntu/gutsy/vorbis-tools/gutsy-
security
** Branch linked: lp:~ubuntu-branches/ubuntu/hardy/v
The 18 month support period for Gutsy Gibbon 7.10 has reached its end of life -
http://www.ubuntu.com/news/ubuntu-7.10-eol . As a result, we are closing the
Gutsy task.
** Changed in: libannodex (Ubuntu Gutsy)
Status: Confirmed => Won't Fix
** Changed in: libfishsound (Ubuntu Gutsy)
** Changed in: libannodex (Ubuntu)
Status: New => Confirmed
** Changed in: libfishsound (Ubuntu)
Status: New => Confirmed
** Changed in: libsdl-sound1.2 (Ubuntu)
Status: New => Confirmed
** Changed in: sweep (Ubuntu)
Status: New => Confirmed
--
CVE-2008-1686: Multip
** Changed in: xmms-speex (Ubuntu Gutsy)
Status: New => Confirmed
** Changed in: libannodex (Ubuntu Dapper)
Status: New => Confirmed
** Changed in: libannodex (Ubuntu Gutsy)
Status: New => Confirmed
** Changed in: libannodex (Ubuntu Hardy)
Status: New => Confirmed
**
Ubuntu Feisty Fawn is no longer supported, so a SRU will not be issued
for this release. Marking Feisty as Won't Fix.
** Changed in: libannodex (Ubuntu Feisty)
Status: New => Won't Fix
** Changed in: libfishsound (Ubuntu Feisty)
Status: New => Won't Fix
** Changed in: libsdl-sound1
** Changed in: vlc (Ubuntu Hardy)
Status: In Progress => Fix Released
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/218652
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed
My last comment was for vorbis-tools.
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/218652
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu.
--
Debian fixed this in 1.2.0-2, and Intrepid now has 1.2.0-5
** Changed in: vorbis-tools (Ubuntu)
Status: Confirmed => Fix Released
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/218652
You received this bug notification because
** Changed in: xine-lib (Ubuntu Dapper)
Status: In Progress => Fix Released
** Changed in: xine-lib (Ubuntu Feisty)
Status: In Progress => Fix Released
** Changed in: xine-lib (Ubuntu Gutsy)
Status: In Progress => Fix Released
** Changed in: xine-lib (Ubuntu Hardy)
St
** Changed in: vlc (Ubuntu)
Assignee: (unassigned) => William Grant (wgrant)
Status: New => Fix Released
** Changed in: vlc (Ubuntu Hardy)
Assignee: (unassigned) => William Grant (wgrant)
Status: New => In Progress
--
CVE-2008-1686: Multiple speex implementations insuffic
This bug was fixed in the package xine-lib - 1.1.14-1ubuntu1
---
xine-lib (1.1.14-1ubuntu1) intrepid; urgency=low
* merge from debian unstable. Remaining changes:
- disable the jack plugin
in libxine1-bin to make dapper->hardy upgrades work (LP #203605)
- Modify Mainta
new upstream (1.1.14) fixing this issue is prepared.
** Changed in: xine-lib (Ubuntu)
Assignee: (unassigned) => Reinhard Tartler (siretart)
Status: New => Fix Committed
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/21865
VLC patch at
http://trac.videolan.org/vlc/changeset/c1c81073e661f7d80197711ab11753e1e170b44c.
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/218652
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, wh
** Changed in: speex (Fedora)
Status: In Progress => Fix Released
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/218652
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to
http://www.ubuntu.com/usn/usn-611-2
** Changed in: vorbis-tools (Ubuntu Dapper)
Status: Fix Committed => Fix Released
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/218652
You received this bug notification because you are a m
http://www.ubuntu.com/usn/usn-611-1
** Changed in: speex (Ubuntu Dapper)
Status: Fix Committed => Fix Released
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/218652
You received this bug notification because you are a member o
** Changed in: speex (Fedora)
Status: Fix Released => In Progress
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/218652
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to
** Changed in: speex (Fedora)
Status: In Progress => Fix Released
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/218652
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to
** Changed in: xine-lib
Status: Unknown => Fix Released
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/218652
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gst-plugin
** Bug watch added: Xine Bugzilla #83
http://bugs.xine-project.org/show_bug.cgi?id=83
** Also affects: xine-lib via
http://bugs.xine-project.org/show_bug.cgi?id=83
Importance: Unknown
Status: Unknown
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
ht
** Changed in: speex (Gentoo Linux)
Status: Unknown => Fix Released
** Changed in: speex (Fedora)
Status: Unknown => In Progress
** Changed in: vorbis-tools
Status: Unknown => Fix Released
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https:/
** Bug watch added: Gentoo Bugzilla #217715
http://bugs.gentoo.org/show_bug.cgi?id=217715
** Also affects: speex (Gentoo Linux) via
http://bugs.gentoo.org/show_bug.cgi?id=217715
Importance: Unknown
Status: Unknown
** Bug watch added: Red Hat Bugzilla #441239
https://bugzilla.re
This bug was fixed in the package gst-plugins-good0.10 -
0.10.5-1ubuntu2.1
---
gst-plugins-good0.10 (0.10.5-1ubuntu2.1) feisty-security; urgency=low
* SECURITY UPDATE: array index vulnerability (LP: #218652)
* debian/patches/02_SECURITY_CVE-2008-1686.patch: fix for
ext/speex/g
This bug was fixed in the package gst-plugins-good0.10 -
0.10.6-0ubuntu4.1
---
gst-plugins-good0.10 (0.10.6-0ubuntu4.1) gutsy-security; urgency=low
* SECURITY UPDATE: array index vulnerability (LP: #218652)
* debian/patches/04_SECURITY_CVE-2008-1686.patch: fix for
ext/speex/gs
This bug was fixed in the package gst-plugins-good0.10 -
0.10.7-3ubuntu0.1
---
gst-plugins-good0.10 (0.10.7-3ubuntu0.1) hardy-security; urgency=low
* SECURITY UPDATE: array index vulnerability (LP: #218652)
* debian/patches/99_SECURITY_CVE-2008-1686.patch: fix for
ext/speex/gs
This bug was fixed in the package vorbis-tools - 1.1.1-6ubuntu0.1
---
vorbis-tools (1.1.1-6ubuntu0.1) feisty-security; urgency=low
* SECURITY UPDATE: array index vulnerability (LP: #218652)
* debian/patches/SECURITY_CVE-2008-1686.diff: fix for ogg123/speex_format.c
to properly
This bug was fixed in the package vorbis-tools - 1.1.1-13ubuntu0.1
---
vorbis-tools (1.1.1-13ubuntu0.1) gutsy-security; urgency=low
* SECURITY UPDATE: array index vulnerability (LP: #218652)
* debian/patches/SECURITY_CVE-2008-1686.diff: fix for ogg123/speex_format.c
to properl
This bug was fixed in the package vorbis-tools - 1.1.1-15ubuntu0.1
---
vorbis-tools (1.1.1-15ubuntu0.1) hardy-security; urgency=low
* SECURITY UPDATE: array index vulnerability (LP: #218652)
* debian/patches/SECURITY_CVE-2008-1686.diff: fix for ogg123/speex_format.c
to properl
This bug was fixed in the package speex - 1.1.12-3ubuntu0.7.04.1
---
speex (1.1.12-3ubuntu0.7.04.1) feisty-security; urgency=low
* SECURITY UPDATE: array index vulnerability (LP: #218652)
* fix for libspeex/speex_header.c to properly validate its input
* References
CVE-2008-
This bug was fixed in the package speex - 1.1.12-3ubuntu0.7.10.1
---
speex (1.1.12-3ubuntu0.7.10.1) gutsy-security; urgency=low
* SECURITY UPDATE: array index vulnerability (LP: #218652)
* fix for libspeex/speex_header.c to properly validate its input
* References
CVE-2008-1
This bug was fixed in the package speex - 1.1.12-3ubuntu0.8.04.1
---
speex (1.1.12-3ubuntu0.8.04.1) hardy-security; urgency=low
* SECURITY UPDATE: array index vulnerability (LP: #218652)
* fix for libspeex/speex_header.c to properly validate its input
* References
CVE-2008-1
gst-plugins-good0.10.8 is not affected despite oCERT advisory. From
ChangeLog:
2008-04-11 Jan Schmidt <[EMAIL PROTECTED]>
* ext/speex/gstspeexdec.c: (speex_dec_chain_parse_header):
Fix bounds checking of mode in Speex header, which may
produce negative numbers in speex <
1.2~beta3.2-1 in Intrepid is not affected.
** Changed in: speex (Ubuntu)
Status: New => Invalid
** Changed in: vorbis-tools (Ubuntu Dapper)
Importance: Undecided => Medium
Status: In Progress => Fix Committed
** Changed in: vorbis-tools (Ubuntu Feisty)
Importance: Undecided =
** Changed in: gst-plugins-good0.10 (Ubuntu Dapper)
Importance: Undecided => Medium
Status: In Progress => Fix Committed
** Changed in: gst-plugins-good0.10 (Ubuntu Feisty)
Importance: Undecided => Medium
Status: In Progress => Fix Committed
** Changed in: gst-plugins-good0.10
** Changed in: xine-lib (Ubuntu Dapper)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
Status: New => In Progress
** Changed in: xine-lib (Ubuntu Feisty)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
Status: New => In Progress
** Changed in: xine-lib (Ubuntu
** Changed in: gst-plugins-good0.10 (Ubuntu Dapper)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
Status: New => In Progress
** Changed in: gst-plugins-good0.10 (Ubuntu Feisty)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
Status: New => In Progress
** Chan
49 matches
Mail list logo