Launchpad has imported 18 comments from the remote bug at
https://bugs.gentoo.org/show_bug.cgi?id=217715.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
Launchpad has imported 17 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=441239.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
** Changed in: xine-lib
Importance: Unknown = High
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/218652
Title:
CVE-2008-1686: Multiple speex implementations insufficient boundary
checks
To
** Changed in: speex (Gentoo Linux)
Importance: Unknown = Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/218652
Title:
CVE-2008-1686: Multiple speex implementations insufficient boundary
This bug was fixed in the package libfishsound - 0.7.0-2.1ubuntu0.1
---
libfishsound (0.7.0-2.1ubuntu0.1) hardy-security; urgency=low
[ Brian Thomason ]
* SECURITY UPDATE: uncontrolled array index (LP: #218652)
- src/libfishsound/speex.c - Added check for negative offset.
** Branch linked: lp:ubuntu/hardy-security/libfishsound
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/218652
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs
Desktop support has end for Dapper.
** Changed in: vlc (Ubuntu Dapper)
Status: Confirmed = Won't Fix
** Changed in: libannodex (Ubuntu Dapper)
Status: Confirmed = Won't Fix
** Changed in: libfishsound (Ubuntu Dapper)
Status: Confirmed = Won't Fix
** Changed in:
ACK libfishsound for hardy.
** Tags removed: patch
** Changed in: libfishsound (Ubuntu Hardy)
Status: Confirmed = Fix Committed
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/218652
You received this bug notification because
This patch provides the fix from Debian for libfishsound in Hardy.
** Patch added: libfishsound speex patch for hardy
http://launchpadlibrarian.net/51133711/libfishsound_0.7.0-2.1ubuntu0.1.debdiff
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Tags added: patch
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/218652
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
** Branch linked: lp:ubuntu/dapper-security/gst-plugins-good0.10
** Branch linked: lp:ubuntu/feisty-security/gst-plugins-good0.10
** Branch linked: lp:ubuntu/gutsy-security/gst-plugins-good0.10
** Branch linked: lp:ubuntu/hardy-updates/gst-plugins-good0.10
--
CVE-2008-1686: Multiple speex
** Branch linked: lp:ubuntu/karmic/xine-lib
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/218652
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing
** Branch linked: lp:~ubuntu-branches/ubuntu/dapper/vorbis-tools/dapper-
security
** Branch linked: lp:~ubuntu-branches/ubuntu/feisty/vorbis-tools/feisty-
security
** Branch linked: lp:~ubuntu-branches/ubuntu/gutsy/vorbis-tools/gutsy-
security
** Branch linked:
** Branch linked: lp:~ubuntu-branches/ubuntu/dapper/speex/dapper-
security
** Branch linked: lp:ubuntu/feisty-updates/speex
** Branch linked: lp:~ubuntu-branches/ubuntu/hardy/speex/hardy-security
** Branch linked: lp:~ubuntu-branches/ubuntu/gutsy/speex/gutsy-security
--
CVE-2008-1686:
The 18 month support period for Gutsy Gibbon 7.10 has reached its end of life -
http://www.ubuntu.com/news/ubuntu-7.10-eol . As a result, we are closing the
Gutsy task.
** Changed in: libannodex (Ubuntu Gutsy)
Status: Confirmed = Won't Fix
** Changed in: libfishsound (Ubuntu Gutsy)
** Changed in: xmms-speex (Ubuntu Gutsy)
Status: New = Confirmed
** Changed in: libannodex (Ubuntu Dapper)
Status: New = Confirmed
** Changed in: libannodex (Ubuntu Gutsy)
Status: New = Confirmed
** Changed in: libannodex (Ubuntu Hardy)
Status: New = Confirmed
**
** Changed in: libannodex (Ubuntu)
Status: New = Confirmed
** Changed in: libfishsound (Ubuntu)
Status: New = Confirmed
** Changed in: libsdl-sound1.2 (Ubuntu)
Status: New = Confirmed
** Changed in: sweep (Ubuntu)
Status: New = Confirmed
--
CVE-2008-1686: Multiple
Ubuntu Feisty Fawn is no longer supported, so a SRU will not be issued
for this release. Marking Feisty as Won't Fix.
** Changed in: libannodex (Ubuntu Feisty)
Status: New = Won't Fix
** Changed in: libfishsound (Ubuntu Feisty)
Status: New = Won't Fix
** Changed in:
** Changed in: vlc (Ubuntu Hardy)
Status: In Progress = Fix Released
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/218652
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
** Changed in: xine-lib (Ubuntu Dapper)
Status: In Progress = Fix Released
** Changed in: xine-lib (Ubuntu Feisty)
Status: In Progress = Fix Released
** Changed in: xine-lib (Ubuntu Gutsy)
Status: In Progress = Fix Released
** Changed in: xine-lib (Ubuntu Hardy)
Debian fixed this in 1.2.0-2, and Intrepid now has 1.2.0-5
** Changed in: vorbis-tools (Ubuntu)
Status: Confirmed = Fix Released
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/218652
You received this bug notification because
My last comment was for vorbis-tools.
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/218652
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
This bug was fixed in the package xine-lib - 1.1.14-1ubuntu1
---
xine-lib (1.1.14-1ubuntu1) intrepid; urgency=low
* merge from debian unstable. Remaining changes:
- disable the jack plugin
in libxine1-bin to make dapper-hardy upgrades work (LP #203605)
- Modify
** Changed in: vlc (Ubuntu)
Assignee: (unassigned) = William Grant (wgrant)
Status: New = Fix Released
** Changed in: vlc (Ubuntu Hardy)
Assignee: (unassigned) = William Grant (wgrant)
Status: New = In Progress
--
CVE-2008-1686: Multiple speex implementations
new upstream (1.1.14) fixing this issue is prepared.
** Changed in: xine-lib (Ubuntu)
Assignee: (unassigned) = Reinhard Tartler (siretart)
Status: New = Fix Committed
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/218652
VLC patch at
http://trac.videolan.org/vlc/changeset/c1c81073e661f7d80197711ab11753e1e170b44c.
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/218652
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** Changed in: speex (Fedora)
Status: In Progress = Fix Released
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/218652
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
http://www.ubuntu.com/usn/usn-611-1
** Changed in: speex (Ubuntu Dapper)
Status: Fix Committed = Fix Released
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/218652
You received this bug notification because you are a member
http://www.ubuntu.com/usn/usn-611-2
** Changed in: vorbis-tools (Ubuntu Dapper)
Status: Fix Committed = Fix Released
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/218652
You received this bug notification because you are a
** Changed in: speex (Fedora)
Status: Fix Released = In Progress
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/218652
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Changed in: speex (Fedora)
Status: In Progress = Fix Released
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/218652
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Bug watch added: Gentoo Bugzilla #217715
http://bugs.gentoo.org/show_bug.cgi?id=217715
** Also affects: speex (Gentoo Linux) via
http://bugs.gentoo.org/show_bug.cgi?id=217715
Importance: Unknown
Status: Unknown
** Bug watch added: Red Hat Bugzilla #441239
** Changed in: speex (Gentoo Linux)
Status: Unknown = Fix Released
** Changed in: speex (Fedora)
Status: Unknown = In Progress
** Changed in: vorbis-tools
Status: Unknown = Fix Released
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Bug watch added: Xine Bugzilla #83
http://bugs.xine-project.org/show_bug.cgi?id=83
** Also affects: xine-lib via
http://bugs.xine-project.org/show_bug.cgi?id=83
Importance: Unknown
Status: Unknown
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
** Changed in: xine-lib
Status: Unknown = Fix Released
--
CVE-2008-1686: Multiple speex implementations insufficient boundary checks
https://bugs.launchpad.net/bugs/218652
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
This bug was fixed in the package speex - 1.1.12-3ubuntu0.8.04.1
---
speex (1.1.12-3ubuntu0.8.04.1) hardy-security; urgency=low
* SECURITY UPDATE: array index vulnerability (LP: #218652)
* fix for libspeex/speex_header.c to properly validate its input
* References
This bug was fixed in the package speex - 1.1.12-3ubuntu0.7.10.1
---
speex (1.1.12-3ubuntu0.7.10.1) gutsy-security; urgency=low
* SECURITY UPDATE: array index vulnerability (LP: #218652)
* fix for libspeex/speex_header.c to properly validate its input
* References
This bug was fixed in the package speex - 1.1.12-3ubuntu0.7.04.1
---
speex (1.1.12-3ubuntu0.7.04.1) feisty-security; urgency=low
* SECURITY UPDATE: array index vulnerability (LP: #218652)
* fix for libspeex/speex_header.c to properly validate its input
* References
This bug was fixed in the package vorbis-tools - 1.1.1-15ubuntu0.1
---
vorbis-tools (1.1.1-15ubuntu0.1) hardy-security; urgency=low
* SECURITY UPDATE: array index vulnerability (LP: #218652)
* debian/patches/SECURITY_CVE-2008-1686.diff: fix for ogg123/speex_format.c
to
This bug was fixed in the package vorbis-tools - 1.1.1-13ubuntu0.1
---
vorbis-tools (1.1.1-13ubuntu0.1) gutsy-security; urgency=low
* SECURITY UPDATE: array index vulnerability (LP: #218652)
* debian/patches/SECURITY_CVE-2008-1686.diff: fix for ogg123/speex_format.c
to
This bug was fixed in the package vorbis-tools - 1.1.1-6ubuntu0.1
---
vorbis-tools (1.1.1-6ubuntu0.1) feisty-security; urgency=low
* SECURITY UPDATE: array index vulnerability (LP: #218652)
* debian/patches/SECURITY_CVE-2008-1686.diff: fix for ogg123/speex_format.c
to
This bug was fixed in the package gst-plugins-good0.10 -
0.10.7-3ubuntu0.1
---
gst-plugins-good0.10 (0.10.7-3ubuntu0.1) hardy-security; urgency=low
* SECURITY UPDATE: array index vulnerability (LP: #218652)
* debian/patches/99_SECURITY_CVE-2008-1686.patch: fix for
This bug was fixed in the package gst-plugins-good0.10 -
0.10.6-0ubuntu4.1
---
gst-plugins-good0.10 (0.10.6-0ubuntu4.1) gutsy-security; urgency=low
* SECURITY UPDATE: array index vulnerability (LP: #218652)
* debian/patches/04_SECURITY_CVE-2008-1686.patch: fix for
This bug was fixed in the package gst-plugins-good0.10 -
0.10.5-1ubuntu2.1
---
gst-plugins-good0.10 (0.10.5-1ubuntu2.1) feisty-security; urgency=low
* SECURITY UPDATE: array index vulnerability (LP: #218652)
* debian/patches/02_SECURITY_CVE-2008-1686.patch: fix for
** Changed in: gst-plugins-good0.10 (Ubuntu Dapper)
Assignee: (unassigned) = Jamie Strandboge (jdstrand)
Status: New = In Progress
** Changed in: gst-plugins-good0.10 (Ubuntu Feisty)
Assignee: (unassigned) = Jamie Strandboge (jdstrand)
Status: New = In Progress
** Changed
** Changed in: xine-lib (Ubuntu Dapper)
Assignee: (unassigned) = Jamie Strandboge (jdstrand)
Status: New = In Progress
** Changed in: xine-lib (Ubuntu Feisty)
Assignee: (unassigned) = Jamie Strandboge (jdstrand)
Status: New = In Progress
** Changed in: xine-lib (Ubuntu
** Changed in: gst-plugins-good0.10 (Ubuntu Dapper)
Importance: Undecided = Medium
Status: In Progress = Fix Committed
** Changed in: gst-plugins-good0.10 (Ubuntu Feisty)
Importance: Undecided = Medium
Status: In Progress = Fix Committed
** Changed in: gst-plugins-good0.10
1.2~beta3.2-1 in Intrepid is not affected.
** Changed in: speex (Ubuntu)
Status: New = Invalid
** Changed in: vorbis-tools (Ubuntu Dapper)
Importance: Undecided = Medium
Status: In Progress = Fix Committed
** Changed in: vorbis-tools (Ubuntu Feisty)
Importance: Undecided =
gst-plugins-good0.10.8 is not affected despite oCERT advisory. From
ChangeLog:
2008-04-11 Jan Schmidt [EMAIL PROTECTED]
* ext/speex/gstspeexdec.c: (speex_dec_chain_parse_header):
Fix bounds checking of mode in Speex header, which may
produce negative numbers in speex =
49 matches
Mail list logo
