Launchpad has imported 14 comments from the remote bug at http://bugs.gentoo.org/show_bug.cgi?id=205197.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2008-01-10T13:05:12+00:00 lars wrote: The vulnerabilities are caused due to boundary errors within the "rmff_dump_cont()" function in input/libreal/rmff.c when processing the SDP "Title", "Author", Copyright", and "Abstract" attributes. These can be exploited to cause a heap-based buffer overflow by tricking the user into connecting to a malicious RTSP server. Successful exploitation may allow execution of arbitrary code. The vulnerabilities are confirmed in version 1.1.9. Other versions may also be affected. Solution: no upstream fix avaible, so "Do not connect to untrusted streaming servers."... Reply at: https://bugs.launchpad.net/ubuntu/+source/xine- lib/+bug/185034/comments/0 ------------------------------------------------------------------------ On 2008-01-10T13:55:32+00:00 Rbu wrote: Media-video, please advise. Reply at: https://bugs.launchpad.net/ubuntu/+source/xine- lib/+bug/185034/comments/1 ------------------------------------------------------------------------ On 2008-01-11T18:02:42+00:00 Aballier wrote: xine-lib 1.1.9.1 is in the tree and candidate for stable, see changelog why there is a -r1 too... Reply at: https://bugs.launchpad.net/ubuntu/+source/xine- lib/+bug/185034/comments/2 ------------------------------------------------------------------------ On 2008-01-13T14:15:24+00:00 Jaervosz wrote: Arches please test and mark stable. Target keywords are: xine-lib-1.1.9.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd" Reply at: https://bugs.launchpad.net/ubuntu/+source/xine- lib/+bug/185034/comments/3 ------------------------------------------------------------------------ On 2008-01-13T19:07:23+00:00 Ranger-z wrote: ppc64 done Reply at: https://bugs.launchpad.net/ubuntu/+source/xine- lib/+bug/185034/comments/4 ------------------------------------------------------------------------ On 2008-01-13T19:52:00+00:00 Dertobi123 wrote: (In reply to comment #3) > Arches please test and mark stable. Target keywords are: > > xine-lib-1.1.9.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 > ~x86-fbsd" > which should be 1.1.9.1 according to the changelog, re-adding ppc64 xine-lib-1.1.9.1.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd" Reply at: https://bugs.launchpad.net/ubuntu/+source/xine-lib/+bug/185034/comments/5 ------------------------------------------------------------------------ On 2008-01-13T20:02:12+00:00 Ranger-z wrote: 1.1.9.1 done now too. ppc64 stable Reply at: https://bugs.launchpad.net/ubuntu/+source/xine- lib/+bug/185034/comments/6 ------------------------------------------------------------------------ On 2008-01-13T20:08:14+00:00 Dertobi123 wrote: ppc stable Reply at: https://bugs.launchpad.net/ubuntu/+source/xine- lib/+bug/185034/comments/7 ------------------------------------------------------------------------ On 2008-01-13T21:04:52+00:00 Maekke-gentoo wrote: x86 stable Reply at: https://bugs.launchpad.net/ubuntu/+source/xine- lib/+bug/185034/comments/8 ------------------------------------------------------------------------ On 2008-01-15T06:18:32+00:00 Jeroen Roovers wrote: Stable for HPPA. Reply at: https://bugs.launchpad.net/ubuntu/+source/xine- lib/+bug/185034/comments/9 ------------------------------------------------------------------------ On 2008-01-16T12:18:30+00:00 Raúl Porcel wrote: alpha/ia64/sparc stable Reply at: https://bugs.launchpad.net/ubuntu/+source/xine- lib/+bug/185034/comments/10 ------------------------------------------------------------------------ On 2008-01-16T15:51:41+00:00 Welp wrote: amd64 done. Reply at: https://bugs.launchpad.net/ubuntu/+source/xine- lib/+bug/185034/comments/11 ------------------------------------------------------------------------ On 2008-01-16T19:08:43+00:00 Jaervosz wrote: GLSA request filed. Reply at: https://bugs.launchpad.net/ubuntu/+source/xine- lib/+bug/185034/comments/12 ------------------------------------------------------------------------ On 2008-01-27T16:36:29+00:00 Rbu wrote: GLSA 200801-12, thanks. Reply at: https://bugs.launchpad.net/ubuntu/+source/xine- lib/+bug/185034/comments/15 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/185034 Title: [xine-lib] [CVE-2008-0225] insufficient input sanitising during the handling of RTSP streams To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xine-lib/+bug/185034/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
