Debian Bug report logs -
#507184
xine-lib: CVE-2008-5246 heap overflow
Reported by: Nico Golde <nion@debian.org>
Date: Fri, 28 Nov 2008 22:18:01 UTC
Severity: grave
Tags: patch, security
Fixed in version 1.1.14-3
Done: sean finney <seanius@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to
debian-bugs-dist@lists.debian.org, Reinhard Tartler <siretart@tauware.de>:
Bug#507184; Package
xine-lib.
(Fri, 28 Nov 2008 22:18:03 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to
Reinhard Tartler <siretart@tauware.de>.
(Fri, 28 Nov 2008 22:18:04 GMT)
Full text and
rfc822 format available.
Message #5 received at submit@bugs.debian.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Package: xine-lib
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xine-lib.
CVE-2008-5246[0]:
| Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow
| remote attackers to execute arbitrary code via vectors that send ID3
| data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame
| functions in src/demuxers/id3.c. NOTE: the provenance of this
| information is unknown; the details are obtained solely from third
| party information.
Your upstream fix:
http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=268c1c1639d7;style=gitweb
Btw a rather strange way to fix an integer overflow + a
strange comment.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] CVE-2008-5246">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5246
CVE-2008-5246">http://security-tracker.debian.net/tracker/CVE-2008-5246
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Reply sent
to
sean finney <seanius@debian.org>:
You have taken responsibility.
(Fri, 26 Dec 2008 18:48:03 GMT)
Full text and
rfc822 format available.
Notification sent
to
Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(Fri, 26 Dec 2008 18:48:03 GMT)
Full text and
rfc822 format available.
Message #10 received at 507184-done@bugs.debian.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Version: 1.1.14-3
hi,
this bug was fixed in the august upload of the package:
xine-lib (1.1.14-3) unstable; urgency=high
* More security fixes from upstream hg:
==> - Fix an exploitable ID3 heap buffer overflow.
- Check for possible buffer overflow attempts in the Real demuxer.
- Use size_t for data length variables where there may be int overflows.
- Add some checks for memory allocation failures.
i've verified that the patch is applied.
a note to the package maintainer: please consider using some form of
patch management system as it's quite difficult to investigate such
problems and/or prepare fixes for them.
i'll investigate the remaining xine-lib security bugs to see if the
same applies. if time permits i'll also look at what the situation is
with stable, though my focus right now is on squishing lenny/rc bugs.
sean
[signature.asc (application/pgp-signature, inline)]
Bug archived.
Request was from
Debbugs Internal Request <owner@bugs.debian.org>
to
internal_control@bugs.debian.org.
(Sat, 24 Jan 2009 07:29:19 GMT)
Full text and
rfc822 format available.
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Tue Feb 9 19:20:01 2010;
Machine Name:
busoni.debian.org
Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.