Debian Bug report logs - #342208
libxine1: Exploitable heap overflow in image handling code

version graph

Package: libxine1; Maintainer for libxine1 is Darren Salt <devspam@moreofthesa.me.uk>; Source for libxine1 is src:xine-lib.

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Tue, 6 Dec 2005 10:03:05 UTC

Severity: grave

Tags: fixed, security

Found in version libxine1/1.0.1-1.4

Fixed in version xine-lib/1.1.1-1

Done: Reinhard Tartler <siretart@tauware.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Siggi Langauf <siggi@debian.org>:
Bug#342208; Package libxine1. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Siggi Langauf <siggi@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libxine1: Exploitable heap overflow in image handling code
Date: Tue, 06 Dec 2005 10:43:51 +0100
Package: libxine1
Version: 1.0.1-1.4
Severity: grave
Tags: security
Justification: user security hole

An exploitable heap overflow has been found in libavcodec's handling
of images with PIX_FMT_PAL8 pixel formats. xine-lib's embedded copy 
is vulnerable as well. Please see
http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558
for more information and a demo image.

Upstream's fix can be found at
http://mplayerhq.hu/pipermail/ffmpeg-cvslog/2005-December/000979.html
 
Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)



Information forwarded to debian-bugs-dist@lists.debian.org, Siggi Langauf <siggi@debian.org>:
Bug#342208; Package libxine1. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Siggi Langauf <siggi@debian.org>. Full text and rfc822 format available.

Message #10 received at 342208@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: 342208@bugs.debian.org, 342207@bugs.debian.org
Subject: CVE assignment
Date: Wed, 7 Dec 2005 22:43:46 +0100
Hi,
this has been assigned CVE-2005-4048, please mention it
in the changelog when fixing it.

Cheers,
        Moritz



Tags added: fixed Request was from Gustavo Noronha Silva <kov@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Reinhard Tartler <siretart@tauware.de>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #17 received at 342208-close@bugs.debian.org (full text, mbox):

From: Reinhard Tartler <siretart@tauware.de>
To: 342208-close@bugs.debian.org
Subject: Bug#342208: fixed in xine-lib 1.1.1-1
Date: Fri, 24 Feb 2006 15:02:16 -0800
Source: xine-lib
Source-Version: 1.1.1-1

We believe that the bug you reported is fixed in the latest version of
xine-lib, which is due to be installed in the Debian FTP archive:

libxine-dev_1.1.1-1_i386.deb
  to pool/main/x/xine-lib/libxine-dev_1.1.1-1_i386.deb
libxine1_1.1.1-1_i386.deb
  to pool/main/x/xine-lib/libxine1_1.1.1-1_i386.deb
xine-lib_1.1.1-1.diff.gz
  to pool/main/x/xine-lib/xine-lib_1.1.1-1.diff.gz
xine-lib_1.1.1-1.dsc
  to pool/main/x/xine-lib/xine-lib_1.1.1-1.dsc
xine-lib_1.1.1.orig.tar.gz
  to pool/main/x/xine-lib/xine-lib_1.1.1.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 342208@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Reinhard Tartler <siretart@tauware.de> (supplier of updated xine-lib package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 19 Feb 2006 18:34:51 +0100
Source: xine-lib
Binary: libxine-dev libxine1
Architecture: source i386
Version: 1.1.1-1
Distribution: unstable
Urgency: low
Maintainer: Siggi Langauf <siggi@debian.org>
Changed-By: Reinhard Tartler <siretart@tauware.de>
Description: 
 libxine-dev - the xine video player library, development packages
 libxine1   - the xine video/media player library, binary files
Closes: 288189 315986 318838 320317 323276 325960 326935 326936 327203 328168 328184 328265 328454 332919 337996 337997 338000 342208 345499 346488 347162 353150
Changes: 
 xine-lib (1.1.1-1) unstable; urgency=low
 .
   * New upstream release! (Closes: #326936, #353150, #332919)
 .
   [ Reinhard Tartler ]
     - adding myself to uploaders
     - Remove build dependencies on xlibs-dev, as well as alternatives on
       xlibs-dev-static. Debian is on its way towards X11R7!
       (Closes: #337997, #346488, #345499, #342208, #347162)
     - Rechecking the long list of NMUs. Thanks to all submitters!
 .
   [ Darren Salt ]
     - Add debian/watch file for uscan.
     - Convert debian/copyright to UTF-8.
     - Add build-deps on libxv-dev and libvcdinfo-dev.
     - Bump standards version to 3.6.2
     - Make "post-Sarge"-tagged changes to debian/rules and strip debian/tmp/
       from debian/*.install.
     - Remove *.gmo on clean (Just In Case). (Closes: #338000)
     - Do a little preparation for a possible -dbg package.
 .
   * Acknowledge NMUs.
     - Backports and gcc 4.0 fixes dropped since they're already in this version.
       Closes: #288189, #318838
     - slang transition: Closes: #315986
     - aalib transition: Closes: #320317, #323276
     - flac transition: Closes: #325960
     - fix of dependency generation script debian/shlibdeps.sh:
       Closes: #326935, #327203, #328168, #328184, #328265, #328454
     - fix bashism in debian/rules: Closes: #337996
Files: 
 3a7bb1c29296533f933ba4d3a5023d3a 1109 libs optional xine-lib_1.1.1-1.dsc
 b1f42602c776bb93e3cbf127e220cbfd 7990031 libs optional xine-lib_1.1.1.orig.tar.gz
 2822672c7751a97d673946a3ce14074d 2787 libs optional xine-lib_1.1.1-1.diff.gz
 eae78d0d6e9a85837a27130679aae894 109628 libdevel optional libxine-dev_1.1.1-1_i386.deb
 32843ca6f9b97079b83049c9badcc5ea 4150224 libs optional libxine1_1.1.1-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFD/4ver/RnCw96jQERArMlAKCbwm+QeTzuz6sny+qkY+9dVoxpZwCeKvCy
r2QtbaUEVFnTQ56DcATiko8=
=U9Ts
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 24 Jun 2007 12:47:08 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 25 08:13:36 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.