Debian Bug report logs - #401740
CVE-2006-6172: xine-lib libreal Buffer Overflow Vulnerabilities

version graph

Package: libxine1; Maintainer for libxine1 is Darren Salt <devspam@moreofthesa.me.uk>; Source for libxine1 is src:xine-lib.

Reported by: Stefan Fritsch <sf@sfritsch.de>

Date: Tue, 5 Dec 2006 17:03:18 UTC

Severity: grave

Tags: security

Found in version xine-lib/1.1.2+dfsg-1

Fixed in version xine-lib/1.1.2+dfsg-2

Done: Reinhard Tartler <siretart@tauware.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Siggi Langauf <siggi@debian.org>:
Bug#401740; Package libxine1. Full text and rfc822 format available.

Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Siggi Langauf <siggi@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Stefan Fritsch <sf@sfritsch.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2006-6172: xine-lib libreal Buffer Overflow Vulnerabilities
Date: Tue, 05 Dec 2006 17:31:19 +0100
Package: libxine1
Version: 1.1.2+dfsg-1
Severity: grave
Tags: security
Justification: user security hole


A vulnerability has been found in the real plugin of libxine. See

http://secunia.com/advisories/23218/
https://sourceforge.net/tracker/index.php?func=detail&aid=1603458&group_id=9655&atid=109655

for details.



Reply sent to Reinhard Tartler <siretart@tauware.de>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at 401740-close@bugs.debian.org (full text, mbox):

From: Reinhard Tartler <siretart@tauware.de>
To: 401740-close@bugs.debian.org
Subject: Bug#401740: fixed in xine-lib 1.1.2+dfsg-2
Date: Wed, 06 Dec 2006 22:47:06 +0000
Source: xine-lib
Source-Version: 1.1.2+dfsg-2

We believe that the bug you reported is fixed in the latest version of
xine-lib, which is due to be installed in the Debian FTP archive:

libxine-dev_1.1.2+dfsg-2_i386.deb
  to pool/main/x/xine-lib/libxine-dev_1.1.2+dfsg-2_i386.deb
libxine1-dbg_1.1.2+dfsg-2_i386.deb
  to pool/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-2_i386.deb
libxine1_1.1.2+dfsg-2_i386.deb
  to pool/main/x/xine-lib/libxine1_1.1.2+dfsg-2_i386.deb
xine-lib_1.1.2+dfsg-2.diff.gz
  to pool/main/x/xine-lib/xine-lib_1.1.2+dfsg-2.diff.gz
xine-lib_1.1.2+dfsg-2.dsc
  to pool/main/x/xine-lib/xine-lib_1.1.2+dfsg-2.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 401740@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Reinhard Tartler <siretart@tauware.de> (supplier of updated xine-lib package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed,  6 Dec 2006 22:15:11 +0100
Source: xine-lib
Binary: libxine1-dbg libxine-dev libxine1
Architecture: source i386
Version: 1.1.2+dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Siggi Langauf <siggi@debian.org>
Changed-By: Reinhard Tartler <siretart@tauware.de>
Description: 
 libxine-dev - the xine video player library, development packages
 libxine1   - the xine video/media player library, binary files
 libxine1-dbg - the xine video/media player library, debug data
Closes: 401740
Changes: 
 xine-lib (1.1.2+dfsg-2) unstable; urgency=medium
 .
   * Bug fix: "CVE-2006-6172: xine-lib libreal Buffer Overflow
     Vulnerabilities", thanks to Stefan Fritsch (Closes: #401740).
Files: 
 91858c92e40cb6337719045333793f8a 1536 libs optional xine-lib_1.1.2+dfsg-2.dsc
 9d5b4ea6ff508c49fd742018e2cf5a0b 19035 libs optional xine-lib_1.1.2+dfsg-2.diff.gz
 cbfe54346aa2dd0de8756c8afc4538cd 118588 libdevel optional libxine-dev_1.1.2+dfsg-2_i386.deb
 854253317db62a8664642ff5950c7896 3375516 libs optional libxine1_1.1.2+dfsg-2_i386.deb
 55f4f28c81a76a585e695cf585231d79 3969100 libs extra libxine1-dbg_1.1.2+dfsg-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFd0RD+C5cwEsrK54RAv+3AJ9YoyYwEoQOXY97DgGagcXCybcobACfQloF
deW9diYu6/k07pjWWveTX68=
=E3a3
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 25 Jun 2007 08:17:18 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 24 01:54:05 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.