Debian Bug report logs - #405425
FrSIRT/ADV-2007-0026: vlc: "cdio_log_handler()" and "vcd_log_handler()" Format String Vulnerabilities

version graph

Package: vlc; Maintainer for vlc is Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>; Source for vlc is src:vlc.

Reported by: Alex de Oliveira Silva <enerv@host.sk>

Date: Wed, 3 Jan 2007 14:18:08 UTC

Severity: grave

Tags: fixed-upstream, patch, security

Found in versions vlc/0.8.6-svn20061012.debian-1, 0.8.1.svn20050314-1sarge1

Fixed in versions vlc/0.8.6-svn20061012.debian-1.2, vlc/0.8.6-svn20061012.debian-2, vlc/0.8.6-svn20061012.debian-3, vlc/0.8.1.svn20050314-1sarge2

Done: Sam Hocevar (Debian packages) <sam+deb@zoy.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Sam Hocevar (Debian packages) <sam+deb@zoy.org>:
Bug#405425; Package vlc. Full text and rfc822 format available.

Acknowledgement sent to Alex de Oliveira Silva <enerv@host.sk>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Sam Hocevar (Debian packages) <sam+deb@zoy.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Alex de Oliveira Silva <enerv@host.sk>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: FrSIRT/ADV-2007-0026: vlc: "cdio_log_handler()" and "vcd_log_handler()" Format String Vulnerabilities
Date: Wed, 03 Jan 2007 11:00:59 -0300
Package: vlc
Version: 0.8.6-svn20061012.debian-1
Severity: critical
Tags: security
Justification: root security hole

Description:
Multiple vulnerabilities have been identified in VideoLAN VLC, which could be exploited by attackers to take complete control of an affected system. These issues 
are due to format string errors in the "cdio_log_handler()" and "vcd_log_handler()" functions that call "msg_Dbg()", "msg_Warn()", and "msg_Err()" in an insecure 
manner, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a specially crafted web page or opening a 
malicious M3U playlist.

Affected:
VideoLAN VLC version 0.8.6 and prior 

Solution:
A fix is available via SVN :
http://trac.videolan.org/vlc/changeset/18481

References:
http://www.frsirt.com/english/advisories/2007/0026
http://projects.info-pull.com/moab/MOAB-02-01-2007.html

-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-486
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)

-- 
   .''`.  
  : :' :    Alex de Oliveira Silva | enerv
  `. `'     www.enerv.net
    `- 



Bug marked as found in version 0.8.1.svn20050314-1sarge1. Request was from Rémi Denis-Courmont <rdenis@simphalempin.com> to control@bugs.debian.org. Full text and rfc822 format available.

Severity set to `grave' from `critical' Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: fixed-upstream, patch Request was from Clément Stenac <zorglub@diwi.org> to control@bugs.debian.org. Full text and rfc822 format available.

Message sent on to Alex de Oliveira Silva <enerv@host.sk>:
Bug#405425. Full text and rfc822 format available.

Message #14 received at 405425-submitter@bugs.debian.org (full text, mbox):

From: Clément Stenac <zorglub@diwi.org>
To: 405425-submitter@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Patch
Date: Thu, 4 Jan 2007 09:24:24 +0100
tag 405425 +fixed-upstream patch
thanks

Upstream patch for this bug: 
http://www.videolan.org/patches/vlc-0.8.6-MOAB-02-01-2007.patch

By the way, if this bug is for you a "root security hole", then you are
doing really reckless stuff with your root account, like running as root
a program that does not need to be run as root with untrusted and
unchecked input downloaded from internet.

-- 
Zorglub
Clément Stenac



Information stored:
Bug#405425; Package vlc. Full text and rfc822 format available.

Acknowledgement sent to Alex de Oliveira Silva <enerv@host.sk>:
Extra info received and filed, but not forwarded. Full text and rfc822 format available.

Message #19 received at 405425-quiet@bugs.debian.org (full text, mbox):

From: Alex de Oliveira Silva <enerv@host.sk>
To: Clément Stenac <zorglub@diwi.org>, 405425-quiet@bugs.debian.org
Subject: Re: Bug#405425: Patch
Date: Thu, 04 Jan 2007 16:06:36 -0300
Its true.
Thanks vorlon to change severity.

Clément Stenac escreveu:
> tag 405425 +fixed-upstream patch
> thanks
>
> Upstream patch for this bug: 
> http://www.videolan.org/patches/vlc-0.8.6-MOAB-02-01-2007.patch
>
> By the way, if this bug is for you a "root security hole", then you are
> doing really reckless stuff with your root account, like running as root
> a program that does not need to be run as root with untrusted and
> unchecked input downloaded from internet.
>
>   

regards,
-- 
  .''`.  
 : :' :    Alex de Oliveira Silva | enerv
 `. `'     www.enerv.net
   `- 




Information forwarded to debian-bugs-dist@lists.debian.org, Sam Hocevar (Debian packages) <sam+deb@zoy.org>:
Bug#405425; Package vlc. Full text and rfc822 format available.

Acknowledgement sent to Andreas Barth <aba@not.so.argh.org>:
Extra info received and forwarded to list. Copy sent to Sam Hocevar (Debian packages) <sam+deb@zoy.org>. Full text and rfc822 format available.

Message #24 received at 405425@bugs.debian.org (full text, mbox):

From: Andreas Barth <aba@not.so.argh.org>
To: 405425@bugs.debian.org
Subject: NMU uploaded
Date: Sun, 7 Jan 2007 01:09:13 +0100
Hi,

I uploaded an NMU of your package.

Please see this as help to get the package into a releaseable condition for
etch.

Please find the used diff below.


Cheers,
Andi

diff -Nur ../vlc-0.8.6-svn20061012.debian~~/debian/changelog ../vlc-0.8.6-svn20061012.debian/debian/changelog
--- ../vlc-0.8.6-svn20061012.debian~~/debian/changelog	2006-12-23 19:18:21.000000000 +0000
+++ ../vlc-0.8.6-svn20061012.debian/debian/changelog	2007-01-06 23:08:27.000000000 +0000
@@ -1,3 +1,11 @@
+vlc (0.8.6-svn20061012.debian-1.2) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Fix format string vulnerability with patch
+    MOAB-02-01-2007-CVE-2007-0017.patch, CVE-2007-0017. Closes: #405425
+
+ -- Andreas Barth <aba@not.so.argh.org>  Sat,  6 Jan 2007 23:07:51 +0000
+
 vlc (0.8.6-svn20061012.debian-1.1) unstable; urgency=high
 
   * Non-maintainer upload.
diff -Nur ../vlc-0.8.6-svn20061012.debian~~/debian/patches/MOAB-02-01-2007-CVE-2007-0017.patch ../vlc-0.8.6-svn20061012.debian/debian/patches/MOAB-02-01-2007-CVE-2007-0017.patch
--- ../vlc-0.8.6-svn20061012.debian~~/debian/patches/MOAB-02-01-2007-CVE-2007-0017.patch	1970-01-01 00:00:00.000000000 +0000
+++ ../vlc-0.8.6-svn20061012.debian/debian/patches/MOAB-02-01-2007-CVE-2007-0017.patch	2007-01-03 15:55:03.000000000 +0000
@@ -0,0 +1,68 @@
+diff -ru vlc-0.8.6.orig/modules/access/cdda/access.c vlc-0.8.6/modules/access/cdda/access.c
+--- vlc-0.8.6.orig/modules/access/cdda/access.c	2007-01-03 10:01:09.000000000 +0100
++++ vlc-0.8.6/modules/access/cdda/access.c	2007-01-03 10:02:45.000000000 +0100
+@@ -89,17 +89,17 @@
+   case CDIO_LOG_DEBUG:
+   case CDIO_LOG_INFO:
+     if (p_cdda->i_debug & INPUT_DBG_CDIO)
+-      msg_Dbg( p_cdda_input, message);
++      msg_Dbg( p_cdda_input, "%s", message);
+     break;
+   case CDIO_LOG_WARN:
+-    msg_Warn( p_cdda_input, message);
++    msg_Warn( p_cdda_input, "%s", message);
+     break;
+   case CDIO_LOG_ERROR:
+   case CDIO_LOG_ASSERT:
+-    msg_Err( p_cdda_input, message);
++    msg_Err( p_cdda_input, "%s", message);
+     break;
+   default:
+-    msg_Warn( p_cdda_input, message,
++    msg_Warn( p_cdda_input, "%s\n%s %d", message,
+             "the above message had unknown cdio log level",
+             level);
+   }
+diff -ru vlc-0.8.6.orig/modules/access/vcdx/access.c vlc-0.8.6/modules/access/vcdx/access.c
+--- vlc-0.8.6.orig/modules/access/vcdx/access.c	2007-01-03 10:01:10.000000000 +0100
++++ vlc-0.8.6/modules/access/vcdx/access.c	2007-01-03 10:01:52.000000000 +0100
+@@ -92,17 +92,17 @@
+   case CDIO_LOG_DEBUG:
+   case CDIO_LOG_INFO:
+     if (p_vcdplayer->i_debug & INPUT_DBG_CDIO)
+-      msg_Dbg( p_vcd_access, message);
++      msg_Dbg( p_vcd_access, "%s", message);
+     break;
+   case CDIO_LOG_WARN:
+-    msg_Warn( p_vcd_access, message);
++    msg_Warn( p_vcd_access, "%s", message);
+     break;
+   case CDIO_LOG_ERROR:
+   case CDIO_LOG_ASSERT:
+-    msg_Err( p_vcd_access, message);
++    msg_Err( p_vcd_access, "%s", message);
+     break;
+   default:
+-    msg_Warn( p_vcd_access, message,
++    msg_Warn( p_vcd_access, "%s\n%s %d", message,
+             _("The above message had unknown log level"),
+             level);
+   }
+@@ -118,14 +118,14 @@
+   case VCD_LOG_DEBUG:
+   case VCD_LOG_INFO:
+     if (p_vcdplayer->i_debug & INPUT_DBG_VCDINFO)
+-      msg_Dbg( p_vcd_access, message);
++      msg_Dbg( p_vcd_access, "%s", message);
+     break;
+   case VCD_LOG_WARN:
+-    msg_Warn( p_vcd_access, message);
++    msg_Warn( p_vcd_access, "%s", message);
+     break;
+   case VCD_LOG_ERROR:
+   case VCD_LOG_ASSERT:
+-    msg_Err( p_vcd_access, message);
++    msg_Err( p_vcd_access, "%s", message);
+     break;
+   default:
+     msg_Warn( p_vcd_access, "%s\n%s %d", message,
diff -Nur ../vlc-0.8.6-svn20061012.debian~~/debian/patches/series ../vlc-0.8.6-svn20061012.debian/debian/patches/series
--- ../vlc-0.8.6-svn20061012.debian~~/debian/patches/series	2006-12-12 14:00:25.000000000 +0000
+++ ../vlc-0.8.6-svn20061012.debian/debian/patches/series	2007-01-06 23:07:30.000000000 +0000
@@ -5,3 +5,4 @@
 020_dejavu_font.diff
 020_notify.diff
 020_certificates_paths.diff
+MOAB-02-01-2007-CVE-2007-0017.patch
-- 
  http://home.arcor.de/andreas-barth/



Reply sent to Andreas Barth <aba@not.so.argh.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Alex de Oliveira Silva <enerv@host.sk>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #29 received at 405425-close@bugs.debian.org (full text, mbox):

From: Andreas Barth <aba@not.so.argh.org>
To: 405425-close@bugs.debian.org
Subject: Bug#405425: fixed in vlc 0.8.6-svn20061012.debian-1.2
Date: Sun, 07 Jan 2007 00:32:10 +0000
Source: vlc
Source-Version: 0.8.6-svn20061012.debian-1.2

We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive:

libvlc0-dev_0.8.6-svn20061012.debian-1.2_amd64.deb
  to pool/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-1.2_amd64.deb
libvlc0_0.8.6-svn20061012.debian-1.2_amd64.deb
  to pool/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-1.2_amd64.deb
vlc-nox_0.8.6-svn20061012.debian-1.2_amd64.deb
  to pool/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-1.2_amd64.deb
vlc-plugin-alsa_0.8.6-svn20061012.debian-1.2_all.deb
  to pool/main/v/vlc/vlc-plugin-alsa_0.8.6-svn20061012.debian-1.2_all.deb
vlc-plugin-arts_0.8.6-svn20061012.debian-1.2_amd64.deb
  to pool/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-1.2_amd64.deb
vlc-plugin-esd_0.8.6-svn20061012.debian-1.2_amd64.deb
  to pool/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-1.2_amd64.deb
vlc-plugin-ggi_0.8.6-svn20061012.debian-1.2_amd64.deb
  to pool/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-1.2_amd64.deb
vlc-plugin-sdl_0.8.6-svn20061012.debian-1.2_amd64.deb
  to pool/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-1.2_amd64.deb
vlc_0.8.6-svn20061012.debian-1.2.diff.gz
  to pool/main/v/vlc/vlc_0.8.6-svn20061012.debian-1.2.diff.gz
vlc_0.8.6-svn20061012.debian-1.2.dsc
  to pool/main/v/vlc/vlc_0.8.6-svn20061012.debian-1.2.dsc
vlc_0.8.6-svn20061012.debian-1.2_amd64.deb
  to pool/main/v/vlc/vlc_0.8.6-svn20061012.debian-1.2_amd64.deb
wxvlc_0.8.6-svn20061012.debian-1.2_all.deb
  to pool/main/v/vlc/wxvlc_0.8.6-svn20061012.debian-1.2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 405425@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Barth <aba@not.so.argh.org> (supplier of updated vlc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat,  6 Jan 2007 23:07:51 +0000
Source: vlc
Binary: wxvlc vlc-plugin-sdl vlc-plugin-ggi vlc-plugin-alsa vlc-plugin-glide vlc-plugin-esd vlc libvlc0 vlc-plugin-arts vlc-nox vlc-plugin-svgalib libvlc0-dev
Architecture: source amd64 all
Version: 0.8.6-svn20061012.debian-1.2
Distribution: unstable
Urgency: high
Maintainer: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
Changed-By: Andreas Barth <aba@not.so.argh.org>
Description: 
 libvlc0    - multimedia player and streamer library
 libvlc0-dev - development files for VLC
 vlc        - multimedia player and streamer
 vlc-nox    - multimedia player and streamer (without X support)
 vlc-plugin-alsa - dummy transitional package
 vlc-plugin-arts - aRts audio output plugin for VLC
 vlc-plugin-esd - Esound audio output plugin for VLC
 vlc-plugin-ggi - GGI video output plugin for VLC
 vlc-plugin-sdl - SDL video and audio output plugin for VLC
 wxvlc      - dummy transitional package
Closes: 405425
Changes: 
 vlc (0.8.6-svn20061012.debian-1.2) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Fix format string vulnerability with patch
     MOAB-02-01-2007-CVE-2007-0017.patch, CVE-2007-0017. Closes: #405425
Files: 
 4e0820da566a30b27c7cc7bce435a15d 2184 graphics optional vlc_0.8.6-svn20061012.debian-1.2.dsc
 70af4320598c31339f046420c507249d 31799 graphics optional vlc_0.8.6-svn20061012.debian-1.2.diff.gz
 8ca348fd025406b55cfa715b79427298 776 graphics optional vlc-plugin-alsa_0.8.6-svn20061012.debian-1.2_all.deb
 53d89104717d59d162f755b2fb6c4e13 770 graphics optional wxvlc_0.8.6-svn20061012.debian-1.2_all.deb
 563f89de087b74968af0ebfea2a584ab 1142714 graphics optional vlc_0.8.6-svn20061012.debian-1.2_amd64.deb
 255960f28bd24d9ca375060da7e1bd09 4183362 net optional vlc-nox_0.8.6-svn20061012.debian-1.2_amd64.deb
 9d43e5b9aa687b995249a3f24b84710e 948786 libs optional libvlc0_0.8.6-svn20061012.debian-1.2_amd64.deb
 c40d5cb7cd1dbc7c90662b9b38cbbd97 19518 libdevel optional libvlc0-dev_0.8.6-svn20061012.debian-1.2_amd64.deb
 bcfda52afe83144e09bb066df7372593 4514 graphics optional vlc-plugin-esd_0.8.6-svn20061012.debian-1.2_amd64.deb
 e324a943077a15e079516815df420661 11336 graphics optional vlc-plugin-sdl_0.8.6-svn20061012.debian-1.2_amd64.deb
 825da1bb568cc9eab7c251e00fd294ca 6050 graphics optional vlc-plugin-ggi_0.8.6-svn20061012.debian-1.2_amd64.deb
 52fabbd08db6624d2236479377e30ef6 4180 graphics optional vlc-plugin-arts_0.8.6-svn20061012.debian-1.2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFFoDOOmdOZoew2oYURAq1vAKCM2wyhg226o0749N57EbfqYZ+wQACfVEWM
Em19OrxMoIgqAFXY4U1E1tM=
=llep
-----END PGP SIGNATURE-----




Reply sent to Sam Hocevar (Debian packages) <sam+deb@zoy.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Alex de Oliveira Silva <enerv@host.sk>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #34 received at 405425-close@bugs.debian.org (full text, mbox):

From: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
To: 405425-close@bugs.debian.org
Subject: Bug#405425: fixed in vlc 0.8.6-svn20061012.debian-2
Date: Mon, 08 Jan 2007 17:32:09 +0000
Source: vlc
Source-Version: 0.8.6-svn20061012.debian-2

We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive:

libvlc0-dev_0.8.6-svn20061012.debian-2_i386.deb
  to pool/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-2_i386.deb
libvlc0_0.8.6-svn20061012.debian-2_i386.deb
  to pool/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-2_i386.deb
mozilla-plugin-vlc_0.8.6-svn20061012.debian-2_i386.deb
  to pool/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-2_i386.deb
vlc-nox_0.8.6-svn20061012.debian-2_i386.deb
  to pool/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-2_i386.deb
vlc-plugin-alsa_0.8.6-svn20061012.debian-2_all.deb
  to pool/main/v/vlc/vlc-plugin-alsa_0.8.6-svn20061012.debian-2_all.deb
vlc-plugin-arts_0.8.6-svn20061012.debian-2_i386.deb
  to pool/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-2_i386.deb
vlc-plugin-esd_0.8.6-svn20061012.debian-2_i386.deb
  to pool/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-2_i386.deb
vlc-plugin-ggi_0.8.6-svn20061012.debian-2_i386.deb
  to pool/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-2_i386.deb
vlc-plugin-glide_0.8.6-svn20061012.debian-2_i386.deb
  to pool/main/v/vlc/vlc-plugin-glide_0.8.6-svn20061012.debian-2_i386.deb
vlc-plugin-sdl_0.8.6-svn20061012.debian-2_i386.deb
  to pool/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-2_i386.deb
vlc-plugin-svgalib_0.8.6-svn20061012.debian-2_i386.deb
  to pool/main/v/vlc/vlc-plugin-svgalib_0.8.6-svn20061012.debian-2_i386.deb
vlc_0.8.6-svn20061012.debian-2.diff.gz
  to pool/main/v/vlc/vlc_0.8.6-svn20061012.debian-2.diff.gz
vlc_0.8.6-svn20061012.debian-2.dsc
  to pool/main/v/vlc/vlc_0.8.6-svn20061012.debian-2.dsc
vlc_0.8.6-svn20061012.debian-2_i386.deb
  to pool/main/v/vlc/vlc_0.8.6-svn20061012.debian-2_i386.deb
wxvlc_0.8.6-svn20061012.debian-2_all.deb
  to pool/main/v/vlc/wxvlc_0.8.6-svn20061012.debian-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 405425@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sam Hocevar (Debian packages) <sam+deb@zoy.org> (supplier of updated vlc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon,  8 Jan 2007 09:43:07 +0100
Source: vlc
Binary: wxvlc vlc-plugin-sdl vlc-plugin-ggi vlc-plugin-alsa vlc-plugin-glide vlc-plugin-esd mozilla-plugin-vlc vlc libvlc0 vlc-plugin-arts vlc-nox vlc-plugin-svgalib libvlc0-dev
Architecture: source i386 all
Version: 0.8.6-svn20061012.debian-2
Distribution: unstable
Urgency: high
Maintainer: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
Changed-By: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
Description: 
 libvlc0    - multimedia player and streamer library
 libvlc0-dev - development files for VLC
 mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC
 vlc        - multimedia player and streamer
 vlc-nox    - multimedia player and streamer (without X support)
 vlc-plugin-alsa - dummy transitional package
 vlc-plugin-arts - aRts audio output plugin for VLC
 vlc-plugin-esd - Esound audio output plugin for VLC
 vlc-plugin-ggi - GGI video output plugin for VLC
 vlc-plugin-glide - Glide video output plugin for VLC
 vlc-plugin-sdl - SDL video and audio output plugin for VLC
 vlc-plugin-svgalib - SVGAlib video output plugin for VLC
 wxvlc      - dummy transitional package
Closes: 399713 400720 400720 403022 403022 405425
Changes: 
 vlc (0.8.6-svn20061012.debian-2) unstable; urgency=high
 .
   * Maintainer upload.
   * Acknowledge previous NMUs by Andreas Barth. Thanks.
     (Closes: #405425, #400720, #403022).
 .
   * debian/control:
     + Put back mozilla-plugin-vlc package.
 .
   * debian/rules:
     + Build with mediacontrol bindings, needed for the Mozilla plugin.
 .
   * 020_kfreebsd.diff:
     + New patch courtesy of Petr Salinger. Fix a GNU/kFreeBSD FTBFS
       (Closes: #399713).
 .
   * patch-configure.ac-syntax-0.8.6debian-0.8.6a.diff:
     + Fix "CFAGS" to "CFLAGS" in configure.ac.
 .
   * patch-documentation-0.8.6debian-0.8.6a.diff:
     + Documentation, translation and error messages updates.
 .
   * patch-network-protocols-fixes-0.8.6debian-0.8.6a.diff:
     + Various fixes for the IPv4, IPv6, SAP and HTTP protocols.
 .
   * patch-po-0.8.6debian-0.8.6a.diff:
     + Translation updates.
 .
   * patch-version-information-0.8.6debian-0.8.6a.diff:
     + Set version information to 0.8.6a, even if it's not really our real
       version, to make it clear that the security issues were fixed.
 .
   * patch-mozilla-plugin-0.8.6debian-0.8.6a.diff:
     + Proper fix for the Mozilla plugin (Closes: #400720, #403022).
 .
   * 000_bootstrap.diff:
     + Rebootstrap tarball because of changes to configure.ac.
 .
   * patch-badly-initialised-data-0.8.6debian-0.8.6a.diff:
     + Fix various badly initialised variables in the code.
 .
   * patch-i422-yuy2-crash-0.8.6debian-0.8.6a.diff:
     + Fix a crash in the I422-YUY2 chroma conversion.
 .
   * patch-integer-signedness-0.8.6debian-0.8.6a.diff:
     + Fix integer signedness issues in the variable code.
 .
   * patch-logo-filter-crash-0.8.6debian-0.8.6a.diff:
     + Fix a crash in the logo filter.
 .
   * patch-memory-leaks-0.8.6debian-0.8.6a.diff:
     + Fix various memory leaks.
 .
   * patch-missing-locks-0.8.6debian-0.8.6a.diff:
     + Add missing mutex locks.
 .
   * patch-mjpeg-separator-0.8.6debian-0.8.6a.diff:
     + Fix MJPEG format support.
 .
   * patch-playlist-crash-0.8.6debian-0.8.6a.diff:
     + Fix a crash in the playlist code.
 .
   * patch-private-libcaca-0.8.6debian-0.8.6a.diff:
     + Do not use private libcaca symbols.
 .
   * patch-remove-debug-messages-0.8.6debian-0.8.6a.diff:
     + Disable debug messages and spurious messages to stderr.
 .
   * patch-sanitise-javascript-0.8.6debian-0.8.6a.diff:
     + Fix the javascript string sanitising.
 .
   * patch-sanity-checks-0.8.6debian-0.8.6a.diff:
     + Various sanity checks for untrusted data.
 .
   * patch-sdl-image-priority-0.8.6debian-0.8.6a.diff:
     + Downgraded the sdl-image plugin priority.
 .
   * patch-utf8-0.8.6debian-0.8.6a.diff:
     + Fix Unicode support in GUIs and file access.
Files: 
 85fd37f91f29fa66666a68717b6f53ec 2493 graphics optional vlc_0.8.6-svn20061012.debian-2.dsc
 b45f4bdd9f5e097f76c4a0d3e521caae 2407274 graphics optional vlc_0.8.6-svn20061012.debian-2.diff.gz
 7bbcda972653dc033a32cf3a568ad76c 780 graphics optional vlc-plugin-alsa_0.8.6-svn20061012.debian-2_all.deb
 19618046fcee3a051f95da843fef193f 772 graphics optional wxvlc_0.8.6-svn20061012.debian-2_all.deb
 6c844c3857ddbde95c5518e6ff4d1822 1141302 graphics optional vlc_0.8.6-svn20061012.debian-2_i386.deb
 1c6224253dd34d8ce1e3858533093436 4657900 net optional vlc-nox_0.8.6-svn20061012.debian-2_i386.deb
 dac1e6b9a3d18c7eb2a0f19829fbdc4d 958550 libs optional libvlc0_0.8.6-svn20061012.debian-2_i386.deb
 0de5386e2b051309b519cf4918b99726 20098 libdevel optional libvlc0-dev_0.8.6-svn20061012.debian-2_i386.deb
 6d1f59826586069473c53cae3910f580 4812 graphics optional vlc-plugin-esd_0.8.6-svn20061012.debian-2_i386.deb
 65c54ea6f402ddd6cb857ff444a7187e 10738 graphics optional vlc-plugin-sdl_0.8.6-svn20061012.debian-2_i386.deb
 f63090495cd5a5139b1c197f500e2e21 5834 graphics optional vlc-plugin-ggi_0.8.6-svn20061012.debian-2_i386.deb
 5cfcef8ee775cd586e960a4abd161641 4130 graphics optional vlc-plugin-glide_0.8.6-svn20061012.debian-2_i386.deb
 bc0cde568963798ae947f835a960b452 4098 graphics optional vlc-plugin-arts_0.8.6-svn20061012.debian-2_i386.deb
 d8dffea959637a031e0c792e3451cc42 36184 graphics optional mozilla-plugin-vlc_0.8.6-svn20061012.debian-2_i386.deb
 db14b638fc12995555cd784e510ad8ba 4526 graphics optional vlc-plugin-svgalib_0.8.6-svn20061012.debian-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFoiJVfPP1rylJn2ERAlYpAKCXW5aVKh5V6dILlKtD8S9gWSmrHgCfaXs3
MfEdVC7bfWfVJ1bvb6AaOm4=
=CuI/
-----END PGP SIGNATURE-----




Reply sent to Sam Hocevar (Debian packages) <sam+deb@zoy.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Alex de Oliveira Silva <enerv@host.sk>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #39 received at 405425-close@bugs.debian.org (full text, mbox):

From: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
To: 405425-close@bugs.debian.org
Subject: Bug#405425: fixed in vlc 0.8.6-svn20061012.debian-3
Date: Thu, 11 Jan 2007 22:32:10 +0000
Source: vlc
Source-Version: 0.8.6-svn20061012.debian-3

We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive:

libvlc0-dev_0.8.6-svn20061012.debian-3_i386.deb
  to pool/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-3_i386.deb
libvlc0_0.8.6-svn20061012.debian-3_i386.deb
  to pool/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-3_i386.deb
mozilla-plugin-vlc_0.8.6-svn20061012.debian-3_i386.deb
  to pool/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-3_i386.deb
vlc-nox_0.8.6-svn20061012.debian-3_i386.deb
  to pool/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-3_i386.deb
vlc-plugin-alsa_0.8.6-svn20061012.debian-3_all.deb
  to pool/main/v/vlc/vlc-plugin-alsa_0.8.6-svn20061012.debian-3_all.deb
vlc-plugin-arts_0.8.6-svn20061012.debian-3_i386.deb
  to pool/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-3_i386.deb
vlc-plugin-esd_0.8.6-svn20061012.debian-3_i386.deb
  to pool/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-3_i386.deb
vlc-plugin-ggi_0.8.6-svn20061012.debian-3_i386.deb
  to pool/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-3_i386.deb
vlc-plugin-glide_0.8.6-svn20061012.debian-3_i386.deb
  to pool/main/v/vlc/vlc-plugin-glide_0.8.6-svn20061012.debian-3_i386.deb
vlc-plugin-sdl_0.8.6-svn20061012.debian-3_i386.deb
  to pool/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-3_i386.deb
vlc-plugin-svgalib_0.8.6-svn20061012.debian-3_i386.deb
  to pool/main/v/vlc/vlc-plugin-svgalib_0.8.6-svn20061012.debian-3_i386.deb
vlc_0.8.6-svn20061012.debian-3.diff.gz
  to pool/main/v/vlc/vlc_0.8.6-svn20061012.debian-3.diff.gz
vlc_0.8.6-svn20061012.debian-3.dsc
  to pool/main/v/vlc/vlc_0.8.6-svn20061012.debian-3.dsc
vlc_0.8.6-svn20061012.debian-3_i386.deb
  to pool/main/v/vlc/vlc_0.8.6-svn20061012.debian-3_i386.deb
wxvlc_0.8.6-svn20061012.debian-3_all.deb
  to pool/main/v/vlc/wxvlc_0.8.6-svn20061012.debian-3_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 405425@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sam Hocevar (Debian packages) <sam+deb@zoy.org> (supplier of updated vlc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon,  8 Jan 2007 09:43:07 +0100
Source: vlc
Binary: wxvlc vlc-plugin-sdl vlc-plugin-ggi vlc-plugin-alsa vlc-plugin-glide vlc-plugin-esd mozilla-plugin-vlc vlc libvlc0 vlc-plugin-arts vlc-nox vlc-plugin-svgalib libvlc0-dev
Architecture: source i386 all
Version: 0.8.6-svn20061012.debian-3
Distribution: testing-proposed-updates
Urgency: high
Maintainer: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
Changed-By: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
Description: 
 libvlc0    - multimedia player and streamer library
 libvlc0-dev - development files for VLC
 mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC
 vlc        - multimedia player and streamer
 vlc-nox    - multimedia player and streamer (without X support)
 vlc-plugin-alsa - dummy transitional package
 vlc-plugin-arts - aRts audio output plugin for VLC
 vlc-plugin-esd - Esound audio output plugin for VLC
 vlc-plugin-ggi - GGI video output plugin for VLC
 vlc-plugin-glide - Glide video output plugin for VLC
 vlc-plugin-sdl - SDL video and audio output plugin for VLC
 vlc-plugin-svgalib - SVGAlib video output plugin for VLC
 wxvlc      - dummy transitional package
Closes: 399713 400720 403022 405425
Changes: 
 vlc (0.8.6-svn20061012.debian-3) testing-proposed-updates; urgency=high
 .
   * patch-version-information-0.8.6debian-0.8.6a.diff:
     + Set version information to 0.8.6a, even if it's not really our real
       version, to make it clear that the security issues were fixed.
 .
   * MOAB-02-01-2007-CVE-2007-0017.patch:
     + Fix CVE-2007-0017, “format string vulnerability” (Closes: #405425).
 .
   * 020_kfreebsd.diff:
     + New patch courtesy of Petr Salinger. Fix a GNU/kFreeBSD FTBFS
       (Closes: #399713).
 .
   * patch-documentation-0.8.6debian-0.8.6a.diff:
     + Documentation, translation and error messages updates.
 .
   * patch-po-0.8.6debian-0.8.6a.diff:
     + Translation updates.
 .
   * patch-mozilla-plugin-0.8.6debian-0.8.6a.diff:
     + Proper fix for the Mozilla plugin (Closes: #400720, #403022).
   * debian/rules:
     + Build with mediacontrol bindings, needed for the Mozilla plugin.
 .
   * patch-badly-initialised-data-0.8.6debian-0.8.6a.diff:
     + Fix various badly initialised variables in the code.
 .
   * patch-i422-yuy2-crash-0.8.6debian-0.8.6a.diff:
     + Fix a crash in the I422-YUY2 chroma conversion.
 .
   * patch-integer-signedness-0.8.6debian-0.8.6a.diff:
     + Fix integer signedness issues in the variable code.
 .
   * patch-logo-filter-crash-0.8.6debian-0.8.6a.diff:
     + Fix a crash in the logo filter.
 .
   * patch-memory-leaks-0.8.6debian-0.8.6a.diff:
     + Fix various memory leaks.
 .
   * patch-missing-locks-0.8.6debian-0.8.6a.diff:
     + Add missing mutex locks.
 .
   * patch-playlist-crash-0.8.6debian-0.8.6a.diff:
     + Fix a crash in the playlist code.
 .
   * patch-sanitise-javascript-0.8.6debian-0.8.6a.diff:
     + Fix the javascript string sanitising.
 .
   * patch-sanity-checks-0.8.6debian-0.8.6a.diff:
     + Various sanity checks for untrusted data.
Files: 
 d7bc8c86c91cbffc5d2c1beb5bb27855 2493 graphics optional vlc_0.8.6-svn20061012.debian-3.dsc
 87f20adfd0e54e4b8260ae7e3af1e2f8 2403880 graphics optional vlc_0.8.6-svn20061012.debian-3.diff.gz
 54c9885fb9ed67557db634bf42f519ed 778 graphics optional vlc-plugin-alsa_0.8.6-svn20061012.debian-3_all.deb
 b6f9c9b5491c7e2bbf18f45b96dbcf84 770 graphics optional wxvlc_0.8.6-svn20061012.debian-3_all.deb
 2f9afee417eee1e8832b5242b8e06544 1141126 graphics optional vlc_0.8.6-svn20061012.debian-3_i386.deb
 80650ce4cc7107533239dd6e32efeed3 4657576 net optional vlc-nox_0.8.6-svn20061012.debian-3_i386.deb
 67681a9e308e5c57f1f1bd8b7d056c49 958228 libs optional libvlc0_0.8.6-svn20061012.debian-3_i386.deb
 eea1b583c240155156eee1029b3da9a5 20126 libdevel optional libvlc0-dev_0.8.6-svn20061012.debian-3_i386.deb
 768509bed47e677acdaaec62c8a553df 4814 graphics optional vlc-plugin-esd_0.8.6-svn20061012.debian-3_i386.deb
 2eece62f0260eb12f568ab11f9a5bbb0 10734 graphics optional vlc-plugin-sdl_0.8.6-svn20061012.debian-3_i386.deb
 209ddb639267693d534eee5bacb3dd88 5834 graphics optional vlc-plugin-ggi_0.8.6-svn20061012.debian-3_i386.deb
 fd68aad308847d3190a2f7dbe388e003 4126 graphics optional vlc-plugin-glide_0.8.6-svn20061012.debian-3_i386.deb
 f512aaa8f3ae8b100ef4d27979df89b5 4098 graphics optional vlc-plugin-arts_0.8.6-svn20061012.debian-3_i386.deb
 c516c29db56a44ddfb36f770224d7116 36180 graphics optional mozilla-plugin-vlc_0.8.6-svn20061012.debian-3_i386.deb
 735e702891ecaf6f1caf79b0c6a3b1bb 4528 graphics optional vlc-plugin-svgalib_0.8.6-svn20061012.debian-3_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFprjifPP1rylJn2ERAokyAJ0bGfyjq+ftHZDevUMurTYYnYvhiwCff5Yz
ib+bM6YeU6qd+tJY7+7D6cg=
=j0Pe
-----END PGP SIGNATURE-----




Reply sent to Sam Hocevar (Debian packages) <sam+deb@zoy.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Alex de Oliveira Silva <enerv@host.sk>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #44 received at 405425-close@bugs.debian.org (full text, mbox):

From: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
To: 405425-close@bugs.debian.org
Subject: Bug#405425: fixed in vlc 0.8.1.svn20050314-1sarge2
Date: Sat, 17 Feb 2007 12:10:32 +0000
Source: vlc
Source-Version: 0.8.1.svn20050314-1sarge2

We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive:

gnome-vlc_0.8.1.svn20050314-1sarge2_i386.deb
  to pool/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge2_i386.deb
gvlc_0.8.1.svn20050314-1sarge2_i386.deb
  to pool/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge2_i386.deb
kvlc_0.8.1.svn20050314-1sarge2_i386.deb
  to pool/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge2_i386.deb
libvlc0-dev_0.8.1.svn20050314-1sarge2_i386.deb
  to pool/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge2_i386.deb
mozilla-plugin-vlc_0.8.1.svn20050314-1sarge2_i386.deb
  to pool/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge2_i386.deb
qvlc_0.8.1.svn20050314-1sarge2_i386.deb
  to pool/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge2_i386.deb
vlc-alsa_0.8.1.svn20050314-1sarge2_i386.deb
  to pool/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge2_i386.deb
vlc-esd_0.8.1.svn20050314-1sarge2_i386.deb
  to pool/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge2_i386.deb
vlc-ggi_0.8.1.svn20050314-1sarge2_i386.deb
  to pool/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge2_i386.deb
vlc-glide_0.8.1.svn20050314-1sarge2_i386.deb
  to pool/main/v/vlc/vlc-glide_0.8.1.svn20050314-1sarge2_i386.deb
vlc-gnome_0.8.1.svn20050314-1sarge2_i386.deb
  to pool/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge2_i386.deb
vlc-gtk_0.8.1.svn20050314-1sarge2_i386.deb
  to pool/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge2_i386.deb
vlc-plugin-alsa_0.8.1.svn20050314-1sarge2_i386.deb
  to pool/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge2_i386.deb
vlc-plugin-arts_0.8.1.svn20050314-1sarge2_i386.deb
  to pool/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge2_i386.deb
vlc-plugin-esd_0.8.1.svn20050314-1sarge2_i386.deb
  to pool/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge2_i386.deb
vlc-plugin-ggi_0.8.1.svn20050314-1sarge2_i386.deb
  to pool/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge2_i386.deb
vlc-plugin-glide_0.8.1.svn20050314-1sarge2_i386.deb
  to pool/main/v/vlc/vlc-plugin-glide_0.8.1.svn20050314-1sarge2_i386.deb
vlc-plugin-sdl_0.8.1.svn20050314-1sarge2_i386.deb
  to pool/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge2_i386.deb
vlc-plugin-svgalib_0.8.1.svn20050314-1sarge2_i386.deb
  to pool/main/v/vlc/vlc-plugin-svgalib_0.8.1.svn20050314-1sarge2_i386.deb
vlc-qt_0.8.1.svn20050314-1sarge2_i386.deb
  to pool/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge2_i386.deb
vlc-sdl_0.8.1.svn20050314-1sarge2_i386.deb
  to pool/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge2_i386.deb
vlc_0.8.1.svn20050314-1sarge2.diff.gz
  to pool/main/v/vlc/vlc_0.8.1.svn20050314-1sarge2.diff.gz
vlc_0.8.1.svn20050314-1sarge2.dsc
  to pool/main/v/vlc/vlc_0.8.1.svn20050314-1sarge2.dsc
vlc_0.8.1.svn20050314-1sarge2_i386.deb
  to pool/main/v/vlc/vlc_0.8.1.svn20050314-1sarge2_i386.deb
wxvlc_0.8.1.svn20050314-1sarge2_i386.deb
  to pool/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 405425@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sam Hocevar (Debian packages) <sam+deb@zoy.org> (supplier of updated vlc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 15 Jan 2007 13:06:55 +0100
Source: vlc
Binary: vlc-esd wxvlc vlc-plugin-sdl kvlc gvlc vlc-plugin-alsa gnome-vlc vlc-qt vlc-ggi mozilla-plugin-vlc vlc vlc-gnome vlc-gtk vlc-sdl vlc-alsa vlc-plugin-svgalib vlc-glide vlc-plugin-ggi qvlc vlc-plugin-esd vlc-plugin-glide vlc-plugin-arts libvlc0-dev
Architecture: source i386
Version: 0.8.1.svn20050314-1sarge2
Distribution: stable-security
Urgency: high
Maintainer: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
Changed-By: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
Description: 
 gnome-vlc  - GNOME frontend for VLC (dummy legacy package)
 gvlc       - GTK+ frontend for VLC (dummy legacy package)
 kvlc       - KDE frontend for VLC (dummy legacy package)
 libvlc0-dev - development files for VLC
 mozilla-plugin-vlc - multimedia plugin for Mozilla based on VLC
 qvlc       - Qt frontend for VLC (dummy legacy package)
 vlc        - multimedia player for all audio and video formats
 vlc-alsa   - ALSA audio output plugin for VLC (dummy legacy package)
 vlc-esd    - Esound audio output plugin for VLC (dummy legacy package)
 vlc-ggi    - GGI video output plugin for VLC (dummy legacy package)
 vlc-glide  - Glide video output plugin for VLC (dummy legacy package)
 vlc-gnome  - GNOME frontend for VLC (dummy legacy package)
 vlc-gtk    - GTK+ frontend for VLC (dummy legacy package)
 vlc-plugin-alsa - ALSA audio output plugin for VLC
 vlc-plugin-arts - aRts audio output plugin for VLC
 vlc-plugin-esd - Esound audio output plugin for VLC
 vlc-plugin-ggi - GGI video output plugin for VLC
 vlc-plugin-glide - Glide video output plugin for VLC
 vlc-plugin-sdl - SDL video and audio output plugin for VLC
 vlc-plugin-svgalib - SVGAlib video output plugin for VLC
 vlc-qt     - Qt frontend for VLC (dummy legacy package)
 vlc-sdl    - SDL video and audio output plugin for VLC (dummy legacy package)
 wxvlc      - wxWindows frontend for VLC
Closes: 358026 405425
Changes: 
 vlc (0.8.1.svn20050314-1sarge2) stable-security; urgency=high
 .
   * modules/access/cdda/access.c modules/access/vcdx/access.c:
     + Fix format string vulnerabilities (CVE-2007-0017) (Closes: #405425).
   * debian/control:
     + Build-conflict against libsmbclient-dev to avoid accidentally
       depending on Samba libraries (Closes: #358026).
Files: 
 a8b1c32a0625845da8b035402064351b 1916 graphics optional vlc_0.8.1.svn20050314-1sarge2.dsc
 c1573565b4f6c5f5bc4fb0da0ef82c4e 1419 graphics optional vlc_0.8.1.svn20050314-1sarge2.diff.gz
 25303969db6cc0fbd49213be430df851 5248346 graphics optional vlc_0.8.1.svn20050314-1sarge2_i386.deb
 d543d6e9a80452fa3dde68aed95fba05 736194 libdevel optional libvlc0-dev_0.8.1.svn20050314-1sarge2_i386.deb
 631a977a858357c6f33cdd65421d930d 1264 oldlibs optional gnome-vlc_0.8.1.svn20050314-1sarge2_i386.deb
 876395121224f2dde78efbe4d3a425cd 1272 oldlibs optional gvlc_0.8.1.svn20050314-1sarge2_i386.deb
 e74395e32b380ff0979bb93c743ecb41 4666 graphics optional vlc-plugin-esd_0.8.1.svn20050314-1sarge2_i386.deb
 2bd7aba839974f5ec5b1c5eed3225898 10474 graphics optional vlc-plugin-alsa_0.8.1.svn20050314-1sarge2_i386.deb
 ee701ea8bac97ed56be2814487be9793 10588 graphics optional vlc-plugin-sdl_0.8.1.svn20050314-1sarge2_i386.deb
 3187af8067fcb58fcf04ee5cb6cd4a35 6390 graphics optional vlc-plugin-ggi_0.8.1.svn20050314-1sarge2_i386.deb
 20ac7a7d0058973532a507bba0f58b55 4668 graphics optional vlc-plugin-glide_0.8.1.svn20050314-1sarge2_i386.deb
 9a5000ace56011a555a333097acdebb9 954 oldlibs optional qvlc_0.8.1.svn20050314-1sarge2_i386.deb
 9305542c6f92bba8159c925e22bc0d50 4424 graphics optional vlc-plugin-arts_0.8.1.svn20050314-1sarge2_i386.deb
 58fbafb3f71ccc9d9160acd4e94d25e2 582328 graphics optional mozilla-plugin-vlc_0.8.1.svn20050314-1sarge2_i386.deb
 38d79330ffd560b4070685e40356262c 974 oldlibs optional kvlc_0.8.1.svn20050314-1sarge2_i386.deb
 84514a7deb4f44cb93ea14ee48358e5b 4760 graphics optional vlc-plugin-svgalib_0.8.1.svn20050314-1sarge2_i386.deb
 8cbfa4c613219d31e15e13ec6f4e119b 302658 graphics optional wxvlc_0.8.1.svn20050314-1sarge2_i386.deb
 182b1775c69f3d754c29eca2204ddcb3 872 oldlibs optional vlc-alsa_0.8.1.svn20050314-1sarge2_i386.deb
 c7d04205aa4816c4ba97191d8e09e648 872 oldlibs optional vlc-esd_0.8.1.svn20050314-1sarge2_i386.deb
 5cfb1f247c297fa929c7cf781af2c63b 874 oldlibs optional vlc-ggi_0.8.1.svn20050314-1sarge2_i386.deb
 33fb31c2568f63d1adb9923c6f59c6bc 878 oldlibs optional vlc-glide_0.8.1.svn20050314-1sarge2_i386.deb
 1df3ade097295fa2ef607d05fb542ae4 872 oldlibs optional vlc-gnome_0.8.1.svn20050314-1sarge2_i386.deb
 995f69c9cae4f5b2306a077a81e27f03 864 oldlibs optional vlc-gtk_0.8.1.svn20050314-1sarge2_i386.deb
 1b6298ba6ca8f1c11005a89173162f7d 860 oldlibs optional vlc-qt_0.8.1.svn20050314-1sarge2_i386.deb
 30b7ceece36c56301704a431bc6138f0 878 oldlibs optional vlc-sdl_0.8.1.svn20050314-1sarge2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFFq5h4fPP1rylJn2ERAjj3AJ9ZEMfV1maJ4uX57lnuQKB2iDAosgCfaeas
X26xeXL5Ppvag+sSd02200U=
=zvYo
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 24 Jun 2007 23:29:03 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 19:17:25 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.