Debian Bug report logs - #414072
CVE-2007-1246: DMO decoder heap allocation overflow

version graph

Package: xine-lib; Maintainer for xine-lib is Darren Salt <linux@youmustbejoking.demon.co.uk>;

Reported by: Kees Cook <kees@outflux.net>

Date: Fri, 9 Mar 2007 01:51:02 UTC

Severity: grave

Tags: patch, security

Found in version 1.1.2+dfsg-2

Fixed in version xine-lib/1.1.2+dfsg-3

Done: Reinhard Tartler <siretart@tauware.de>

Bug is archived. No further changes may be made.

Full log

Message #12 received at 414072@bugs.debian.org (full text, mbox, reply):

Received: (at 414072) by bugs.debian.org; 9 Mar 2007 10:39:52 +0000
From debdev@tonelli.sns.it Fri Mar 09 10:39:52 2007
Return-path: <debdev@tonelli.sns.it>
Received: from cibs10.sns.it ([192.167.206.30] helo=reed.sns.it)
	by rietz.debian.org with esmtp (Exim 4.50)
	id 1HPcIi-0008CT-Vt; Fri, 09 Mar 2007 10:26:19 +0000
Received: from [192.167.206.31] (helo=sns.it)
	by reed.sns.it with esmtp (Exim 3.35 #1 (Debian))
	id 1HPcdB-0000yz-00; Fri, 09 Mar 2007 11:47:25 +0100
X-Virus-Scanned: by cgpav
Received: from tonelli.sns.it ([192.84.155.215] verified)
  by sns.it (CommuniGate Pro SMTP 5.1.2)
  with ESMTP id 53349813; Fri, 09 Mar 2007 11:32:50 +0100
Received: by tonelli.sns.it (Postfix, from userid 1013)
	id BF2461EEFB; Fri,  9 Mar 2007 11:26:03 +0100 (CET)
Date: Fri, 9 Mar 2007 11:26:03 +0100
To: Kees Cook <kees@outflux.net>, 414075@bugs.debian.org
Cc: 414072@bugs.debian.org
Subject: Re: Bug#414075: mplayer patch
Message-ID: <20070309102603.GA7291@tonelli.sns.it>
Reply-To: mennucc1@debian.org
References: <20070309023124.GP6805@outflux.net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="vGgW1X5XWziG23Ko"
Content-Disposition: inline
In-Reply-To: <20070309023124.GP6805@outflux.net>
User-Agent: Mutt/1.5.13 (2006-08-11)
From: debdev@tonelli.sns.it (A Mennucc)
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on rietz.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02

[Message part 1 (text/plain, inline)]
hi

you also need this patch

-- 
Andrea Mennucc

"The EULA sounds like it was written by a team of lawyers who want to tell 
me what I can't do, and the GPL sounds like it was written by a human 
being who wants me to know what I can do."
Anonymous,    http://www.securityfocus.com/columnists/420

[DS_VideoDecoder.c---SVN--22205.patch (text/x-diff, attachment)]
[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Jan 5 02:45:31 2018; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.