Debian Bug report logs - #443130
CVE-2007-4904 user-assisted remote denial of service

version graph

Package: helix-player; Maintainer for helix-player is (unknown);

Reported by: Nico Golde <nion@debian.org>

Date: Tue, 18 Sep 2007 22:36:01 UTC

Severity: minor

Tags: security

Found in version helix-player/1.0.8-2

Done: Daniel Baumann <daniel@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Daniel Baumann <daniel@debian.org>:
Bug#443130; Package helix-player. (full text, mbox, link).

Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Daniel Baumann <daniel@debian.org>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>
To: submit@bugs.debian.org
Subject: CVE-2007-4904 user-assisted remote denial of service
Date: Wed, 19 Sep 2007 00:34:45 +0200
[Message part 1 (text/plain, inline)]
Package: helix-player
Version: 1.0.8-2
Severity: normal
Tags: security

Hi Daniel,
a CVE was published for helix-player.
CVE-2007-4904[0]:
RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix 
Player 1.0.6.778 on Fedora Core 6 (FC6) and possibly other 
platforms, allow user-assisted remote attackers to cause a 
denial of service (application crash) via a malformed .au 
file that triggers a divide-by-zero error.

I can confirm this bug in unstable.
If you fix this bug please include the CVE id in the 
changelog.

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4904

Kind regards
Nico
-- 
Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Severity set to `minor' from `normal' Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Tue, 18 Sep 2007 22:39:02 GMT) (full text, mbox, link).

Reply sent to daniel@debian.org:
You have taken responsibility. (Fri, 16 Oct 2009 06:39:12 GMT) (full text, mbox, link).

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. (Fri, 16 Oct 2009 06:39:12 GMT) (full text, mbox, link).

Message #12 received at 443130-done@bugs.debian.org (full text, mbox, reply):

From: Daniel Baumann <daniel@debian.org>
To: 443130-done@bugs.debian.org
Subject: Re: CVE-2007-4904 user-assisted remote denial of service
Date: Fri, 16 Oct 2009 08:27:50 +0200
closing; package not in the archive anymore.

-- 
Address:        Daniel Baumann, Burgunderstrasse 3, CH-4562 Biberist
Email:          daniel.baumann@panthera-systems.net
Internet:       http://people.panthera-systems.net/~daniel-baumann/

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 13 Nov 2009 07:31:39 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Jul 2 07:02:08 2023; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.