Debian Bug report logs - #503118
vlc: CVE-2008-4686 integer overflow in ty parsing

version graph

Package: vlc-nox; Maintainer for vlc-nox is Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>; Source for vlc-nox is src:vlc.

Reported by: Remi Denis-Courmont <rdenis@simphalempin.com>

Date: Sun, 19 Oct 2008 13:21:01 UTC

Severity: grave

Tags: fixed-upstream, patch, security, upstream

Found in versions vlc/0.9.2-1, vlc/0.8.6.h-4

Fixed in versions 0.9.4-2, vlc/0.8.6.h-4.1, vlc/0.8.6.h-4+lenny1

Done: Nico Golde <nion@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>:
Bug#502726; Package vlc-nox. (Sun, 19 Oct 2008 13:21:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Remi Denis-Courmont <rdenis@simphalempin.com>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>. (Sun, 19 Oct 2008 13:21:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Remi Denis-Courmont <rdenis@simphalempin.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libty_plugin: vlc: exploitable buffer overflow in TY demux
Date: Sun, 19 Oct 2008 16:18:56 +0300
Package: vlc-nox
Version: 0.8.6.h-4
Severity: grave
File: libty_plugin
Tags: security
Justification: user security hole


VLC versions 0.8.2 through 0.9.4 are prone to an exploitable
stack-based buffer overflow in the TY (TiVo) file parser.

See also http://www.videolan.org/security/sa0809.html

N.B.: please give me the CVE ID if you allocate one.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.27 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages vlc-nox depends on:
ii  liba52-0.7.4           0.7.4-11          library for decoding ATSC A/52 str
ii  libasound2             1.0.16-2          ALSA library
ii  libavahi-client3       0.6.23-2          Avahi client library
ii  libavahi-common3       0.6.23-2          Avahi common library
ii  libavc1394-0           0.5.3-1+b1        control IEEE 1394 audio/video devi
ii  libavcodec51           0.svn20080206-14  ffmpeg codec library
ii  libavformat52          0.svn20080206-14  ffmpeg file format library
ii  libavutil49            0.svn20080206-14  ffmpeg utility library
ii  libc6                  2.7-15            GNU C Library: Shared libraries
ii  libcdio7               0.78.2+dfsg1-3    library to read and control CD-ROM
ii  libdbus-1-3            1.2.1-3           simple interprocess messaging syst
ii  libdvbpsi4             0.1.5-3.1         library for MPEG TS and DVB PSI ta
ii  libdvdnav4             4.1.2-3           DVD navigation library
ii  libdvdread3            0.9.7-11          library for reading DVDs
ii  libebml0               0.7.7-3.1         access library for the EBML format
ii  libfaad0               2.6.1-3.1         freeware Advanced Audio Decoder - 
ii  libflac8               1.2.1-1.2         Free Lossless Audio Codec - runtim
ii  libfreetype6           2.3.7-2           FreeType 2 font engine, shared lib
ii  libfribidi0            0.10.9-1          Free Implementation of the Unicode
ii  libgcc1                1:4.3.2-1         GCC support library
ii  libgcrypt11            1.4.1-1           LGPL Crypto library - runtime libr
ii  libgnutls26            2.4.2-1           the GNU TLS library - runtime libr
ii  libhal1                0.5.11-5          Hardware Abstraction Layer - share
ii  libid3tag0             0.15.1b-10        ID3 tag reading library from the M
ii  libiso9660-5           0.78.2+dfsg1-3    library to work with ISO9660 files
ii  liblircclient0         0.8.3-3           infra-red remote control support -
ii  libmad0                0.15.1b-3         MPEG audio decoder library
ii  libmatroska0           0.8.1-1.1         extensible open standard audio/vid
ii  libmodplug0c2          1:0.8.4-2         shared libraries for mod music bas
ii  libmpcdec3             1.2.2-1           Musepack (MPC) format library
ii  libmpeg2-4             0.4.1-3           MPEG1 and MPEG2 video decoder libr
ii  libncurses5            5.6+20081011-1    shared libraries for terminal hand
ii  libogg0                1.1.3-4           Ogg Bitstream Library
ii  libpng12-0             1.2.27-2          PNG library - runtime
ii  libpostproc51          0.svn20080206-14  ffmpeg video postprocessing librar
ii  libraw1394-8           1.3.0-4           library for direct access to IEEE 
ii  libsmbclient           2:3.2.3-3         shared library that allows applica
ii  libspeex1              1.2~rc1-1         The Speex codec runtime library
ii  libstdc++6             4.3.2-1           The GNU Standard C++ Library v3
ii  libsysfs2              2.1.0-5           interface library to sysfs
ii  libtheora0             1.0~beta3-1       The Theora Video Compression Codec
ii  libtwolame0            0.3.12-1          MPEG Audio Layer 2 encoding librar
ii  libvcdinfo0            0.7.23-4          library to extract information fro
ii  libvlc0                0.8.6.h-4         multimedia player and streamer lib
ii  libvorbis0a            1.2.0.dfsg-3.1    The Vorbis General Audio Compressi
ii  libvorbisenc2          1.2.0.dfsg-3.1    The Vorbis General Audio Compressi
ii  libxml2                2.6.32.dfsg-4     GNOME XML library
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

vlc-nox recommends no packages.

vlc-nox suggests no packages.

-- no debconf information




Tags added: upstream, fixed-upstream Request was from Rémi Denis-Courmont <rdenis@simphalempin.com> to control@bugs.debian.org. (Sun, 19 Oct 2008 13:33:02 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>:
Bug#502726; Package vlc-nox. (Sun, 19 Oct 2008 16:30:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>. (Sun, 19 Oct 2008 16:30:03 GMT) Full text and rfc822 format available.

Message #12 received at 502726@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: Remi Denis-Courmont <rdenis@simphalempin.com>, 502726@bugs.debian.org
Subject: Re: Bug#502726: libty_plugin: vlc: exploitable buffer overflow in TY demux
Date: Sun, 19 Oct 2008 18:28:39 +0200
Hi Remi,
* Remi Denis-Courmont <rdenis@simphalempin.com> [2008-10-19 17:44]:
> VLC versions 0.8.2 through 0.9.4 are prone to an exploitable
> stack-based buffer overflow in the TY (TiVo) file parser.
> 
> See also http://www.videolan.org/security/sa0809.html

are you sure that this is the case in 0.8.6.h-4?

> 
> N.B.: please give me the CVE ID if you allocate one.

I requested a CVE id and will forward it to you then.

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.




Information forwarded to debian-bugs-dist@lists.debian.org, Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>:
Bug#502726; Package vlc-nox. (Sun, 19 Oct 2008 16:39:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>. (Sun, 19 Oct 2008 16:39:02 GMT) Full text and rfc822 format available.

Message #17 received at 502726@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: Remi Denis-Courmont <rdenis@simphalempin.com>, 502726@bugs.debian.org
Subject: Re: Bug#502726: libty_plugin: vlc: exploitable buffer overflow in TY demux
Date: Sun, 19 Oct 2008 18:35:25 +0200
Hi Remi,
* Remi Denis-Courmont <rdenis@simphalempin.com> [2008-10-19 17:44]:
> VLC versions 0.8.2 through 0.9.4 are prone to an exploitable
> stack-based buffer overflow in the TY (TiVo) file parser.
> 
> See also http://www.videolan.org/security/sa0809.html

Are you sure that 0.8.6.h-4 in unstable is affected?
Looking at 
http://git.videolan.org/?p=vlc.git;a=blob;f=modules/demux/ty.c;h=65a408f67a363747f7308a8a858a6dad50e54e67;hb=26d92b87bba99b5ea2e17b7eaa39c462d65e9133
the overflow happens because of the integer conversion in 8 
+ i_map_size or if i_map_size + 8 exceeds mst_buf.
I had a look at the code in 0.8.6.h-4 and didn't see 
something similar. Only static size reads with correct 
sizes.

Can you confirm that this does not affect 0.8.6.h-4 and if 
not, what do I miss?

> N.B.: please give me the CVE ID if you allocate one.

I requested one and will forward it to you.

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.




Information forwarded to debian-bugs-dist@lists.debian.org, Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>:
Bug#502726; Package vlc-nox. (Sun, 19 Oct 2008 16:51:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Rémi Denis-Courmont <rdenis@simphalempin.com>:
Extra info received and forwarded to list. Copy sent to Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>. (Sun, 19 Oct 2008 16:51:08 GMT) Full text and rfc822 format available.

Message #22 received at 502726@bugs.debian.org (full text, mbox):

From: Rémi Denis-Courmont <rdenis@simphalempin.com>
To: Nico Golde <nion@debian.org>
Cc: 502726@bugs.debian.org, control@bugs.debian.org
Subject: Re: Bug#502726: libty_plugin: vlc: exploitable buffer overflow in TY demux
Date: Sun, 19 Oct 2008 19:48:08 +0300
tags 502726 + experimental
thanks

Le dimanche 19 octobre 2008 19:35:25 Nico Golde, vous avez écrit :
> > See also http://www.videolan.org/security/sa0809.html
>
> Are you sure that 0.8.6.h-4 in unstable is affected?
> Looking at
> http://git.videolan.org/?p=vlc.git;a=blob;f=modules/demux/ty.c;h=65a408f67a
>363747f7308a8a858a6dad50e54e67;hb=26d92b87bba99b5ea2e17b7eaa39c462d65e9133
> the overflow happens because of the integer conversion in 8
> + i_map_size or if i_map_size + 8 exceeds mst_buf.
> I had a look at the code in 0.8.6.h-4 and didn't see
> something similar. Only static size reads with correct
> sizes.
>
> Can you confirm that this does not affect 0.8.6.h-4 and if
> not, what do I miss?

Probably so. Unfortunately, I have no samples.

-- 
Rémi Denis-Courmont
http://www.remlab.net/




Tags added: experimental Request was from Rémi Denis-Courmont <rdenis@simphalempin.com> to control@bugs.debian.org. (Sun, 19 Oct 2008 16:51:10 GMT) Full text and rfc822 format available.

Reply sent to Christophe Mutricy <xtophe@videolan.org>:
You have taken responsibility. (Tue, 21 Oct 2008 01:21:05 GMT) Full text and rfc822 format available.

Notification sent to Remi Denis-Courmont <rdenis@simphalempin.com>:
Bug acknowledged by developer. (Tue, 21 Oct 2008 01:21:05 GMT) Full text and rfc822 format available.

Message #29 received at 502726-close@bugs.debian.org (full text, mbox):

From: Christophe Mutricy <xtophe@videolan.org>
To: 502726-close@bugs.debian.org
Subject: Bug#502726: fixed in vlc 0.9.4-2
Date: Tue, 21 Oct 2008 01:02:09 +0000
Source: vlc
Source-Version: 0.9.4-2

We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive:

libvlc-dev_0.9.4-2_i386.deb
  to pool/main/v/vlc/libvlc-dev_0.9.4-2_i386.deb
libvlc2_0.9.4-2_i386.deb
  to pool/main/v/vlc/libvlc2_0.9.4-2_i386.deb
libvlccore-dev_0.9.4-2_i386.deb
  to pool/main/v/vlc/libvlccore-dev_0.9.4-2_i386.deb
libvlccore0_0.9.4-2_i386.deb
  to pool/main/v/vlc/libvlccore0_0.9.4-2_i386.deb
mozilla-plugin-vlc_0.9.4-2_i386.deb
  to pool/main/v/vlc/mozilla-plugin-vlc_0.9.4-2_i386.deb
vlc-data_0.9.4-2_all.deb
  to pool/main/v/vlc/vlc-data_0.9.4-2_all.deb
vlc-dbg_0.9.4-2_i386.deb
  to pool/main/v/vlc/vlc-dbg_0.9.4-2_i386.deb
vlc-nox_0.9.4-2_i386.deb
  to pool/main/v/vlc/vlc-nox_0.9.4-2_i386.deb
vlc-plugin-arts_0.9.4-2_i386.deb
  to pool/main/v/vlc/vlc-plugin-arts_0.9.4-2_i386.deb
vlc-plugin-esd_0.9.4-2_i386.deb
  to pool/main/v/vlc/vlc-plugin-esd_0.9.4-2_i386.deb
vlc-plugin-ggi_0.9.4-2_i386.deb
  to pool/main/v/vlc/vlc-plugin-ggi_0.9.4-2_i386.deb
vlc-plugin-jack_0.9.4-2_i386.deb
  to pool/main/v/vlc/vlc-plugin-jack_0.9.4-2_i386.deb
vlc-plugin-pulse_0.9.4-2_i386.deb
  to pool/main/v/vlc/vlc-plugin-pulse_0.9.4-2_i386.deb
vlc-plugin-sdl_0.9.4-2_i386.deb
  to pool/main/v/vlc/vlc-plugin-sdl_0.9.4-2_i386.deb
vlc-plugin-svgalib_0.9.4-2_i386.deb
  to pool/main/v/vlc/vlc-plugin-svgalib_0.9.4-2_i386.deb
vlc_0.9.4-2.diff.gz
  to pool/main/v/vlc/vlc_0.9.4-2.diff.gz
vlc_0.9.4-2.dsc
  to pool/main/v/vlc/vlc_0.9.4-2.dsc
vlc_0.9.4-2_i386.deb
  to pool/main/v/vlc/vlc_0.9.4-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 502726@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christophe Mutricy <xtophe@videolan.org> (supplier of updated vlc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 20 Oct 2008 23:23:46 +0200
Source: vlc
Binary: vlc vlc-dbg vlc-nox libvlccore0 libvlc2 libvlccore-dev libvlc-dev vlc-plugin-esd vlc-plugin-sdl vlc-plugin-ggi vlc-plugin-arts mozilla-plugin-vlc vlc-plugin-svgalib vlc-plugin-jack vlc-plugin-pulse vlc-data
Architecture: source all i386
Version: 0.9.4-2
Distribution: experimental
Urgency: low
Maintainer: Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Christophe Mutricy <xtophe@videolan.org>
Description: 
 libvlc-dev - development files for VLC
 libvlc2    - multimedia player and streamer library
 libvlccore-dev - development files for VLC
 libvlccore0 - multimedia player and streamer library
 mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC
 vlc        - multimedia player and streamer
 vlc-data   - Common data for VLC
 vlc-dbg    - debugging symbols for vlc
 vlc-nox    - multimedia player and streamer (without X support)
 vlc-plugin-arts - aRts audio output plugin for VLC
 vlc-plugin-esd - Esound audio output plugin for VLC
 vlc-plugin-ggi - GGI video output plugin for VLC
 vlc-plugin-jack - Jack audio plugins for VLC
 vlc-plugin-pulse - PulseAudio plugin for VLC
 vlc-plugin-sdl - SDL video and audio output plugin for VLC
 vlc-plugin-svgalib - SVGAlib video output plugin for VLC
Closes: 502726
Changes: 
 vlc (0.9.4-2) experimental; urgency=low
 .
   * Fix buffer overflow in Tivo demuxer
     + Closes: #502726, VideoLAN SA-0809
     + 402_tivo_overflow.diff taken from upstream
   * Better xinerama fullscreen behaviour
     + 401_detect_xinerama_fullscreen.diff taken from upstream
   * Builddepends on libcursesw5-dev rather than libcurses5-dev
     for proper wide char handling
Checksums-Sha1: 
 50774df816b50a6930fff4a65f0287149350135b 3214 vlc_0.9.4-2.dsc
 932fd7bd0563a48b56e037cad23f9bcc85b69f5f 47557 vlc_0.9.4-2.diff.gz
 c76170d1a52ceea6692ebf19402e6c91f2f484cb 4998422 vlc-data_0.9.4-2_all.deb
 f38df5a50a2c581973db29c2242e479a457bd3c4 1644708 vlc_0.9.4-2_i386.deb
 a7dc34e5f21690362e4bebd7b9a924a993e070c0 10781126 vlc-dbg_0.9.4-2_i386.deb
 629fae13d6f3257052cc9cbd68d4157ff8215b38 2703928 vlc-nox_0.9.4-2_i386.deb
 4181f5122ee6492964c0405e66beaeede29764c6 390372 libvlccore0_0.9.4-2_i386.deb
 5a7051f1c24d875e3aa09a4b39f9dd47fbd743d1 46348 libvlc2_0.9.4-2_i386.deb
 6805bc1531be6ca49af189b0ce75e88868cc1248 525670 libvlccore-dev_0.9.4-2_i386.deb
 c8b0adefa9f89e5947c54b278e7437ea63272a5e 61872 libvlc-dev_0.9.4-2_i386.deb
 e19e8fcc95c536c13515f0ae82fea76716157327 4702 vlc-plugin-esd_0.9.4-2_i386.deb
 e7834451b6ad326ff38e241be0ab8a7aede33f53 11610 vlc-plugin-sdl_0.9.4-2_i386.deb
 4d92937fa25320cd57fe3a479d758b337bca085b 5962 vlc-plugin-ggi_0.9.4-2_i386.deb
 d2f8f10ef38c03d646125c937f1fffa97e69e0f0 3944 vlc-plugin-arts_0.9.4-2_i386.deb
 201ab0e2fcc2e5c546b519cc1c8b50e80c871288 38098 mozilla-plugin-vlc_0.9.4-2_i386.deb
 4cb9cb672c740cde08af4c89a53a274006eda47e 4548 vlc-plugin-svgalib_0.9.4-2_i386.deb
 9558763cd73a71794524d7c610e7d14efef1308b 10706 vlc-plugin-jack_0.9.4-2_i386.deb
 57e8253265560965f237e04ee413cf69ccb741b3 6872 vlc-plugin-pulse_0.9.4-2_i386.deb
Checksums-Sha256: 
 b9c7096fce2558824929d00b6614a707c31303ccc2aafe8cb162385426026e18 3214 vlc_0.9.4-2.dsc
 3b8ba5e1fd9a46bc5d63a28af3c4ddcca17748989a424a98ddb9ca3cbe5478a8 47557 vlc_0.9.4-2.diff.gz
 0343f32f01938fe3c407cdcf6bcd55c7b935579f5ed6ad63910a21f825de3e8f 4998422 vlc-data_0.9.4-2_all.deb
 71331eec52b37b467aacad89f9ef3166b7ae97768aea40009bd224b40790c94a 1644708 vlc_0.9.4-2_i386.deb
 79a88d0673c06357cae5f12f0577c3bebe91d69872c709c485f4f6327a225387 10781126 vlc-dbg_0.9.4-2_i386.deb
 87d2e525a397175910f0faa53cff4d69eedcb8b3948b4d5037ba55981d76e2c2 2703928 vlc-nox_0.9.4-2_i386.deb
 70ec7f154c4e99f12c367f6057d56cf8e68b4c1f3982f5a955e0c6336f1736de 390372 libvlccore0_0.9.4-2_i386.deb
 39dccc8bc6d791aeb014dc82c41be0e4ac9732b8eac6d76def7953f570df8397 46348 libvlc2_0.9.4-2_i386.deb
 c513d4db075f226dd3d879f76fe99906f96aa29b259473b2a085730eb640e408 525670 libvlccore-dev_0.9.4-2_i386.deb
 3e5805f07d297c56a3badeed5941bd81187b88d6035c758102bf0e5af24dade6 61872 libvlc-dev_0.9.4-2_i386.deb
 7e9d362dc99fc060cd0f31cfd0a0a40eff56f813b99b4a1e5bd42d29a186433c 4702 vlc-plugin-esd_0.9.4-2_i386.deb
 d29e8a65eb3a7e3894fe2cd9f112ca1d6ba9a81b82251bf3081eeb90631813cb 11610 vlc-plugin-sdl_0.9.4-2_i386.deb
 ce56927254f3059132e468c7394dbf2e8c3629b1eae7b9151be5162bb8ae8c82 5962 vlc-plugin-ggi_0.9.4-2_i386.deb
 62ec294764b9e72bae773dc85e2b6e4a400f0e638c40b760f9d829120f9aeef4 3944 vlc-plugin-arts_0.9.4-2_i386.deb
 c898c45b321fed70770127b545feb6ec1feffed9a1bf1dcf52c32c988924fce7 38098 mozilla-plugin-vlc_0.9.4-2_i386.deb
 c471046ea29d5037b2faecde409b28027ece61c18116845e5d471a73fa27a7af 4548 vlc-plugin-svgalib_0.9.4-2_i386.deb
 201e02cfb9af0eb7a695659afdc2a152b3dcd0b3e66fe63c971aaeee70eda502 10706 vlc-plugin-jack_0.9.4-2_i386.deb
 e64fe75137d6b669da2b0de4fd9985ecc1cd5d87ed0785ac57e37fdb8217ff1a 6872 vlc-plugin-pulse_0.9.4-2_i386.deb
Files: 
 a789e18fabaa2498d4f46d9d4d120ba1 3214 graphics optional vlc_0.9.4-2.dsc
 02386f19e531eb5ff261bd8568a73d40 47557 graphics optional vlc_0.9.4-2.diff.gz
 cfcc325718d792556a5e2c48fb24936b 4998422 graphics optional vlc-data_0.9.4-2_all.deb
 ecfe32c478a5873d067f74e85612c491 1644708 graphics optional vlc_0.9.4-2_i386.deb
 f44473839abf41954a50236d9cda507e 10781126 graphics extra vlc-dbg_0.9.4-2_i386.deb
 1bba7faf97ea7f9321cac9f1a9b9038a 2703928 net optional vlc-nox_0.9.4-2_i386.deb
 4c0740ff55715d97f7656a3e936d9b0e 390372 libs optional libvlccore0_0.9.4-2_i386.deb
 30a31fff571261aaa4bfcc2ccce17df1 46348 libs optional libvlc2_0.9.4-2_i386.deb
 b5fee6a1e1c369bcdf4a3677d891a77d 525670 libdevel optional libvlccore-dev_0.9.4-2_i386.deb
 4bb676fae4c26311fec148421975ca3f 61872 libdevel optional libvlc-dev_0.9.4-2_i386.deb
 3d94de5958bb07749a223033f5d055e8 4702 graphics optional vlc-plugin-esd_0.9.4-2_i386.deb
 1fbf9bc6954cfd0020e6c33f552417ab 11610 graphics optional vlc-plugin-sdl_0.9.4-2_i386.deb
 fe83f5f6da0287f60124a5b80d37d8e7 5962 graphics optional vlc-plugin-ggi_0.9.4-2_i386.deb
 dc885b3b494594ce051ab39e512b932a 3944 graphics optional vlc-plugin-arts_0.9.4-2_i386.deb
 104c02d19b41fe8e4665f71d279598de 38098 graphics optional mozilla-plugin-vlc_0.9.4-2_i386.deb
 a373813eb611a809bf7ff164126f1d66 4548 graphics optional vlc-plugin-svgalib_0.9.4-2_i386.deb
 c3d2fc4f2830d9d696e69db0f30aac6f 10706 graphics optional vlc-plugin-jack_0.9.4-2_i386.deb
 1d0c6bf9105c047ca007a02e6fbe9455 6872 graphics optional vlc-plugin-pulse_0.9.4-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkj9JNIACgkQOU3FkQ7XBOqChgCgxbZebWCxBW21bJ500qLGrypP
HPEAn1bCBS2yWIs3OvNGAx0lSfLgkDjh
=JXJP
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>:
Bug#502726; Package vlc-nox. (Wed, 22 Oct 2008 17:24:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>. (Wed, 22 Oct 2008 17:24:04 GMT) Full text and rfc822 format available.

Message #34 received at 502726@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: Rémi Denis-Courmont <rdenis@simphalempin.com>, 502726@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: Bug#502726: libty_plugin: vlc: exploitable buffer overflow in TY demux
Date: Wed, 22 Oct 2008 19:22:51 +0200
[Message part 1 (text/plain, inline)]
retitle 502726 vlc: CVE-2008-4654, CVE-2008-4686 buffer overflow in ty parsing and multiple integer overflows
thanks

Hi Rémi,
* Rémi Denis-Courmont <rdenis@simphalempin.com> [2008-10-19 20:22]:
> Le dimanche 19 octobre 2008 19:35:25 Nico Golde, vous avez écrit :
> > > See also http://www.videolan.org/security/sa0809.html
> >
> > Are you sure that 0.8.6.h-4 in unstable is affected?
> > Looking at
> > http://git.videolan.org/?p=vlc.git;a=blob;f=modules/demux/ty.c;h=65a408f67a
> >363747f7308a8a858a6dad50e54e67;hb=26d92b87bba99b5ea2e17b7eaa39c462d65e9133
> > the overflow happens because of the integer conversion in 8
> > + i_map_size or if i_map_size + 8 exceeds mst_buf.
> > I had a look at the code in 0.8.6.h-4 and didn't see
> > something similar. Only static size reads with correct
> > sizes.
> >
> > Can you confirm that this does not affect 0.8.6.h-4 and if
> > not, what do I miss?
>
> Probably so. Unfortunately, I have no samples.

Here are the CVE ids:
Name: CVE-2008-4654
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4654
Reference: BUGTRAQ:20081020 [TKADV2008-010] VLC media player TiVo ty Processing Stack Overflow Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/497587/100/0/threaded
Reference: MLIST:[oss-security] 20081019 CVE id request: vlc
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/19/2
Reference: MISC:http://www.trapkit.de/advisories/TKADV2008-010.txt
Reference: CONFIRM:http://git.videolan.org/?p=vlc.git;a=commit;h=fde9e1cc1fe1ec9635169fa071e42b3aa6436033
Reference: CONFIRM:http://git.videolan.org/?p=vlc.git;a=commitdiff;h=26d92b87bba99b5ea2e17b7eaa39c462d65e9133
Reference: CONFIRM:http://www.videolan.org/security/sa0809.html
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502726
Reference: BID:31813
Reference: URL:http://www.securityfocus.com/bid/31813
Reference: FRSIRT:ADV-2008-2856
Reference: URL:http://www.frsirt.com/english/advisories/2008/2856
Reference: SECUNIA:32339
Reference: URL:http://secunia.com/advisories/32339
Reference: XF:vlcmediaplayer-ty-bo(45960)
Reference: URL:http://xforce.iss.net/xforce/xfdb/45960

Stack-based buffer overflow in the parse_master function in the Ty
demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through
0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY
media file with a header containing a crafted size value.

Name: CVE-2008-4686
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4686
Reference: MLIST:[oss-security] 20081019 CVE id request: vlc
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/19/2
Reference: CONFIRM:http://git.videolan.org/?p=vlc.git;a=commitdiff;h=d859e6b9537af2d7326276f70de25a840f554dc3

Multiple integer overflows in ty.c in the TY demux plugin (aka the
TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, allow
remote attackers to have an unknown impact via a crafted .ty file, a
different vulnerability than CVE-2008-4654.


The second one was not covered by your original bug report but this is probably
also security relevant.

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Changed Bug title to `vlc: CVE-2008-4654, CVE-2008-4686 buffer overflow in ty parsing and multiple integer overflows' from `libty_plugin: vlc: exploitable buffer overflow in TY demux'. Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Wed, 22 Oct 2008 17:24:05 GMT) Full text and rfc822 format available.

Bug 502726 cloned as bug 503118. Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Wed, 22 Oct 2008 17:33:03 GMT) Full text and rfc822 format available.

Changed Bug title to `vlc: CVE-2008-4686 integer overflow in ty parsing' from `vlc: CVE-2008-4654, CVE-2008-4686 buffer overflow in ty parsing and multiple integer overflows'. Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Wed, 22 Oct 2008 17:33:05 GMT) Full text and rfc822 format available.

Severity set to `grave' from `grave' Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Wed, 22 Oct 2008 17:33:06 GMT) Full text and rfc822 format available.

Tags removed: experimental Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Wed, 22 Oct 2008 17:33:06 GMT) Full text and rfc822 format available.

Tags added: patch Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Wed, 22 Oct 2008 17:33:07 GMT) Full text and rfc822 format available.

Bug no longer marked as fixed in version 0.9.4-2. Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Wed, 22 Oct 2008 17:39:05 GMT) Full text and rfc822 format available.

Bug reopened, originator not changed. Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Wed, 22 Oct 2008 17:42:07 GMT) Full text and rfc822 format available.

Reply sent to Nico Golde <nion@debian.org>:
You have taken responsibility. (Wed, 22 Oct 2008 18:57:03 GMT) Full text and rfc822 format available.

Notification sent to Remi Denis-Courmont <rdenis@simphalempin.com>:
Bug acknowledged by developer. (Wed, 22 Oct 2008 18:57:05 GMT) Full text and rfc822 format available.

Message #55 received at 503118-done@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 503118-done@bugs.debian.org
Subject: closing
Date: Wed, 22 Oct 2008 20:54:15 +0200
[Message part 1 (text/plain, inline)]
Version: 0.9.4-2

Sorry I didn't see you included the second patch as well as 
it wasn't mentioned in the changelog.

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Bug no longer marked as found in version 0.8.6.h-4. Request was from Ben Hutchings <ben@decadent.org.uk> to control@bugs.debian.org. (Sun, 26 Oct 2008 17:42:07 GMT) Full text and rfc822 format available.

Bug marked as found in version 0.9.2-1. Request was from Ben Hutchings <ben@decadent.org.uk> to control@bugs.debian.org. (Sun, 26 Oct 2008 17:42:08 GMT) Full text and rfc822 format available.

Bug marked as found in version 0.8.6.h-4. Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Sat, 01 Nov 2008 13:12:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>:
Bug#503118; Package vlc-nox. (Sat, 01 Nov 2008 13:27:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>. (Sat, 01 Nov 2008 13:27:05 GMT) Full text and rfc822 format available.

Message #66 received at 503118@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 503118@bugs.debian.org
Subject: patch for CVE-2008-4686
Date: Sat, 1 Nov 2008 14:21:20 +0100
[Message part 1 (text/plain, inline)]
Hi,
attached is a ported version of the patch for 0.8.6.

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[CVE-2008-4686.diff (text/x-diff, attachment)]
[Message part 3 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>:
Bug#503118; Package vlc-nox. (Mon, 03 Nov 2008 14:18:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>. (Mon, 03 Nov 2008 14:18:03 GMT) Full text and rfc822 format available.

Message #71 received at 503118@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 503118@bugs.debian.org
Subject: patch for NMU
Date: Mon, 3 Nov 2008 15:16:05 +0100
[Message part 1 (text/plain, inline)]
Hi,
the patch for the NMU is archived on:
http://people.debian.org/~nion/nmu-diff/vlc-0.8.6.h-4_0.8.6.h-4.1.patch 
and attached to this mail.

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[vlc-0.8.6.h-4_0.8.6.h-4.1.patch (text/x-diff, attachment)]
[Message part 3 (application/pgp-signature, inline)]

Reply sent to Nico Golde <nion@debian.org>:
You have taken responsibility. (Mon, 03 Nov 2008 14:21:03 GMT) Full text and rfc822 format available.

Notification sent to Remi Denis-Courmont <rdenis@simphalempin.com>:
Bug acknowledged by developer. (Mon, 03 Nov 2008 14:21:04 GMT) Full text and rfc822 format available.

Message #76 received at 503118-close@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 503118-close@bugs.debian.org
Subject: Bug#503118: fixed in vlc 0.8.6.h-4.1
Date: Mon, 03 Nov 2008 14:17:10 +0000
Source: vlc
Source-Version: 0.8.6.h-4.1

We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive:

libvlc0-dev_0.8.6.h-4.1_amd64.deb
  to pool/main/v/vlc/libvlc0-dev_0.8.6.h-4.1_amd64.deb
libvlc0_0.8.6.h-4.1_amd64.deb
  to pool/main/v/vlc/libvlc0_0.8.6.h-4.1_amd64.deb
mozilla-plugin-vlc_0.8.6.h-4.1_amd64.deb
  to pool/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4.1_amd64.deb
vlc-nox_0.8.6.h-4.1_amd64.deb
  to pool/main/v/vlc/vlc-nox_0.8.6.h-4.1_amd64.deb
vlc-plugin-arts_0.8.6.h-4.1_amd64.deb
  to pool/main/v/vlc/vlc-plugin-arts_0.8.6.h-4.1_amd64.deb
vlc-plugin-esd_0.8.6.h-4.1_amd64.deb
  to pool/main/v/vlc/vlc-plugin-esd_0.8.6.h-4.1_amd64.deb
vlc-plugin-ggi_0.8.6.h-4.1_amd64.deb
  to pool/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4.1_amd64.deb
vlc-plugin-jack_0.8.6.h-4.1_amd64.deb
  to pool/main/v/vlc/vlc-plugin-jack_0.8.6.h-4.1_amd64.deb
vlc-plugin-sdl_0.8.6.h-4.1_amd64.deb
  to pool/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4.1_amd64.deb
vlc-plugin-svgalib_0.8.6.h-4.1_amd64.deb
  to pool/main/v/vlc/vlc-plugin-svgalib_0.8.6.h-4.1_amd64.deb
vlc_0.8.6.h-4.1.diff.gz
  to pool/main/v/vlc/vlc_0.8.6.h-4.1.diff.gz
vlc_0.8.6.h-4.1.dsc
  to pool/main/v/vlc/vlc_0.8.6.h-4.1.dsc
vlc_0.8.6.h-4.1_amd64.deb
  to pool/main/v/vlc/vlc_0.8.6.h-4.1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 503118@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated vlc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 03 Nov 2008 14:41:58 +0100
Source: vlc
Binary: vlc vlc-nox libvlc0 libvlc0-dev vlc-plugin-esd vlc-plugin-sdl vlc-plugin-ggi vlc-plugin-glide vlc-plugin-arts mozilla-plugin-vlc vlc-plugin-svgalib vlc-plugin-jack
Architecture: source amd64
Version: 0.8.6.h-4.1
Distribution: unstable
Urgency: high
Maintainer: Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description: 
 libvlc0    - multimedia player and streamer library
 libvlc0-dev - development files for VLC
 mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC
 vlc        - multimedia player and streamer
 vlc-nox    - multimedia player and streamer (without X support)
 vlc-plugin-arts - aRts audio output plugin for VLC
 vlc-plugin-esd - Esound audio output plugin for VLC
 vlc-plugin-ggi - GGI video output plugin for VLC
 vlc-plugin-glide - Glide video output plugin for VLC
 vlc-plugin-jack - Jack audio plugins for VLC
 vlc-plugin-sdl - SDL video and audio output plugin for VLC
 vlc-plugin-svgalib - SVGAlib video output plugin for VLC
Closes: 503118
Changes: 
 vlc (0.8.6.h-4.1) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix integer overflows that could possibly lead to arbitrary
     code execution (CVE-2008-4686.diff; Closes: #503118).
Checksums-Sha1: 
 73d20925768ecb35757524e8805fb64da9fd64cd 3061 vlc_0.8.6.h-4.1.dsc
 47fbf6f62f32d3a3703f7ebf18b0b1eb4d743282 44259 vlc_0.8.6.h-4.1.diff.gz
 6f65257ef036a40dd95046baad9515a86b113535 1102546 vlc_0.8.6.h-4.1_amd64.deb
 f47b75c38459fee4a3ca7b8a100019b6d3bc17c1 4958462 vlc-nox_0.8.6.h-4.1_amd64.deb
 037f42714675a6a427b635be9125686156583fa1 461254 libvlc0_0.8.6.h-4.1_amd64.deb
 53d0be764042c8d35c5f63730090b3296b10ad3c 501896 libvlc0-dev_0.8.6.h-4.1_amd64.deb
 fb4dc3d727c12207700fbbe9295d025a586b29cc 4580 vlc-plugin-esd_0.8.6.h-4.1_amd64.deb
 f87277cf69c26c5d1961c174e6eb66c61b7f781c 11728 vlc-plugin-sdl_0.8.6.h-4.1_amd64.deb
 5e5398925e98b4f898533881f9d0453a4c35125c 6236 vlc-plugin-ggi_0.8.6.h-4.1_amd64.deb
 eec8cca3de0344bc85c5dc2939bfee94f8e9fa66 4224 vlc-plugin-arts_0.8.6.h-4.1_amd64.deb
 3eee96bb863d6c61d413998ae8c0c81843481bd1 37418 mozilla-plugin-vlc_0.8.6.h-4.1_amd64.deb
 d3e9ef853725926f1e3ad24f24a6af249658a79e 4792 vlc-plugin-svgalib_0.8.6.h-4.1_amd64.deb
 76272d45dfd8892b64f3c0143b76a35102e6e4c8 4988 vlc-plugin-jack_0.8.6.h-4.1_amd64.deb
Checksums-Sha256: 
 e50e2307db885b99e97d4870a19ffa5699b68f7313983059f6470ecfc247e994 3061 vlc_0.8.6.h-4.1.dsc
 0a0b5baf4f1bb71b8ccba194663ffdd3c76a1daed25f8567505b3259877c6d47 44259 vlc_0.8.6.h-4.1.diff.gz
 410718797c608176e3bd4d63e9214da986be47c1fa40fb2ef289163632005e61 1102546 vlc_0.8.6.h-4.1_amd64.deb
 e56d39a766e5e26f8753958147203ec04b8ad78f626a42e8f27ba1c088e0e96a 4958462 vlc-nox_0.8.6.h-4.1_amd64.deb
 e44b60c9ff87d5e0216391f4040838dfee75d09e1ff213f4f1cb72eac9a1d94b 461254 libvlc0_0.8.6.h-4.1_amd64.deb
 6f4c3a794b973fb608638ccbf511b543a40b4918665816cbf2055cd23c32b95c 501896 libvlc0-dev_0.8.6.h-4.1_amd64.deb
 1f72365f99d78e9c2efb9decef334ae390d373fd3a52b8db089a9c03f99d4605 4580 vlc-plugin-esd_0.8.6.h-4.1_amd64.deb
 f396215aee999839aa68714f00447adda568688b6495b34fbcd8462c363e2b82 11728 vlc-plugin-sdl_0.8.6.h-4.1_amd64.deb
 1e0145100cd0624180270333848078788fdd4bf18881880f48e93fa80df2755b 6236 vlc-plugin-ggi_0.8.6.h-4.1_amd64.deb
 0985997eacb93e82890ecd66664d15b36c6842250421da1d94b8589c5edb4c17 4224 vlc-plugin-arts_0.8.6.h-4.1_amd64.deb
 44f4ed17acfdf20189c9e1250e1b3f424afe76fe31f4e97c05b57cc33320a162 37418 mozilla-plugin-vlc_0.8.6.h-4.1_amd64.deb
 b050c1e047efead22520e16bd68090f53a9ed255855d68d166209bc930d73827 4792 vlc-plugin-svgalib_0.8.6.h-4.1_amd64.deb
 3c7880bc37ddb7011dfec01c1584a5a1ff7fdf5d9c6cd6d64f33e85035aa971d 4988 vlc-plugin-jack_0.8.6.h-4.1_amd64.deb
Files: 
 e37d47f7f65d45f8968b5808aec13b7b 3061 graphics optional vlc_0.8.6.h-4.1.dsc
 d6d474974d1339c518cd0b8b4dd0b90f 44259 graphics optional vlc_0.8.6.h-4.1.diff.gz
 6e9805be9b8a86f0e55fa95f0200e5f6 1102546 graphics optional vlc_0.8.6.h-4.1_amd64.deb
 87ec42ad9aff245b0219c1de43b06906 4958462 net optional vlc-nox_0.8.6.h-4.1_amd64.deb
 f2008ab65362b24694e515aa117207e2 461254 libs optional libvlc0_0.8.6.h-4.1_amd64.deb
 2487732a281c6bc365956344067b0af9 501896 libdevel optional libvlc0-dev_0.8.6.h-4.1_amd64.deb
 fbe5628c3dcc5277df19377f9257cb1f 4580 graphics optional vlc-plugin-esd_0.8.6.h-4.1_amd64.deb
 b545acee8452a95aab828eb0948e9635 11728 graphics optional vlc-plugin-sdl_0.8.6.h-4.1_amd64.deb
 cefa2d30b043f833dab2bd909cd1ac87 6236 graphics optional vlc-plugin-ggi_0.8.6.h-4.1_amd64.deb
 7649c16a508c1002bccd6e3146088e19 4224 graphics optional vlc-plugin-arts_0.8.6.h-4.1_amd64.deb
 cb2e08cc41a657d1431011ff652bfab8 37418 graphics optional mozilla-plugin-vlc_0.8.6.h-4.1_amd64.deb
 151b25c7c7b0891f1c3a6f261b899bd0 4792 graphics optional vlc-plugin-svgalib_0.8.6.h-4.1_amd64.deb
 9ebc01536ba4819bcb472020960f50e1 4988 graphics optional vlc-plugin-jack_0.8.6.h-4.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkPBUAACgkQHYflSXNkfP8g3wCeI1vUkOL9sqFscSo0+EZ6BdL3
bmEAoLOiuGuhsFNGSXgWgpz2mTwX3PED
=KvLu
-----END PGP SIGNATURE-----





Reply sent to Nico Golde <nion@debian.org>:
You have taken responsibility. (Wed, 05 Nov 2008 22:56:29 GMT) Full text and rfc822 format available.

Notification sent to Remi Denis-Courmont <rdenis@simphalempin.com>:
Bug acknowledged by developer. (Wed, 05 Nov 2008 22:56:33 GMT) Full text and rfc822 format available.

Message #81 received at 503118-close@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 503118-close@bugs.debian.org
Subject: Bug#503118: fixed in vlc 0.8.6.h-4+lenny1
Date: Wed, 05 Nov 2008 22:32:18 +0000
Source: vlc
Source-Version: 0.8.6.h-4+lenny1

We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive:

libvlc0-dev_0.8.6.h-4+lenny1_amd64.deb
  to pool/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny1_amd64.deb
libvlc0_0.8.6.h-4+lenny1_amd64.deb
  to pool/main/v/vlc/libvlc0_0.8.6.h-4+lenny1_amd64.deb
mozilla-plugin-vlc_0.8.6.h-4+lenny1_amd64.deb
  to pool/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny1_amd64.deb
vlc-nox_0.8.6.h-4+lenny1_amd64.deb
  to pool/main/v/vlc/vlc-nox_0.8.6.h-4+lenny1_amd64.deb
vlc-plugin-arts_0.8.6.h-4+lenny1_amd64.deb
  to pool/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny1_amd64.deb
vlc-plugin-esd_0.8.6.h-4+lenny1_amd64.deb
  to pool/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny1_amd64.deb
vlc-plugin-ggi_0.8.6.h-4+lenny1_amd64.deb
  to pool/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny1_amd64.deb
vlc-plugin-jack_0.8.6.h-4+lenny1_amd64.deb
  to pool/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny1_amd64.deb
vlc-plugin-sdl_0.8.6.h-4+lenny1_amd64.deb
  to pool/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny1_amd64.deb
vlc-plugin-svgalib_0.8.6.h-4+lenny1_amd64.deb
  to pool/main/v/vlc/vlc-plugin-svgalib_0.8.6.h-4+lenny1_amd64.deb
vlc_0.8.6.h-4+lenny1.diff.gz
  to pool/main/v/vlc/vlc_0.8.6.h-4+lenny1.diff.gz
vlc_0.8.6.h-4+lenny1.dsc
  to pool/main/v/vlc/vlc_0.8.6.h-4+lenny1.dsc
vlc_0.8.6.h-4+lenny1_amd64.deb
  to pool/main/v/vlc/vlc_0.8.6.h-4+lenny1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 503118@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated vlc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 03 Nov 2008 14:41:58 +0100
Source: vlc
Binary: vlc vlc-nox libvlc0 libvlc0-dev vlc-plugin-esd vlc-plugin-sdl vlc-plugin-ggi vlc-plugin-glide vlc-plugin-arts mozilla-plugin-vlc vlc-plugin-svgalib vlc-plugin-jack
Architecture: source amd64
Version: 0.8.6.h-4+lenny1
Distribution: testing-security
Urgency: high
Maintainer: Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description: 
 libvlc0    - multimedia player and streamer library
 libvlc0-dev - development files for VLC
 mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC
 vlc        - multimedia player and streamer
 vlc-nox    - multimedia player and streamer (without X support)
 vlc-plugin-arts - aRts audio output plugin for VLC
 vlc-plugin-esd - Esound audio output plugin for VLC
 vlc-plugin-ggi - GGI video output plugin for VLC
 vlc-plugin-glide - Glide video output plugin for VLC
 vlc-plugin-jack - Jack audio plugins for VLC
 vlc-plugin-sdl - SDL video and audio output plugin for VLC
 vlc-plugin-svgalib - SVGAlib video output plugin for VLC
Closes: 503118
Changes: 
 vlc (0.8.6.h-4+lenny1) testing-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix integer overflows that could possibly lead to arbitrary
     code execution (CVE-2008-4686.diff; Closes: #503118).
Checksums-Sha1: 
 d5eb5ee85e35d28fa70c32c384efdb30018843f2 3081 vlc_0.8.6.h-4+lenny1.dsc
 829b2599a9188254d1c109be377b4a9c18e14482 16977154 vlc_0.8.6.h.orig.tar.gz
 77690db64a86196375844da584f6b9475273821e 43887 vlc_0.8.6.h-4+lenny1.diff.gz
 d3c85f508f389124cfe6b376f51c26c30f27ad9f 1096978 vlc_0.8.6.h-4+lenny1_amd64.deb
 cffbf335462779d75bdeb7c12e10571a577ab2d7 4953936 vlc-nox_0.8.6.h-4+lenny1_amd64.deb
 4689c93807bfb310d657a87eef33c0f236486330 462378 libvlc0_0.8.6.h-4+lenny1_amd64.deb
 7493a02036c64cb9c03ca9f366ed47891a71ceee 501462 libvlc0-dev_0.8.6.h-4+lenny1_amd64.deb
 dd1f69f17232893ee56aaa7d64c3534006e10e20 4582 vlc-plugin-esd_0.8.6.h-4+lenny1_amd64.deb
 4649115fc1026241fc616ff4538f44a495a9907e 11754 vlc-plugin-sdl_0.8.6.h-4+lenny1_amd64.deb
 89f91ae82d24e2d257dd92b415449cede39624f9 6238 vlc-plugin-ggi_0.8.6.h-4+lenny1_amd64.deb
 621e2699fac0c00b3075bc9ea9647a28eefe3ace 4224 vlc-plugin-arts_0.8.6.h-4+lenny1_amd64.deb
 12c018bc4196f62af7a87d4d4f6f3d3b9964962a 37418 mozilla-plugin-vlc_0.8.6.h-4+lenny1_amd64.deb
 7c318fc99e2886ecd18bb23bc5cf0feefa1c3f24 4806 vlc-plugin-svgalib_0.8.6.h-4+lenny1_amd64.deb
 0b2dec433c10bad4b5026a76b5ec67f6f71237bc 4986 vlc-plugin-jack_0.8.6.h-4+lenny1_amd64.deb
Checksums-Sha256: 
 ed0b409463b052007cc8e5d39c2589c89f42f4be269ff75734d26acbf34a776e 3081 vlc_0.8.6.h-4+lenny1.dsc
 92a998f2ca53b77610c608436b2e8d991442742f25793c136cb4ee095eec1eff 16977154 vlc_0.8.6.h.orig.tar.gz
 15bda9d9029cfcf71b6101f99c3c32295aa7e3faec757f8393e15287df6f13e3 43887 vlc_0.8.6.h-4+lenny1.diff.gz
 fe7029f76a1a2b6a38bb1b17f2818b2cdf3a36cc10bc8830a2916231ec4542f4 1096978 vlc_0.8.6.h-4+lenny1_amd64.deb
 aef1ddf69a196601f9073a2d65afd5aa4189ce943aea68c030673c90069d70d3 4953936 vlc-nox_0.8.6.h-4+lenny1_amd64.deb
 87cd49e219bd539d24f8d7fc74e763f98ad83b1426c9374e713025ae07a2c309 462378 libvlc0_0.8.6.h-4+lenny1_amd64.deb
 3840cfbadf4fba1af12cc421600a855220b69525645271d50400f55139369b77 501462 libvlc0-dev_0.8.6.h-4+lenny1_amd64.deb
 b7ce7a58552b4a885324291b0683075342142aa8c616e7cd3cac2976062bac55 4582 vlc-plugin-esd_0.8.6.h-4+lenny1_amd64.deb
 4c0bb1e9e2cadd82abcb5d7f13c62bd76bc158f53d2e120496e697ac645c3fe0 11754 vlc-plugin-sdl_0.8.6.h-4+lenny1_amd64.deb
 d1b6ca88e13603c31972c3dd6d949f5c0a4d5e84e7aa5034cda9c39a51d2ed1b 6238 vlc-plugin-ggi_0.8.6.h-4+lenny1_amd64.deb
 562b0689c31b6039c2ebf54768b7839d30db78a5ceead4cce425285e934f3297 4224 vlc-plugin-arts_0.8.6.h-4+lenny1_amd64.deb
 b0299a2a1e4b3fe75ba380c61b0dd6243106b68ac10ba8b677d6d3c4847c77cc 37418 mozilla-plugin-vlc_0.8.6.h-4+lenny1_amd64.deb
 14348552dbfed753d7c68bb8aa57ffbabe9b005ef1230c379dfab6c4a0aa240a 4806 vlc-plugin-svgalib_0.8.6.h-4+lenny1_amd64.deb
 38d376eb8bce224ea1bc093d63427227fddff69063f2c35d2cb7f86546cbcff2 4986 vlc-plugin-jack_0.8.6.h-4+lenny1_amd64.deb
Files: 
 efe9188d0a58935932d477534aa94a2a 3081 graphics optional vlc_0.8.6.h-4+lenny1.dsc
 9b3e15802b482cb12e79d2eb8cc4ea98 16977154 graphics optional vlc_0.8.6.h.orig.tar.gz
 3829a09fcbc99b193b2eda36eac309ab 43887 graphics optional vlc_0.8.6.h-4+lenny1.diff.gz
 82f0bfe44c19517bc063e338294d3e6b 1096978 graphics optional vlc_0.8.6.h-4+lenny1_amd64.deb
 895e919a3e4374af76cb1776ba60f742 4953936 net optional vlc-nox_0.8.6.h-4+lenny1_amd64.deb
 b7fcaf819b6e985eeb4ed0c3c360f723 462378 libs optional libvlc0_0.8.6.h-4+lenny1_amd64.deb
 41aa7bc07a1d328868dda2baa8f2edd4 501462 libdevel optional libvlc0-dev_0.8.6.h-4+lenny1_amd64.deb
 36c50e92290cddb655f4426fb87ac108 4582 graphics optional vlc-plugin-esd_0.8.6.h-4+lenny1_amd64.deb
 f808604cfc59983e4937f946c01571f5 11754 graphics optional vlc-plugin-sdl_0.8.6.h-4+lenny1_amd64.deb
 3711ffb6d58cab88d46ec2275fe98b7b 6238 graphics optional vlc-plugin-ggi_0.8.6.h-4+lenny1_amd64.deb
 8759e7e76253c804dc1dfc1f3ed75610 4224 graphics optional vlc-plugin-arts_0.8.6.h-4+lenny1_amd64.deb
 4629b5d58adcd3664a190cd19a304177 37418 graphics optional mozilla-plugin-vlc_0.8.6.h-4+lenny1_amd64.deb
 86c4012be6ed433d39c76b75aad4facb 4806 graphics optional vlc-plugin-svgalib_0.8.6.h-4+lenny1_amd64.deb
 d4fc07ff52a75462e3d610cd06295834 4986 graphics optional vlc-plugin-jack_0.8.6.h-4+lenny1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkR73AACgkQHYflSXNkfP8+hgCfYYfWgmGbxSlq0pX6F4Q2JuIT
otAAn0Tyyq2+K/1+ttKyaxetl0h2Ombm
=TVYu
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 05 Dec 2008 07:26:17 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 16:36:22 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.