Debian Bug report logs - #504639
vlc: buffer overflow in CUE support

version graph

Package: vlc-nox; Maintainer for vlc-nox is Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>; Source for vlc-nox is src:vlc.

Reported by: Remi Denis-Courmont <rdenis@simphalempin.com>

Date: Wed, 5 Nov 2008 20:51:06 UTC

Severity: grave

Tags: security

Found in version vlc/0.8.6.h-4.1

Fixed in versions vlc/0.8.6.h-4+lenny2, vlc/0.8.6.h-5, vlc/0.9.6-1

Done: Christophe Mutricy <xtophe@videolan.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>:
Bug#504639; Package vlc-nox. (Wed, 05 Nov 2008 20:51:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Remi Denis-Courmont <rdenis@simphalempin.com>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>. (Wed, 05 Nov 2008 20:51:09 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Remi Denis-Courmont <rdenis@simphalempin.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: vlc: buffer overflow in CUE support
Date: Wed, 05 Nov 2008 22:50:21 +0200
Package: vlc-nox
Version: 0.8.6.h-4.1
Severity: grave
Tags: security
Justification: user security hole


	Hello,

When parsing the header of an invalid CUE image file or an invalid
RealText subtitle file, stack-based buffer overflows might occur:
http://www.videolan.org/security/sa0810.html

(I believe the RealText problem only affects experimental)

Regargs.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.27.4 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages vlc-nox depends on:
ii  liba52-0.7.4           0.7.4-11          library for decoding ATSC A/52 str
ii  libasound2             1.0.16-2          ALSA library
ii  libavahi-client3       0.6.23-2          Avahi client library
ii  libavahi-common3       0.6.23-2          Avahi common library
ii  libavc1394-0           0.5.3-1+b1        control IEEE 1394 audio/video devi
ii  libavcodec51           0.svn20080206-14  ffmpeg codec library
ii  libavformat52          0.svn20080206-14  ffmpeg file format library
ii  libavutil49            0.svn20080206-14  ffmpeg utility library
ii  libc6                  2.7-15            GNU C Library: Shared libraries
ii  libcdio7               0.78.2+dfsg1-3    library to read and control CD-ROM
ii  libdbus-1-3            1.2.1-4           simple interprocess messaging syst
ii  libdvbpsi4             0.1.5-3.1         library for MPEG TS and DVB PSI ta
ii  libdvdnav4             4.1.2-3           DVD navigation library
ii  libdvdread3            0.9.7-11          library for reading DVDs
ii  libebml0               0.7.7-3.1         access library for the EBML format
ii  libfaad0               2.6.1-3.1         freeware Advanced Audio Decoder - 
ii  libflac8               1.2.1-1.2         Free Lossless Audio Codec - runtim
ii  libfreetype6           2.3.7-2           FreeType 2 font engine, shared lib
ii  libfribidi0            0.10.9-1          Free Implementation of the Unicode
ii  libgcc1                1:4.3.2-1         GCC support library
ii  libgcrypt11            1.4.1-1           LGPL Crypto library - runtime libr
ii  libgnutls26            2.4.2-1           the GNU TLS library - runtime libr
ii  libhal1                0.5.11-6          Hardware Abstraction Layer - share
ii  libid3tag0             0.15.1b-10        ID3 tag reading library from the M
ii  libiso9660-5           0.78.2+dfsg1-3    library to work with ISO9660 files
ii  liblircclient0         0.8.3-3           infra-red remote control support -
ii  libmad0                0.15.1b-3         MPEG audio decoder library
ii  libmatroska0           0.8.1-1.1         extensible open standard audio/vid
ii  libmodplug0c2          1:0.8.4-2         shared libraries for mod music bas
ii  libmpcdec3             1.2.2-1           Musepack (MPC) format library
ii  libmpeg2-4             0.4.1-3           MPEG1 and MPEG2 video decoder libr
ii  libncurses5            5.6+20081025-1    shared libraries for terminal hand
ii  libogg0                1.1.3-4           Ogg Bitstream Library
ii  libpng12-0             1.2.27-2          PNG library - runtime
ii  libpostproc51          0.svn20080206-14  ffmpeg video postprocessing librar
ii  libraw1394-8           1.3.0-4           library for direct access to IEEE 
ii  libsmbclient           2:3.2.4-1         shared library that allows applica
ii  libspeex1              1.2~rc1-1         The Speex codec runtime library
ii  libstdc++6             4.3.2-1           The GNU Standard C++ Library v3
ii  libsysfs2              2.1.0-5           interface library to sysfs
ii  libtheora0             1.0~beta3-1       The Theora Video Compression Codec
ii  libtwolame0            0.3.12-1          MPEG Audio Layer 2 encoding librar
ii  libvcdinfo0            0.7.23-4          library to extract information fro
ii  libvlc0                0.8.6.h-4.1       multimedia player and streamer lib
ii  libvorbis0a            1.2.0.dfsg-3.1    The Vorbis General Audio Compressi
ii  libvorbisenc2          1.2.0.dfsg-3.1    The Vorbis General Audio Compressi
ii  libxml2                2.6.32.dfsg-4     GNOME XML library
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

vlc-nox recommends no packages.

vlc-nox suggests no packages.

-- no debconf information




Tags added: pending Request was from Christophe Mutricy <xtophe@videolan.org> to control@bugs.debian.org. (Wed, 05 Nov 2008 22:18:09 GMT) Full text and rfc822 format available.

Reply sent to Nico Golde <nion@debian.org>:
You have taken responsibility. (Thu, 06 Nov 2008 00:15:11 GMT) Full text and rfc822 format available.

Notification sent to Remi Denis-Courmont <rdenis@simphalempin.com>:
Bug acknowledged by developer. (Thu, 06 Nov 2008 00:15:12 GMT) Full text and rfc822 format available.

Message #12 received at 504639-close@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 504639-close@bugs.debian.org
Subject: Bug#504639: fixed in vlc 0.8.6.h-4+lenny2
Date: Thu, 06 Nov 2008 00:02:05 +0000
Source: vlc
Source-Version: 0.8.6.h-4+lenny2

We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive:

libvlc0-dev_0.8.6.h-4+lenny2_amd64.deb
  to pool/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2_amd64.deb
libvlc0_0.8.6.h-4+lenny2_amd64.deb
  to pool/main/v/vlc/libvlc0_0.8.6.h-4+lenny2_amd64.deb
mozilla-plugin-vlc_0.8.6.h-4+lenny2_amd64.deb
  to pool/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2_amd64.deb
vlc-nox_0.8.6.h-4+lenny2_amd64.deb
  to pool/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2_amd64.deb
vlc-plugin-arts_0.8.6.h-4+lenny2_amd64.deb
  to pool/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2_amd64.deb
vlc-plugin-esd_0.8.6.h-4+lenny2_amd64.deb
  to pool/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2_amd64.deb
vlc-plugin-ggi_0.8.6.h-4+lenny2_amd64.deb
  to pool/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2_amd64.deb
vlc-plugin-jack_0.8.6.h-4+lenny2_amd64.deb
  to pool/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2_amd64.deb
vlc-plugin-sdl_0.8.6.h-4+lenny2_amd64.deb
  to pool/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2_amd64.deb
vlc-plugin-svgalib_0.8.6.h-4+lenny2_amd64.deb
  to pool/main/v/vlc/vlc-plugin-svgalib_0.8.6.h-4+lenny2_amd64.deb
vlc_0.8.6.h-4+lenny2.diff.gz
  to pool/main/v/vlc/vlc_0.8.6.h-4+lenny2.diff.gz
vlc_0.8.6.h-4+lenny2.dsc
  to pool/main/v/vlc/vlc_0.8.6.h-4+lenny2.dsc
vlc_0.8.6.h-4+lenny2_amd64.deb
  to pool/main/v/vlc/vlc_0.8.6.h-4+lenny2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 504639@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated vlc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 06 Nov 2008 00:32:12 +0100
Source: vlc
Binary: vlc vlc-nox libvlc0 libvlc0-dev vlc-plugin-esd vlc-plugin-sdl vlc-plugin-ggi vlc-plugin-glide vlc-plugin-arts mozilla-plugin-vlc vlc-plugin-svgalib vlc-plugin-jack
Architecture: source amd64
Version: 0.8.6.h-4+lenny2
Distribution: testing-security
Urgency: high
Maintainer: Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description: 
 libvlc0    - multimedia player and streamer library
 libvlc0-dev - development files for VLC
 mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC
 vlc        - multimedia player and streamer
 vlc-nox    - multimedia player and streamer (without X support)
 vlc-plugin-arts - aRts audio output plugin for VLC
 vlc-plugin-esd - Esound audio output plugin for VLC
 vlc-plugin-ggi - GGI video output plugin for VLC
 vlc-plugin-glide - Glide video output plugin for VLC
 vlc-plugin-jack - Jack audio plugins for VLC
 vlc-plugin-sdl - SDL video and audio output plugin for VLC
 vlc-plugin-svgalib - SVGAlib video output plugin for VLC
Closes: 504639
Changes: 
 vlc (0.8.6.h-4+lenny2) testing-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix buffer overflow in CUE demuxer
     (No CVE id yet; Closes: #504639).
Checksums-Sha1: 
 cbe044280be97a30ba9629a0e60df62362c9c16f 3081 vlc_0.8.6.h-4+lenny2.dsc
 3333e27007811437e21638f8437350ed843c65af 45147 vlc_0.8.6.h-4+lenny2.diff.gz
 1076eed608e8bbbd48058d0303d6c297c98890f2 1096986 vlc_0.8.6.h-4+lenny2_amd64.deb
 38ca9b2b10fb08a5811e1ec2984f8f066a608423 4954028 vlc-nox_0.8.6.h-4+lenny2_amd64.deb
 6de47937b423a7ad06933aa841b0b4d86c3e039d 462438 libvlc0_0.8.6.h-4+lenny2_amd64.deb
 63f772670be58b576457cda42e87a5ab43c0b880 501464 libvlc0-dev_0.8.6.h-4+lenny2_amd64.deb
 6cb8cf8450f28ca65ad13e0c8e8f46acbf7b8029 4584 vlc-plugin-esd_0.8.6.h-4+lenny2_amd64.deb
 e0ccb74170349cdeecb603a77bddef0841604e82 11754 vlc-plugin-sdl_0.8.6.h-4+lenny2_amd64.deb
 79ab8cbd75dbc644a254c2883f63ff4adf9382a5 6240 vlc-plugin-ggi_0.8.6.h-4+lenny2_amd64.deb
 26c1677a758eb93d38500cabe86b03bf372d4bbb 4226 vlc-plugin-arts_0.8.6.h-4+lenny2_amd64.deb
 e55a01e50d08ef88d6ce7b279a653908a0c266b7 37420 mozilla-plugin-vlc_0.8.6.h-4+lenny2_amd64.deb
 e5fc39e1b85fbc23a99d50a59ccb343942795451 4810 vlc-plugin-svgalib_0.8.6.h-4+lenny2_amd64.deb
 ad0f013efed0a2cba1bc9951b33344acf568860f 4990 vlc-plugin-jack_0.8.6.h-4+lenny2_amd64.deb
Checksums-Sha256: 
 b29b61099ed1feec2b9b8b1079102beef0f4bbd0cfc10ca6b7db75db786cbb81 3081 vlc_0.8.6.h-4+lenny2.dsc
 6b3b74ef3dcee683b032e561d60ce80de90515679a189252df9ee2830b47f8bb 45147 vlc_0.8.6.h-4+lenny2.diff.gz
 9f60f9d2ba4084ec02505922e4fde8f7bd9a53c96aa8bea34ac637f8d1d8d656 1096986 vlc_0.8.6.h-4+lenny2_amd64.deb
 affa9aa058c0d16443ae32344005422ecb1fe46dde27480852790f121f35db6d 4954028 vlc-nox_0.8.6.h-4+lenny2_amd64.deb
 1d1a62e36345f55c5d5b083adc3309d72058711461053acd6edd043301b1b777 462438 libvlc0_0.8.6.h-4+lenny2_amd64.deb
 852a24636cc58c1e559095634901cc73e43311cd1a0d0adc8e5effae90d526e3 501464 libvlc0-dev_0.8.6.h-4+lenny2_amd64.deb
 b222f18385ec665c28d5cf3e7533afef40426b521b240c7e8386d8497eba511e 4584 vlc-plugin-esd_0.8.6.h-4+lenny2_amd64.deb
 499db76e295afee39c966a84c34006eef5396884602f4163710e8e5956418113 11754 vlc-plugin-sdl_0.8.6.h-4+lenny2_amd64.deb
 b4f219b873f73812a66865402b6ba4e473720e3ca959f059834f0b25fbd89249 6240 vlc-plugin-ggi_0.8.6.h-4+lenny2_amd64.deb
 94d15a9feae59d29c54d6107c4f46d77de8117029cb9717a3a2124a204ef490f 4226 vlc-plugin-arts_0.8.6.h-4+lenny2_amd64.deb
 5793169740f7780e0570f4ec34f4bd8c0b1490075c290d5b839b9edc05dd693b 37420 mozilla-plugin-vlc_0.8.6.h-4+lenny2_amd64.deb
 c16d19464c6a4e1d17dbae95b671f92d05b512f2f1f4a19eda908c2e97fea290 4810 vlc-plugin-svgalib_0.8.6.h-4+lenny2_amd64.deb
 229c048a253ce6e84dca44e34215afb6b689bc4ef268d2556c3ca65eb4a85723 4990 vlc-plugin-jack_0.8.6.h-4+lenny2_amd64.deb
Files: 
 3146b834a25c88841c88f6481a9d73cd 3081 graphics optional vlc_0.8.6.h-4+lenny2.dsc
 a3b15eddc0b078e448b4097213a67ab9 45147 graphics optional vlc_0.8.6.h-4+lenny2.diff.gz
 5cd893400bbb7c54f0c7b9ab8c6095ad 1096986 graphics optional vlc_0.8.6.h-4+lenny2_amd64.deb
 1b4c78aa9803ce1952e23a5d5977d1cb 4954028 net optional vlc-nox_0.8.6.h-4+lenny2_amd64.deb
 cfde829d6e92f22541153c8a6fec6a5b 462438 libs optional libvlc0_0.8.6.h-4+lenny2_amd64.deb
 0a54387c67b3c90dc0f4c28b5b149b32 501464 libdevel optional libvlc0-dev_0.8.6.h-4+lenny2_amd64.deb
 7dd76a2eddc359dcb4f8b6540b9f83be 4584 graphics optional vlc-plugin-esd_0.8.6.h-4+lenny2_amd64.deb
 c3a99f3752e21904922e900cbc577357 11754 graphics optional vlc-plugin-sdl_0.8.6.h-4+lenny2_amd64.deb
 36193daff143a9740e895339877d347c 6240 graphics optional vlc-plugin-ggi_0.8.6.h-4+lenny2_amd64.deb
 0e0ee3ff796d9cb2cd89d6c07e16edb5 4226 graphics optional vlc-plugin-arts_0.8.6.h-4+lenny2_amd64.deb
 7211b4b15bdb9aa465f1f968f090bb80 37420 graphics optional mozilla-plugin-vlc_0.8.6.h-4+lenny2_amd64.deb
 f6251fa19adcf2b373a2034f9c5dd6d1 4810 graphics optional vlc-plugin-svgalib_0.8.6.h-4+lenny2_amd64.deb
 465fd24cd17b6f89a17156b975b36a0d 4990 graphics optional vlc-plugin-jack_0.8.6.h-4+lenny2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkSMA8ACgkQHYflSXNkfP/G7gCfThTH5JXmrEVQOoG5MFqiDzEw
RuUAn0/2fPFDPSrr5V81G0+/MkDWdYMQ
=mV2q
-----END PGP SIGNATURE-----





Reply sent to Christophe Mutricy <xtophe@videolan.org>:
You have taken responsibility. (Thu, 06 Nov 2008 00:15:14 GMT) Full text and rfc822 format available.

Notification sent to Remi Denis-Courmont <rdenis@simphalempin.com>:
Bug acknowledged by developer. (Thu, 06 Nov 2008 00:15:15 GMT) Full text and rfc822 format available.

Message #17 received at 504639-close@bugs.debian.org (full text, mbox):

From: Christophe Mutricy <xtophe@videolan.org>
To: 504639-close@bugs.debian.org
Subject: Bug#504639: fixed in vlc 0.8.6.h-5
Date: Thu, 06 Nov 2008 00:02:09 +0000
Source: vlc
Source-Version: 0.8.6.h-5

We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive:

libvlc0-dev_0.8.6.h-5_amd64.deb
  to pool/main/v/vlc/libvlc0-dev_0.8.6.h-5_amd64.deb
libvlc0_0.8.6.h-5_amd64.deb
  to pool/main/v/vlc/libvlc0_0.8.6.h-5_amd64.deb
mozilla-plugin-vlc_0.8.6.h-5_amd64.deb
  to pool/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-5_amd64.deb
vlc-nox_0.8.6.h-5_amd64.deb
  to pool/main/v/vlc/vlc-nox_0.8.6.h-5_amd64.deb
vlc-plugin-arts_0.8.6.h-5_amd64.deb
  to pool/main/v/vlc/vlc-plugin-arts_0.8.6.h-5_amd64.deb
vlc-plugin-esd_0.8.6.h-5_amd64.deb
  to pool/main/v/vlc/vlc-plugin-esd_0.8.6.h-5_amd64.deb
vlc-plugin-ggi_0.8.6.h-5_amd64.deb
  to pool/main/v/vlc/vlc-plugin-ggi_0.8.6.h-5_amd64.deb
vlc-plugin-jack_0.8.6.h-5_amd64.deb
  to pool/main/v/vlc/vlc-plugin-jack_0.8.6.h-5_amd64.deb
vlc-plugin-sdl_0.8.6.h-5_amd64.deb
  to pool/main/v/vlc/vlc-plugin-sdl_0.8.6.h-5_amd64.deb
vlc-plugin-svgalib_0.8.6.h-5_amd64.deb
  to pool/main/v/vlc/vlc-plugin-svgalib_0.8.6.h-5_amd64.deb
vlc_0.8.6.h-5.diff.gz
  to pool/main/v/vlc/vlc_0.8.6.h-5.diff.gz
vlc_0.8.6.h-5.dsc
  to pool/main/v/vlc/vlc_0.8.6.h-5.dsc
vlc_0.8.6.h-5_amd64.deb
  to pool/main/v/vlc/vlc_0.8.6.h-5_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 504639@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christophe Mutricy <xtophe@videolan.org> (supplier of updated vlc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 05 Nov 2008 22:02:06 +0100
Source: vlc
Binary: vlc vlc-nox libvlc0 libvlc0-dev vlc-plugin-esd vlc-plugin-sdl vlc-plugin-ggi vlc-plugin-glide vlc-plugin-arts mozilla-plugin-vlc vlc-plugin-svgalib vlc-plugin-jack
Architecture: source amd64
Version: 0.8.6.h-5
Distribution: unstable
Urgency: high
Maintainer: Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Christophe Mutricy <xtophe@videolan.org>
Description: 
 libvlc0    - multimedia player and streamer library
 libvlc0-dev - development files for VLC
 mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC
 vlc        - multimedia player and streamer
 vlc-nox    - multimedia player and streamer (without X support)
 vlc-plugin-arts - aRts audio output plugin for VLC
 vlc-plugin-esd - Esound audio output plugin for VLC
 vlc-plugin-ggi - GGI video output plugin for VLC
 vlc-plugin-glide - Glide video output plugin for VLC
 vlc-plugin-jack - Jack audio plugins for VLC
 vlc-plugin-sdl - SDL video and audio output plugin for VLC
 vlc-plugin-svgalib - SVGAlib video output plugin for VLC
Closes: 504639
Changes: 
 vlc (0.8.6.h-5) unstable; urgency=high
 .
   * Acknowledge NMU by Nico Golde. Thanks.
   * Fix buffer overflow in CUE demuxer (Closes: #504639)
Checksums-Sha1: 
 708303a2a3598c109586157f80762a3b12525238 3053 vlc_0.8.6.h-5.dsc
 2a0f2d2ddfd75d808de6b73b60c07df08f4385b4 45674 vlc_0.8.6.h-5.diff.gz
 6192660b226bd033faaf8775d60351b16821c33e 1102540 vlc_0.8.6.h-5_amd64.deb
 2998fef2082eae7a63a9c1a5fe5bc5d4c337f730 4958608 vlc-nox_0.8.6.h-5_amd64.deb
 3391fa30c1b29c30a16df48b970b9b822c44f656 461290 libvlc0_0.8.6.h-5_amd64.deb
 3f56b402cc2de9ea14f22e306f8fa1a7fd862457 501892 libvlc0-dev_0.8.6.h-5_amd64.deb
 646932e99ddc0f42cb3ab7c85cb77d5d19a2be7c 4574 vlc-plugin-esd_0.8.6.h-5_amd64.deb
 15849638ba26401f4ae4589553ea4036cd091597 11730 vlc-plugin-sdl_0.8.6.h-5_amd64.deb
 1a0cc5a9f5fcafad62d42521115fac56e1a50a0b 6232 vlc-plugin-ggi_0.8.6.h-5_amd64.deb
 1b5e8851c51b6190140408a87fe1eaffec747405 4222 vlc-plugin-arts_0.8.6.h-5_amd64.deb
 5dd9fefd3c5ea3366abcc724f71fd827ac7271dc 37418 mozilla-plugin-vlc_0.8.6.h-5_amd64.deb
 1d37ed723f02e836c828b4869c2e661a6c153f66 4796 vlc-plugin-svgalib_0.8.6.h-5_amd64.deb
 76e6c646ebeffebdac016db5282b3a4150c087f3 4980 vlc-plugin-jack_0.8.6.h-5_amd64.deb
Checksums-Sha256: 
 c19b93efb19e28f28c1fbb2700b7fa394f2451ad6c2d86e3ea3c69d6201ff589 3053 vlc_0.8.6.h-5.dsc
 ef707a0d4dbc822db6603d5946d6ba6871657a0648793853d607f67b2798f911 45674 vlc_0.8.6.h-5.diff.gz
 db77785d86364c144a979a528c55d3e11055b0d2d980213e46ba03f138f7bf3b 1102540 vlc_0.8.6.h-5_amd64.deb
 f859a115fb5e5ab19b16680367ffee2ac76c512fa78830cef4bb1beb8c436228 4958608 vlc-nox_0.8.6.h-5_amd64.deb
 404606d11b3a0910bb1747ba9bbd8d6f459b89697366b15eba2101647128e6f6 461290 libvlc0_0.8.6.h-5_amd64.deb
 a980844394c1ad93ede0902cf66e9161ea5e3fe842b98c9a07063651773067e2 501892 libvlc0-dev_0.8.6.h-5_amd64.deb
 dd12da5143a2213d75b0e33f4b93a00ebc2414b06b3c066e860812f559c8b27f 4574 vlc-plugin-esd_0.8.6.h-5_amd64.deb
 ac39a044086126d73cdc4ccf46170969d81f2a0a39d7a674a8bb8b237b83f315 11730 vlc-plugin-sdl_0.8.6.h-5_amd64.deb
 44edc1b24714327418a3be86bd82a35c657fdccc4a972f110694a530007cc772 6232 vlc-plugin-ggi_0.8.6.h-5_amd64.deb
 8c06bcdd41e508b8e12234c69faaab3d8ed0543c80e677c11927ff8b9d44877b 4222 vlc-plugin-arts_0.8.6.h-5_amd64.deb
 2b4c7d57e1bea5e3d73a95e07cef76543d2a40a550993bfa1e7aaea2009dfe6d 37418 mozilla-plugin-vlc_0.8.6.h-5_amd64.deb
 a4258cbc9ab0322d03cb600f05ac83ee1848029ba112bf25bdc9c82b8cab0ca2 4796 vlc-plugin-svgalib_0.8.6.h-5_amd64.deb
 7a17d10bb7df6881642cc60c2db7fd6bc7b5c05db314a0e4e130d52dc851400c 4980 vlc-plugin-jack_0.8.6.h-5_amd64.deb
Files: 
 a013e69c39478bb5a1a83de6a0a5e97d 3053 graphics optional vlc_0.8.6.h-5.dsc
 d1b2d7272016cc18e4f41889a554129a 45674 graphics optional vlc_0.8.6.h-5.diff.gz
 aea864dac649966d4f604a5cd2fdff81 1102540 graphics optional vlc_0.8.6.h-5_amd64.deb
 6472e804ca0ade946ae308d0c8d60372 4958608 net optional vlc-nox_0.8.6.h-5_amd64.deb
 e875861f03b35c260493dd41bf2c07a7 461290 libs optional libvlc0_0.8.6.h-5_amd64.deb
 f9bca2b8fbcab43ed381889332a3ee5d 501892 libdevel optional libvlc0-dev_0.8.6.h-5_amd64.deb
 157812bcbb4ebdc59691eb894fcb76fb 4574 graphics optional vlc-plugin-esd_0.8.6.h-5_amd64.deb
 6b9f87cc193dc099a717a5cee243ea97 11730 graphics optional vlc-plugin-sdl_0.8.6.h-5_amd64.deb
 977f19f5d9cbea3cdf6afae5abd70594 6232 graphics optional vlc-plugin-ggi_0.8.6.h-5_amd64.deb
 6b42024110a94a2b77e458ce93e41c59 4222 graphics optional vlc-plugin-arts_0.8.6.h-5_amd64.deb
 e31aaef2ffc9dabb636e59842140dad1 37418 graphics optional mozilla-plugin-vlc_0.8.6.h-5_amd64.deb
 cf1b703000f324569616beb843d7d5bf 4796 graphics optional vlc-plugin-svgalib_0.8.6.h-5_amd64.deb
 4d2c6e83fb05f6c8e23fda46badfb104 4980 graphics optional vlc-plugin-jack_0.8.6.h-5_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkSMWYACgkQHYflSXNkfP8/1ACfY08a6ut5F4SHD3uBFpvlzKxT
1DQAn1MHVeow15+A55Mux4MWqb9eBa/m
=4xmx
-----END PGP SIGNATURE-----





Reply sent to Christophe Mutricy <xtophe@videolan.org>:
You have taken responsibility. (Sun, 09 Nov 2008 21:48:33 GMT) Full text and rfc822 format available.

Notification sent to Remi Denis-Courmont <rdenis@simphalempin.com>:
Bug acknowledged by developer. (Sun, 09 Nov 2008 21:48:37 GMT) Full text and rfc822 format available.

Message #22 received at 504639-close@bugs.debian.org (full text, mbox):

From: Christophe Mutricy <xtophe@videolan.org>
To: 504639-close@bugs.debian.org
Subject: Bug#504639: fixed in vlc 0.9.6-1
Date: Sun, 09 Nov 2008 21:02:48 +0000
Source: vlc
Source-Version: 0.9.6-1

We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive:

libvlc-dev_0.9.6-1_i386.deb
  to pool/main/v/vlc/libvlc-dev_0.9.6-1_i386.deb
libvlc2_0.9.6-1_i386.deb
  to pool/main/v/vlc/libvlc2_0.9.6-1_i386.deb
libvlccore-dev_0.9.6-1_i386.deb
  to pool/main/v/vlc/libvlccore-dev_0.9.6-1_i386.deb
libvlccore0_0.9.6-1_i386.deb
  to pool/main/v/vlc/libvlccore0_0.9.6-1_i386.deb
mozilla-plugin-vlc_0.9.6-1_i386.deb
  to pool/main/v/vlc/mozilla-plugin-vlc_0.9.6-1_i386.deb
vlc-data_0.9.6-1_all.deb
  to pool/main/v/vlc/vlc-data_0.9.6-1_all.deb
vlc-dbg_0.9.6-1_i386.deb
  to pool/main/v/vlc/vlc-dbg_0.9.6-1_i386.deb
vlc-nox_0.9.6-1_i386.deb
  to pool/main/v/vlc/vlc-nox_0.9.6-1_i386.deb
vlc-plugin-arts_0.9.6-1_i386.deb
  to pool/main/v/vlc/vlc-plugin-arts_0.9.6-1_i386.deb
vlc-plugin-esd_0.9.6-1_i386.deb
  to pool/main/v/vlc/vlc-plugin-esd_0.9.6-1_i386.deb
vlc-plugin-ggi_0.9.6-1_i386.deb
  to pool/main/v/vlc/vlc-plugin-ggi_0.9.6-1_i386.deb
vlc-plugin-jack_0.9.6-1_i386.deb
  to pool/main/v/vlc/vlc-plugin-jack_0.9.6-1_i386.deb
vlc-plugin-pulse_0.9.6-1_i386.deb
  to pool/main/v/vlc/vlc-plugin-pulse_0.9.6-1_i386.deb
vlc-plugin-sdl_0.9.6-1_i386.deb
  to pool/main/v/vlc/vlc-plugin-sdl_0.9.6-1_i386.deb
vlc-plugin-svgalib_0.9.6-1_i386.deb
  to pool/main/v/vlc/vlc-plugin-svgalib_0.9.6-1_i386.deb
vlc_0.9.6-1.diff.gz
  to pool/main/v/vlc/vlc_0.9.6-1.diff.gz
vlc_0.9.6-1.dsc
  to pool/main/v/vlc/vlc_0.9.6-1.dsc
vlc_0.9.6-1_i386.deb
  to pool/main/v/vlc/vlc_0.9.6-1_i386.deb
vlc_0.9.6.orig.tar.gz
  to pool/main/v/vlc/vlc_0.9.6.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 504639@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christophe Mutricy <xtophe@videolan.org> (supplier of updated vlc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 08 Nov 2008 03:14:29 +0100
Source: vlc
Binary: vlc vlc-dbg vlc-nox libvlccore0 libvlc2 libvlccore-dev libvlc-dev vlc-plugin-esd vlc-plugin-sdl vlc-plugin-ggi vlc-plugin-arts mozilla-plugin-vlc vlc-plugin-svgalib vlc-plugin-jack vlc-plugin-pulse vlc-data
Architecture: source all i386
Version: 0.9.6-1
Distribution: experimental
Urgency: low
Maintainer: Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Christophe Mutricy <xtophe@videolan.org>
Description: 
 libvlc-dev - development files for VLC
 libvlc2    - multimedia player and streamer library
 libvlccore-dev - development files for VLC
 libvlccore0 - multimedia player and streamer library
 mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC
 vlc        - multimedia player and streamer
 vlc-data   - Common data for VLC
 vlc-dbg    - debugging symbols for vlc
 vlc-nox    - multimedia player and streamer (without X support)
 vlc-plugin-arts - aRts audio output plugin for VLC
 vlc-plugin-esd - Esound audio output plugin for VLC
 vlc-plugin-ggi - GGI video output plugin for VLC
 vlc-plugin-jack - Jack audio plugins for VLC
 vlc-plugin-pulse - PulseAudio plugin for VLC
 vlc-plugin-sdl - SDL video and audio output plugin for VLC
 vlc-plugin-svgalib - SVGAlib video output plugin for VLC
Closes: 499063 504639
Changes: 
 vlc (0.9.6-1) experimental; urgency=low
 .
   [ Reinhard Tartler ]
   * Build against libass. Closes: #499063, LP: #210354, #199870
   * Explicitly build against libdca in debian/rules
   * Tighten build depends on a libass-dev version that ships without .la file
 .
   [ Christophe Mutricy ]
   * New bugfix upstream releases
     + Remove 402_tivo_overflow.diff
     + Fix buffer overflow in CUE demuxer (Closes: #504639)
     + Fix buffer overflow in Realtext decoder
   * Honor DEB_BUILD_OPTIONS
   * Rebootstrap in order to avoid problem with .la
Checksums-Sha1: 
 0e173d1ff3cc7c326332587c49c7a3f160fadfc7 3385 vlc_0.9.6-1.dsc
 54bc3f7845c090142743a78ca371f9ca445ec1aa 22741758 vlc_0.9.6.orig.tar.gz
 de8cae0d421872f173095b83efab9f00b7b72756 380876 vlc_0.9.6-1.diff.gz
 bf5a6e3d22d85986c9b20fddcbed19875bfa7cd8 5199074 vlc-data_0.9.6-1_all.deb
 d68358beb44e1770433798d6f29c6f58e044b942 1651736 vlc_0.9.6-1_i386.deb
 ce59ace051c0e4fbd1fe1fe12ab795ae8e0555ea 10815938 vlc-dbg_0.9.6-1_i386.deb
 4edd55587643c06e49af961f27577648e691c7d1 2726044 vlc-nox_0.9.6-1_i386.deb
 108d094cc7dec0dbc78321d749d0b0a3703c453b 390662 libvlccore0_0.9.6-1_i386.deb
 967b9a30284ab2c4d56d63feb40f01b1d977d9cd 46336 libvlc2_0.9.6-1_i386.deb
 76c09025b9fb2c927873c0a364b8b1061beb04ee 524854 libvlccore-dev_0.9.6-1_i386.deb
 ebabeae4da52385ffef21da5cfd08b06dea3ddab 61858 libvlc-dev_0.9.6-1_i386.deb
 74531c2a192b51543d05068101449d3358e94c09 4700 vlc-plugin-esd_0.9.6-1_i386.deb
 934b2ccbdd4c7f8abd7722dcd28a345103f89f16 11608 vlc-plugin-sdl_0.9.6-1_i386.deb
 fa8360301190623bbca1f84ccffcafdfcdbd67e3 5960 vlc-plugin-ggi_0.9.6-1_i386.deb
 16c71a65fef78a4ed7e9d57916b012910e42fd4f 3940 vlc-plugin-arts_0.9.6-1_i386.deb
 c264faadff97078bb8a3f0e1b3edd83b6e69e6ac 38152 mozilla-plugin-vlc_0.9.6-1_i386.deb
 10ed390467b1c87dd6f8c1b0554cdd1aaad17563 4548 vlc-plugin-svgalib_0.9.6-1_i386.deb
 f0c7c1556f91a7191771d1d82fb86b67b11d733b 10712 vlc-plugin-jack_0.9.6-1_i386.deb
 54621323261939f3366b767fbd53db634ab4179b 6872 vlc-plugin-pulse_0.9.6-1_i386.deb
Checksums-Sha256: 
 2e8cb2e3af5f759997adff9166b003dc65d7dcb4fced83389d3d13e9080697a0 3385 vlc_0.9.6-1.dsc
 91ce2a506f0fcd4a84c3fcb1521228b74403eefeddf801588cebdd1df68086d2 22741758 vlc_0.9.6.orig.tar.gz
 4ea41e3254b41a3f56512a0e10aea475240011aad2ab7f97a209ca3b9f59872c 380876 vlc_0.9.6-1.diff.gz
 56c8f0fb151a6258bf81ca7008edf962b893490a9765a6a3726eb6ebe07e841a 5199074 vlc-data_0.9.6-1_all.deb
 735c84bd3a1f9928a8cc51986ceccbaab9594cd9c1ce262d5f45661f990820b1 1651736 vlc_0.9.6-1_i386.deb
 ebd2b9d52454c3b5585af5ccd7ce51ddf60aec6b928e33548b9db0937a8ef8fc 10815938 vlc-dbg_0.9.6-1_i386.deb
 747e55890e59f8f5c03d0b2fc89f8cbe7c5bf874a380edfb174a787b643d3189 2726044 vlc-nox_0.9.6-1_i386.deb
 93728ea64ef471f1faa50a4cf4a56b52d9c86fe167124c6bce2e79a4dc865b70 390662 libvlccore0_0.9.6-1_i386.deb
 ba1177cf093f28a3226eefe1670767a94aabc6375e0bcee30198c8769773c76e 46336 libvlc2_0.9.6-1_i386.deb
 3c41e6f573e3ca56af03c70beacbc7ac4259ba2d57c5b8c199c5e9b96ee29456 524854 libvlccore-dev_0.9.6-1_i386.deb
 f223e8154a31ce71aaa513fb7b97205632182d44a4662b2fd36d7f6d0b04c4cd 61858 libvlc-dev_0.9.6-1_i386.deb
 2189e79e348bfed523d8d396ec46fd6d13684e574dccce63841832930cb07bb2 4700 vlc-plugin-esd_0.9.6-1_i386.deb
 361f00d7c2a5f5a919fa71e3a35ed11c6cc32cc430517fc0b3abfe9eb699a21a 11608 vlc-plugin-sdl_0.9.6-1_i386.deb
 08800957df62d08b9bd5197ec3fe85f2136ef9cf4521b1c5df08d7406f1c37ac 5960 vlc-plugin-ggi_0.9.6-1_i386.deb
 ea5962c65411241553fafce39ef34225dbead7f52ee4ce1f8404dacc72119f7b 3940 vlc-plugin-arts_0.9.6-1_i386.deb
 147293ffb9f3428adde571b4071852b3bef8ff5423c0b2016fcbe8f90c6125a1 38152 mozilla-plugin-vlc_0.9.6-1_i386.deb
 847f38c9a4941890f5f9bbf479e748d1dc75098b74a2e002809565f85e9a9075 4548 vlc-plugin-svgalib_0.9.6-1_i386.deb
 68cf47b1507f8f57d1f78cd0a88e995fc28e6b63d76f2e965638c2a2dd700b90 10712 vlc-plugin-jack_0.9.6-1_i386.deb
 094e5ec9c1d91e07b52f902b1706dd0a51c22eff213205f21321f4344ccb52c9 6872 vlc-plugin-pulse_0.9.6-1_i386.deb
Files: 
 ead51609f7e2d3318faa57b2d4dba1ad 3385 graphics optional vlc_0.9.6-1.dsc
 74688e00d01c6db2c8047588918081c5 22741758 graphics optional vlc_0.9.6.orig.tar.gz
 35cd32c1e8f413ca5476a7a75d941a1f 380876 graphics optional vlc_0.9.6-1.diff.gz
 7d271be06680c38c181d6fae44270f4e 5199074 graphics optional vlc-data_0.9.6-1_all.deb
 c2ba3c03cf8697f006dba0cbc5b1a001 1651736 graphics optional vlc_0.9.6-1_i386.deb
 4e98e426452d4a2bcb6802e8df86a805 10815938 graphics extra vlc-dbg_0.9.6-1_i386.deb
 09033e16605c852faf17a0089da23379 2726044 net optional vlc-nox_0.9.6-1_i386.deb
 5f5b78cc309661e4ade203fbd23863a2 390662 libs optional libvlccore0_0.9.6-1_i386.deb
 035055c4e10c3f30c505d489d631406e 46336 libs optional libvlc2_0.9.6-1_i386.deb
 5cf0b5fb4a3731fa3866e7145b6d1659 524854 libdevel optional libvlccore-dev_0.9.6-1_i386.deb
 496b884586061bd5287cf3f245c1b4b3 61858 libdevel optional libvlc-dev_0.9.6-1_i386.deb
 d61f3e4be011dd3e460209b65547e5d7 4700 graphics optional vlc-plugin-esd_0.9.6-1_i386.deb
 3a9e989406a35f9fdfb1fc639b672635 11608 graphics optional vlc-plugin-sdl_0.9.6-1_i386.deb
 bd27a13ef1e9e468e0590fa1372e6e7c 5960 graphics optional vlc-plugin-ggi_0.9.6-1_i386.deb
 ed7c13c2ced177605b99688f903e9712 3940 graphics optional vlc-plugin-arts_0.9.6-1_i386.deb
 c2ce020995257e37757e8001315e8da3 38152 graphics optional mozilla-plugin-vlc_0.9.6-1_i386.deb
 0391ae77a70793b6af39278bce3b210a 4548 graphics optional vlc-plugin-svgalib_0.9.6-1_i386.deb
 e6f05d383d319f92ad14ffbae06ef695 10712 graphics optional vlc-plugin-jack_0.9.6-1_i386.deb
 73e7ddb56cb2683ae677dec2aefd37de 6872 graphics optional vlc-plugin-pulse_0.9.6-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Debian Powered!

iJwEAQECAAYFAkkXSXgACgkQ78RAoABp8o+soQP+J2paNIlRXMgwvRcgz7syh0aR
kl0XkYnwlNpjcndF2VwhPtWVN386az06O2wdeo7J35aBO+KZ3b7cmnP0SOdH1T/9
uXCl80+dAlAXgcSLIXgt1pSY2mRJiNqCMoXuPS1uiyh4K391IcLmKSCZEDTVb8xa
1zpTrkoilnReyvGlshk=
=HXrD
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 08 Dec 2008 07:28:48 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 11:30:25 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.