Your message dated Wed, 05 Nov 2008 22:32:18 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#503118: fixed in vlc 0.8.6.h-4+lenny1
has caused the Debian Bug report #503118,
regarding vlc: CVE-2008-4686 integer overflow in ty parsing
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
503118: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503118
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: vlc-nox
Version: 0.8.6.h-4
Severity: grave
File: libty_plugin
Tags: security
Justification: user security hole


VLC versions 0.8.2 through 0.9.4 are prone to an exploitable
stack-based buffer overflow in the TY (TiVo) file parser.

See also http://www.videolan.org/security/sa0809.html

N.B.: please give me the CVE ID if you allocate one.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.27 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages vlc-nox depends on:
ii  liba52-0.7.4           0.7.4-11          library for decoding ATSC A/52 str
ii  libasound2             1.0.16-2          ALSA library
ii  libavahi-client3       0.6.23-2          Avahi client library
ii  libavahi-common3       0.6.23-2          Avahi common library
ii  libavc1394-0           0.5.3-1+b1        control IEEE 1394 audio/video devi
ii  libavcodec51           0.svn20080206-14  ffmpeg codec library
ii  libavformat52          0.svn20080206-14  ffmpeg file format library
ii  libavutil49            0.svn20080206-14  ffmpeg utility library
ii  libc6                  2.7-15            GNU C Library: Shared libraries
ii  libcdio7               0.78.2+dfsg1-3    library to read and control CD-ROM
ii  libdbus-1-3            1.2.1-3           simple interprocess messaging syst
ii  libdvbpsi4             0.1.5-3.1         library for MPEG TS and DVB PSI ta
ii  libdvdnav4             4.1.2-3           DVD navigation library
ii  libdvdread3            0.9.7-11          library for reading DVDs
ii  libebml0               0.7.7-3.1         access library for the EBML format
ii  libfaad0               2.6.1-3.1         freeware Advanced Audio Decoder - 
ii  libflac8               1.2.1-1.2         Free Lossless Audio Codec - runtim
ii  libfreetype6           2.3.7-2           FreeType 2 font engine, shared lib
ii  libfribidi0            0.10.9-1          Free Implementation of the Unicode
ii  libgcc1                1:4.3.2-1         GCC support library
ii  libgcrypt11            1.4.1-1           LGPL Crypto library - runtime libr
ii  libgnutls26            2.4.2-1           the GNU TLS library - runtime libr
ii  libhal1                0.5.11-5          Hardware Abstraction Layer - share
ii  libid3tag0             0.15.1b-10        ID3 tag reading library from the M
ii  libiso9660-5           0.78.2+dfsg1-3    library to work with ISO9660 files
ii  liblircclient0         0.8.3-3           infra-red remote control support -
ii  libmad0                0.15.1b-3         MPEG audio decoder library
ii  libmatroska0           0.8.1-1.1         extensible open standard audio/vid
ii  libmodplug0c2          1:0.8.4-2         shared libraries for mod music bas
ii  libmpcdec3             1.2.2-1           Musepack (MPC) format library
ii  libmpeg2-4             0.4.1-3           MPEG1 and MPEG2 video decoder libr
ii  libncurses5            5.6+20081011-1    shared libraries for terminal hand
ii  libogg0                1.1.3-4           Ogg Bitstream Library
ii  libpng12-0             1.2.27-2          PNG library - runtime
ii  libpostproc51          0.svn20080206-14  ffmpeg video postprocessing librar
ii  libraw1394-8           1.3.0-4           library for direct access to IEEE 
ii  libsmbclient           2:3.2.3-3         shared library that allows applica
ii  libspeex1              1.2~rc1-1         The Speex codec runtime library
ii  libstdc++6             4.3.2-1           The GNU Standard C++ Library v3
ii  libsysfs2              2.1.0-5           interface library to sysfs
ii  libtheora0             1.0~beta3-1       The Theora Video Compression Codec
ii  libtwolame0            0.3.12-1          MPEG Audio Layer 2 encoding librar
ii  libvcdinfo0            0.7.23-4          library to extract information fro
ii  libvlc0                0.8.6.h-4         multimedia player and streamer lib
ii  libvorbis0a            1.2.0.dfsg-3.1    The Vorbis General Audio Compressi
ii  libvorbisenc2          1.2.0.dfsg-3.1    The Vorbis General Audio Compressi
ii  libxml2                2.6.32.dfsg-4     GNOME XML library
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

vlc-nox recommends no packages.

vlc-nox suggests no packages.

-- no debconf information



--- End Message ---
--- Begin Message ---
Source: vlc
Source-Version: 0.8.6.h-4+lenny1

We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive:

libvlc0-dev_0.8.6.h-4+lenny1_amd64.deb
  to pool/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny1_amd64.deb
libvlc0_0.8.6.h-4+lenny1_amd64.deb
  to pool/main/v/vlc/libvlc0_0.8.6.h-4+lenny1_amd64.deb
mozilla-plugin-vlc_0.8.6.h-4+lenny1_amd64.deb
  to pool/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny1_amd64.deb
vlc-nox_0.8.6.h-4+lenny1_amd64.deb
  to pool/main/v/vlc/vlc-nox_0.8.6.h-4+lenny1_amd64.deb
vlc-plugin-arts_0.8.6.h-4+lenny1_amd64.deb
  to pool/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny1_amd64.deb
vlc-plugin-esd_0.8.6.h-4+lenny1_amd64.deb
  to pool/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny1_amd64.deb
vlc-plugin-ggi_0.8.6.h-4+lenny1_amd64.deb
  to pool/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny1_amd64.deb
vlc-plugin-jack_0.8.6.h-4+lenny1_amd64.deb
  to pool/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny1_amd64.deb
vlc-plugin-sdl_0.8.6.h-4+lenny1_amd64.deb
  to pool/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny1_amd64.deb
vlc-plugin-svgalib_0.8.6.h-4+lenny1_amd64.deb
  to pool/main/v/vlc/vlc-plugin-svgalib_0.8.6.h-4+lenny1_amd64.deb
vlc_0.8.6.h-4+lenny1.diff.gz
  to pool/main/v/vlc/vlc_0.8.6.h-4+lenny1.diff.gz
vlc_0.8.6.h-4+lenny1.dsc
  to pool/main/v/vlc/vlc_0.8.6.h-4+lenny1.dsc
vlc_0.8.6.h-4+lenny1_amd64.deb
  to pool/main/v/vlc/vlc_0.8.6.h-4+lenny1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated vlc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 03 Nov 2008 14:41:58 +0100
Source: vlc
Binary: vlc vlc-nox libvlc0 libvlc0-dev vlc-plugin-esd vlc-plugin-sdl 
vlc-plugin-ggi vlc-plugin-glide vlc-plugin-arts mozilla-plugin-vlc 
vlc-plugin-svgalib vlc-plugin-jack
Architecture: source amd64
Version: 0.8.6.h-4+lenny1
Distribution: testing-security
Urgency: high
Maintainer: Debian multimedia packages maintainers <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description: 
 libvlc0    - multimedia player and streamer library
 libvlc0-dev - development files for VLC
 mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC
 vlc        - multimedia player and streamer
 vlc-nox    - multimedia player and streamer (without X support)
 vlc-plugin-arts - aRts audio output plugin for VLC
 vlc-plugin-esd - Esound audio output plugin for VLC
 vlc-plugin-ggi - GGI video output plugin for VLC
 vlc-plugin-glide - Glide video output plugin for VLC
 vlc-plugin-jack - Jack audio plugins for VLC
 vlc-plugin-sdl - SDL video and audio output plugin for VLC
 vlc-plugin-svgalib - SVGAlib video output plugin for VLC
Closes: 503118
Changes: 
 vlc (0.8.6.h-4+lenny1) testing-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix integer overflows that could possibly lead to arbitrary
     code execution (CVE-2008-4686.diff; Closes: #503118).
Checksums-Sha1: 
 d5eb5ee85e35d28fa70c32c384efdb30018843f2 3081 vlc_0.8.6.h-4+lenny1.dsc
 829b2599a9188254d1c109be377b4a9c18e14482 16977154 vlc_0.8.6.h.orig.tar.gz
 77690db64a86196375844da584f6b9475273821e 43887 vlc_0.8.6.h-4+lenny1.diff.gz
 d3c85f508f389124cfe6b376f51c26c30f27ad9f 1096978 vlc_0.8.6.h-4+lenny1_amd64.deb
 cffbf335462779d75bdeb7c12e10571a577ab2d7 4953936 
vlc-nox_0.8.6.h-4+lenny1_amd64.deb
 4689c93807bfb310d657a87eef33c0f236486330 462378 
libvlc0_0.8.6.h-4+lenny1_amd64.deb
 7493a02036c64cb9c03ca9f366ed47891a71ceee 501462 
libvlc0-dev_0.8.6.h-4+lenny1_amd64.deb
 dd1f69f17232893ee56aaa7d64c3534006e10e20 4582 
vlc-plugin-esd_0.8.6.h-4+lenny1_amd64.deb
 4649115fc1026241fc616ff4538f44a495a9907e 11754 
vlc-plugin-sdl_0.8.6.h-4+lenny1_amd64.deb
 89f91ae82d24e2d257dd92b415449cede39624f9 6238 
vlc-plugin-ggi_0.8.6.h-4+lenny1_amd64.deb
 621e2699fac0c00b3075bc9ea9647a28eefe3ace 4224 
vlc-plugin-arts_0.8.6.h-4+lenny1_amd64.deb
 12c018bc4196f62af7a87d4d4f6f3d3b9964962a 37418 
mozilla-plugin-vlc_0.8.6.h-4+lenny1_amd64.deb
 7c318fc99e2886ecd18bb23bc5cf0feefa1c3f24 4806 
vlc-plugin-svgalib_0.8.6.h-4+lenny1_amd64.deb
 0b2dec433c10bad4b5026a76b5ec67f6f71237bc 4986 
vlc-plugin-jack_0.8.6.h-4+lenny1_amd64.deb
Checksums-Sha256: 
 ed0b409463b052007cc8e5d39c2589c89f42f4be269ff75734d26acbf34a776e 3081 
vlc_0.8.6.h-4+lenny1.dsc
 92a998f2ca53b77610c608436b2e8d991442742f25793c136cb4ee095eec1eff 16977154 
vlc_0.8.6.h.orig.tar.gz
 15bda9d9029cfcf71b6101f99c3c32295aa7e3faec757f8393e15287df6f13e3 43887 
vlc_0.8.6.h-4+lenny1.diff.gz
 fe7029f76a1a2b6a38bb1b17f2818b2cdf3a36cc10bc8830a2916231ec4542f4 1096978 
vlc_0.8.6.h-4+lenny1_amd64.deb
 aef1ddf69a196601f9073a2d65afd5aa4189ce943aea68c030673c90069d70d3 4953936 
vlc-nox_0.8.6.h-4+lenny1_amd64.deb
 87cd49e219bd539d24f8d7fc74e763f98ad83b1426c9374e713025ae07a2c309 462378 
libvlc0_0.8.6.h-4+lenny1_amd64.deb
 3840cfbadf4fba1af12cc421600a855220b69525645271d50400f55139369b77 501462 
libvlc0-dev_0.8.6.h-4+lenny1_amd64.deb
 b7ce7a58552b4a885324291b0683075342142aa8c616e7cd3cac2976062bac55 4582 
vlc-plugin-esd_0.8.6.h-4+lenny1_amd64.deb
 4c0bb1e9e2cadd82abcb5d7f13c62bd76bc158f53d2e120496e697ac645c3fe0 11754 
vlc-plugin-sdl_0.8.6.h-4+lenny1_amd64.deb
 d1b6ca88e13603c31972c3dd6d949f5c0a4d5e84e7aa5034cda9c39a51d2ed1b 6238 
vlc-plugin-ggi_0.8.6.h-4+lenny1_amd64.deb
 562b0689c31b6039c2ebf54768b7839d30db78a5ceead4cce425285e934f3297 4224 
vlc-plugin-arts_0.8.6.h-4+lenny1_amd64.deb
 b0299a2a1e4b3fe75ba380c61b0dd6243106b68ac10ba8b677d6d3c4847c77cc 37418 
mozilla-plugin-vlc_0.8.6.h-4+lenny1_amd64.deb
 14348552dbfed753d7c68bb8aa57ffbabe9b005ef1230c379dfab6c4a0aa240a 4806 
vlc-plugin-svgalib_0.8.6.h-4+lenny1_amd64.deb
 38d376eb8bce224ea1bc093d63427227fddff69063f2c35d2cb7f86546cbcff2 4986 
vlc-plugin-jack_0.8.6.h-4+lenny1_amd64.deb
Files: 
 efe9188d0a58935932d477534aa94a2a 3081 graphics optional 
vlc_0.8.6.h-4+lenny1.dsc
 9b3e15802b482cb12e79d2eb8cc4ea98 16977154 graphics optional 
vlc_0.8.6.h.orig.tar.gz
 3829a09fcbc99b193b2eda36eac309ab 43887 graphics optional 
vlc_0.8.6.h-4+lenny1.diff.gz
 82f0bfe44c19517bc063e338294d3e6b 1096978 graphics optional 
vlc_0.8.6.h-4+lenny1_amd64.deb
 895e919a3e4374af76cb1776ba60f742 4953936 net optional 
vlc-nox_0.8.6.h-4+lenny1_amd64.deb
 b7fcaf819b6e985eeb4ed0c3c360f723 462378 libs optional 
libvlc0_0.8.6.h-4+lenny1_amd64.deb
 41aa7bc07a1d328868dda2baa8f2edd4 501462 libdevel optional 
libvlc0-dev_0.8.6.h-4+lenny1_amd64.deb
 36c50e92290cddb655f4426fb87ac108 4582 graphics optional 
vlc-plugin-esd_0.8.6.h-4+lenny1_amd64.deb
 f808604cfc59983e4937f946c01571f5 11754 graphics optional 
vlc-plugin-sdl_0.8.6.h-4+lenny1_amd64.deb
 3711ffb6d58cab88d46ec2275fe98b7b 6238 graphics optional 
vlc-plugin-ggi_0.8.6.h-4+lenny1_amd64.deb
 8759e7e76253c804dc1dfc1f3ed75610 4224 graphics optional 
vlc-plugin-arts_0.8.6.h-4+lenny1_amd64.deb
 4629b5d58adcd3664a190cd19a304177 37418 graphics optional 
mozilla-plugin-vlc_0.8.6.h-4+lenny1_amd64.deb
 86c4012be6ed433d39c76b75aad4facb 4806 graphics optional 
vlc-plugin-svgalib_0.8.6.h-4+lenny1_amd64.deb
 d4fc07ff52a75462e3d610cd06295834 4986 graphics optional 
vlc-plugin-jack_0.8.6.h-4+lenny1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkR73AACgkQHYflSXNkfP8+hgCfYYfWgmGbxSlq0pX6F4Q2JuIT
otAAn0Tyyq2+K/1+ttKyaxetl0h2Ombm
=TVYu
-----END PGP SIGNATURE-----



--- End Message ---

Reply via email to