Your message dated Wed, 10 Apr 2013 19:41:34 +0200
with message-id
<CAJ0ccea7EpH6G0Kj4LxmU7isiKAeW_itRmhVvLCz=irawx2...@mail.gmail.com>
and subject line Re: Bug#705136: vlc: invalid asf stream causes buffer overflow
/ crash
has caused the Debian Bug report #705136,
regarding vlc: invalid asf stream causes buffer overflow / crash
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
705136: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705136
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: vlc
Version: 2.0.3-5
Severity: normal
I guess it's the bug described here:
http://www.h-online.com/open/news/item/Latest-VLC-version-has-dangerous-
hole-1794474.html
It's caused by opening a file with an invalid / corrupted asf stream.
Here's the output of 'vlc -vvv':
VLC media player 2.0.3 Twoflower (revision 2.0.2-93-g77aa89e)
[0x16e1108] main libvlc debug: VLC media player - 2.0.3 Twoflower
[0x16e1108] main libvlc debug: Copyright © 1996-2012 VLC authors and VideoLAN
[0x16e1108] main libvlc debug: revision 2.0.2-93-g77aa89e
[0x16e1108] main libvlc debug: configured with ./configure '--enable-static' '
--build=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-
size=4 -Wformat -Werror=format-security' 'CPPFLAGS=-D_FORTIFY_SOURCE=2'
'CXXFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror
=format-security' 'LDFLAGS=-Wl,-z,relro' '--config-cache' '--disable-
maintainer-mode' '--disable-silent-rules' '--disable-update-check' '--enable-
fast-install' '--prefix=/usr' '--docdir=/usr/share/doc/vlc-nox' '--
sysconfdir=/etc' '--with-binary-version=5' '--enable-a52' '--enable-aa'
'--enable-bluray' '--enable-bonjour' '--enable-caca' '--enable-dbus' '--enable-
dca' '--enable-dirac' '--enable-directfb' '--enable-dvbpsi' '--enable-dvdnav'
'--enable-faad' '--enable-flac' '--enable-fluidsynth' '--enable-freetype'
'--enable-fribidi' '--enable-gnutls' '--enable-jack' '--enable-kate' '--enable-
libass' '--enable-libmpeg2' '--enable-libproxy' '--enable-libxml2' '--enable-
lirc' '--enable-live555' '--enable-mad' '--enable-mkv' '--enable-mod'
'--enable-mpc' '--enable-mtp' '--enable-mux_ogg' '--enable-ncurses' '--enable-
notify' '--enable-ogg' '--enable-oss' '--enable-pulse' '--enable-qt4'
'--enable-realrtsp' '--enable-samplerate' '--enable-schroedinger' '--enable-
sdl' '--enable-shout' '--enable-skins2' '--enable-smb' '--enable-speex'
'--enable-svg' '--enable-taglib' '--enable-theora' '--enable-twolame'
'--enable-upnp' '--enable-vcd' '--enable-vcdx' '--enable-vorbis' '--
enable-x264' '--enable-zvbi' '--with-kde-
solid=/usr/share/kde4/apps/solid/actions/' '--disable-dxva2' '--disable-
gnomevfs' '--disable-goom' '--disable-portaudio' '--disable-projectm'
'--disable-sqlite' '--disable-telx' '--enable-alsa' '--enable-atmo' '--enable-
dc1394' '--enable-dv' '--enable-fbosd' '--enable-libva' '--enable-linsys'
'--enable-omxil' '--enable-pvr' '--enable-udev' '--enable-v4l2' '--enable-
crystalhd' '--enable-mmx' '--enable-sse' '--disable-neon' '--disable-altivec'
'build_alias=x86_64-linux-gnu'
[0x16e1108] main libvlc debug: searching plug-in modules
[0x16e1108] main libvlc debug: loading plugins cache file
/usr/lib/vlc/plugins/plugins.dat
[0x16e1108] main libvlc debug: recursively browsing `/usr/lib/vlc/plugins'
[0x16e1108] main libvlc debug: saving plugins cache
/usr/lib/vlc/plugins/plugins.dat
[0x16e1108] main libvlc debug: plug-ins loaded: 420 modules
[0x16e1108] main libvlc debug: opening config file
(/home/lars/.config/vlc/vlcrc)
[0x16e1108] main libvlc debug: translation test: code is "de"
[0x16e1108] main libvlc debug: CPU has capabilities MMX MMXEXT SSE SSE2 SSE3
SSSE3 SSE4.1 SSE4.2 FPU
[0x16e1108] main libvlc debug: looking for memcpy module: 4 candidates
[0x16e1108] main libvlc debug: using memcpy module "memcpymmxext"
[0x1910008] main input debug: Creating an input for 'Medienbibliothek'
[0x1910008] main input debug: Input is a meta file: disabling unneeded options
[0x1910008] main input debug: using timeshift granularity of 50 MiB, in path
'/tmp'
[0x1910008] main input debug: `file/xspf-
open:///home/lars/.local/share/vlc/ml.xspf' gives access `file' demux `xspf-
open' path `/home/lars/.local/share/vlc/ml.xspf'
[0x1910008] main input debug: creating demux: access='file' demux='xspf-open'
location='/home/lars/.local/share/vlc/ml.xspf'
file='/home/lars/.local/share/vlc/ml.xspf'
[0x1710198] main demux debug: looking for access_demux module: 3 candidates
[0x1710198] main demux debug: no access_demux module matching "file" could be
loaded
[0x1710198] main demux debug: TIMER module_need() : 0.775 ms - Total 0.775 ms /
1 intvls (Avg 0.775 ms)
[0x1910008] main input debug: creating access 'file'
location='/home/lars/.local/share/vlc/ml.xspf',
path='/home/lars/.local/share/vlc/ml.xspf'
[0x17ae0f8] main access debug: looking for access module: 2 candidates
[0x17ae0f8] filesystem access debug: opening file
`/home/lars/.local/share/vlc/ml.xspf'
[0x17ae0f8] main access debug: using access module "filesystem"
[0x17ae0f8] main access debug: TIMER module_need() : 0.341 ms - Total 0.341 ms
/ 1 intvls (Avg 0.341 ms)
[0x17aed68] main stream debug: Using stream method for AStream*
[0x17aed68] main stream debug: starting pre-buffering
[0x17aed68] main stream debug: received first data after 9 ms
[0x17aed68] main stream debug: pre-buffering done 299 bytes in 0s - 32 KiB/s
[0x17aefc8] main stream debug: looking for stream_filter module: 7 candidates
[0x17aefc8] main stream debug: no stream_filter module matching "any" could be
loaded
[0x17aefc8] main stream debug: TIMER module_need() : 0.916 ms - Total 0.916 ms
/ 1 intvls (Avg 0.916 ms)
[0x17aefc8] main stream debug: looking for stream_filter module: 1 candidate
[0x17aefc8] main stream debug: using stream_filter module
"stream_filter_record"
[0x17aefc8] main stream debug: TIMER module_need() : 0.183 ms - Total 0.183 ms
/ 1 intvls (Avg 0.183 ms)
[0x1910008] main input debug: creating demux: access='file' demux='xspf-open'
location='/home/lars/.local/share/vlc/ml.xspf'
file='/home/lars/.local/share/vlc/ml.xspf'
[0x17afe08] main demux debug: looking for demux module: 1 candidate
[0x17afe08] playlist demux debug: using XSPF playlist reader
[0x17afe08] main demux debug: using demux module "playlist"
[0x17afe08] main demux debug: TIMER module_need() : 0.243 ms - Total 0.243 ms /
1 intvls (Avg 0.243 ms)
[0x17b0668] main demux meta debug: looking for meta reader module: 2 candidates
[0x17b0668] lua demux meta debug: Trying Lua scripts in
/home/lars/.local/share/vlc/lua/meta/reader
[0x17b0668] lua demux meta debug: Trying Lua scripts in
/usr/lib/vlc/lua/meta/reader
[0x17b0668] lua demux meta debug: Trying Lua playlist script
/usr/lib/vlc/lua/meta/reader/filename.luac
[0x17b0668] lua demux meta debug: Trying Lua scripts in
/usr/share/vlc/lua/meta/reader
[0x17b0668] main demux meta debug: no meta reader module matching "any" could
be loaded
[0x17b0668] main demux meta debug: TIMER module_need() : 3.584 ms - Total 3.584
ms / 1 intvls (Avg 3.584 ms)
[0x1910008] main input debug: `file/xspf-
open:///home/lars/.local/share/vlc/ml.xspf' successfully opened
[0x17be7a8] main xml reader debug: looking for xml reader module: 1 candidate
[0x17be7a8] main xml reader debug: using xml reader module "xml"
[0x17be7a8] main xml reader debug: TIMER module_need() : 1.534 ms - Total 1.534
ms / 1 intvls (Avg 1.534 ms)
[0x17afe08] playlist demux debug: parsed 0 tracks successfully
[0x1910008] main input debug: EOF reached
[0x17afe08] main demux debug: removing module "playlist"
[0x17aefc8] main stream debug: removing module "stream_filter_record"
[0x17ae0f8] main access debug: removing module "filesystem"
[0x1910008] main input debug: TIMER input launching for 'Medienbibliothek' :
15.926 ms - Total 15.926 ms / 1 intvls (Avg 15.926 ms)
[0x170fb88] main interface debug: looking for interface module: 1 candidate
[0x170fb88] main interface debug: using interface module "hotkeys"
[0x170fb88] main interface debug: TIMER module_need() : 0.312 ms - Total 0.312
ms / 1 intvls (Avg 0.312 ms)
[0x16f8538] main interface debug: looking for interface module: 1 candidate
[0x190e7c8] main playlist debug: playlist threads correctly activated
[0x16f8538] main interface debug: using interface module "inhibit"
[0x16f8538] main interface debug: TIMER module_need() : 2.273 ms - Total 2.273
ms / 1 intvls (Avg 2.273 ms)
[0x190e7c8] main playlist debug: rebuilding array of current - root
Wiedergabeliste
[0x190e7c8] main playlist debug: rebuild done - 0 items, index -1
[0x16f67a8] main interface debug: looking for interface module: 1 candidate
[0x16f67a8] main interface debug: using interface module "globalhotkeys"
[0x16f67a8] main interface debug: TIMER module_need() : 13.482 ms - Total
13.482 ms / 1 intvls (Avg 13.482 ms)
[0x16e1108] main libvlc: VLC wird mit dem Standard-Interface ausgeführt.
Benutzen Sie 'cvlc', um VLC ohne Interface zu verwenden.
[0x1910b28] main interface debug: looking for interface module: 6 candidates
[0x1a46b98] main generic debug: looking for extension module: 1 candidate
[0x1a46b98] lua generic debug: Opening Lua Extension module
[0x1a46b98] lua generic debug: Trying Lua scripts in
/home/lars/.local/share/vlc/lua/extensions
[0x1a46b98] lua generic debug: Trying Lua scripts in
/usr/lib/vlc/lua/extensions
[0x1a46b98] lua generic debug: Trying Lua scripts in
/usr/share/vlc/lua/extensions
[0x1a46b98] main generic debug: using extension module "lua"
[0x1a46b98] main generic debug: TIMER module_need() : 0.394 ms - Total 0.394 ms
/ 1 intvls (Avg 0.394 ms)
[0x1910b28] main interface debug: using interface module "qt4"
[0x1910b28] main interface debug: TIMER module_need() : 261.796 ms - Total
261.796 ms / 1 intvls (Avg 261.796 ms)
[0x190e7c8] main playlist debug: adding item `clip.wmv' (
file:///home/lars/clip.wmv )
[0x1910b28] qt4 interface debug: Adding a new MRL to recent ones:
file:///home/lars/clip.wmv
[0x190e7c8] main playlist debug: rebuilding array of current - root
Wiedergabeliste
[0x190e7c8] main playlist debug: rebuild done - 1 items, index -1
[0x190e7c8] main playlist debug: processing request item: clip.wmv, node: null,
skip: 0
[0x190e7c8] main playlist debug: resyncing on clip.wmv
[0x190e7c8] main playlist debug: clip.wmv is at 0
[0x190e7c8] main playlist debug: starting playback of the new playlist item
[0x190e7c8] main playlist debug: resyncing on clip.wmv
[0x190e7c8] main playlist debug: clip.wmv is at 0
[0x190e7c8] main playlist debug: creating new input thread
[0x7fc7d0000a88] main input debug: Creating an input for 'clip.wmv'
[0x1c30db8] main input debug: Creating an input for 'clip.wmv'
[0x1c30db8] main input debug: using timeshift granularity of 50 MiB, in path
'/tmp'
[0x1c30db8] main input debug: `file:///home/lars/clip.wmv' gives access `file'
demux `' path `/home/lars/clip.wmv'
[0x1c30db8] main input debug: creating demux: access='file' demux=''
location='/home/lars/clip.wmv' file='/home/lars/clip.wmv'
[0x1c196d8] main demux debug: looking for access_demux module: 3 candidates
[0x1c196d8] main demux debug: no access_demux module matching "file" could be
loaded
[0x1c196d8] main demux debug: TIMER module_need() : 0.417 ms - Total 0.417 ms /
1 intvls (Avg 0.417 ms)
[0x1c30db8] main input debug: creating access 'file'
location='/home/lars/clip.wmv', path='/home/lars/clip.wmv'
[0x1c44f58] main access debug: looking for access module: 2 candidates
[0x1c44f58] filesystem access debug: opening file `/home/lars/clip.wmv'
[0x1c44f58] main access debug: using access module "filesystem"
[0x1c44f58] main access debug: TIMER module_need() : 0.397 ms - Total 0.397 ms
/ 1 intvls (Avg 0.397 ms)
[0x1c36f38] main stream debug: Using stream method for AStream*
[0x1c36f38] main stream debug: starting pre-buffering
[0x1c36f38] main stream debug: received first data after 10 ms
[0x1c36f38] main stream debug: pre-buffering done 1024 bytes in 0s - 90 KiB/s
[0x7fc7d0001de8] main stream debug: looking for stream_filter module: 7
candidates
[0x7fc7d0001de8] main stream debug: no stream_filter module matching "any"
could be loaded
[0x7fc7d0001de8] main stream debug: TIMER module_need() : 0.245 ms - Total
0.245 ms / 1 intvls (Avg 0.245 ms)
[0x1bf8248] main stream debug: looking for stream_filter module: 1 candidate
[0x1bf8248] main stream debug: using stream_filter module
"stream_filter_record"
[0x1bf8248] main stream debug: TIMER module_need() : 0.125 ms - Total 0.125 ms
/ 1 intvls (Avg 0.125 ms)
[0x1c30db8] main input debug: creating demux: access='file' demux=''
location='/home/lars/clip.wmv' file='/home/lars/clip.wmv'
[0x1bf3818] main demux debug: looking for demux module: 54 candidates
[0x1bf8248] asf stream debug: found object guid: 0x75b22630-0x668e-0x11cf-
0xa6d900aa0062ce6c size:5559
[0x1bf8248] asf stream debug: read "header object" subobj:10, reserved1:1,
reserved2:2
[0x1bf8248] asf stream debug: found object guid: 0x8cabdca1-0xa947-0x11cf-
0x8ee400c00c205365 size:104
[0x1bf8248] asf stream debug: read "file properties object"
file_id:0xf6e46897-0x7eb2-0x443e-0xb2d84eaf01360929 file_size:1668815
creation_date:129721283860075000 data_packets_count:207 play_duration:189130000
send_duration:154810000 preroll:3065 flags:2 min_data_packet_size:8000
max_data_packet_size:8000 max_bitrate:858143
[0x1bf8248] asf stream debug: found object guid: 0x5fbf03b5-0xa92e-0x11cf-
0x8ee300c00c205365 size:3247
[0x1bf8248] asf stream debug: read "header extension object"
reserved1:0xabd3d211-0xa9ba-0x11cf-0x8ee600c00c205365 reserved2:6
header_extension_size:3201
[0x1bf8248] asf stream debug: found object guid: 0xc5f8cbea-0x5baf-
0x4877-0x8467aa8c44fa4cca size:358
[0x1bf8248] asf stream debug: read "metadata object" 7 entries
[0x1bf8248] asf stream debug: - AspectRatioX=1
[0x1bf8248] asf stream debug: - AspectRatioY=1
[0x1bf8248] asf stream debug: - IsVBR=1
[0x1bf8248] asf stream debug: - DeviceConformanceTemplate=L2
[0x1bf8248] asf stream debug: - IsVBR=0
[0x1bf8248] asf stream debug: - DeviceConformanceTemplate=MP@ML
[0x1bf8248] asf stream debug: - NumberOfFrames=461
[0x1bf8248] asf stream debug: found object guid: 0x26f18b5d-0x4584-0x47ec-
0x9f5f0e651f0452c9 size:26
[0x1bf8248] asf stream warning: unknown asf object (not loaded)
[0x1bf8248] asf stream debug: found object guid: 0x1806d474-0xcadf-
0x4509-0xa4ba9aabcb96aae8 size:2465
[0x1bf8248] asf stream warning: unknown asf object (not loaded)
[0x1bf8248] asf stream debug: found object guid: 0xa08649cf-
0x4775-0x4670-0x8a166e35357566cd size:44
[0x1bf8248] asf stream debug: read "advanced mutual exclusion object"
[0x1bf8248] asf stream debug: - stream=1
[0x1bf8248] asf stream debug: found object guid: 0xd4fed15b-0x88d3-0x454f-
0x81f0ed5c45999e24 size:34
[0x1bf8248] asf stream debug: read "stream prioritization object"
[0x1bf8248] asf stream debug: - Stream:1 flags=0x0
[0x1bf8248] asf stream debug: - Stream:2 flags=0x0
[0x1bf8248] asf stream debug: found object guid: 0x14e6a5cb-
0xc672-0x4332-0x8399a96952065b5a size:88
[0x1bf8248] asf stream debug: read "extended stream properties object":
[0x1bf8248] asf stream debug: - start=0 end=0
[0x1bf8248] asf stream debug: - data bitrate=48598 buffer=758 initial
fullness=0
[0x1bf8248] asf stream debug: - alternate data bitrate=42000 buffer=2971
initial fullness=0
[0x1bf8248] asf stream debug: - maximum object size=2230
[0x1bf8248] asf stream debug: - flags=0x2
[0x1bf8248] asf stream debug: - stream number=1 language=0
[0x1bf8248] asf stream debug: - average time per frame=2923095
[0x1bf8248] asf stream debug: - stream name count=0
[0x1bf8248] asf stream debug: - payload extension system count=0
[0x1bf8248] asf stream debug: found object guid: 0x14e6a5cb-
0xc672-0x4332-0x8399a96952065b5a size:110
[0x1bf8248] asf stream debug: read "extended stream properties object":
[0x1bf8248] asf stream debug: - start=0 end=0
[0x1bf8248] asf stream debug: - data bitrate=800000 buffer=3000 initial
fullness=0
[0x1bf8248] asf stream debug: - alternate data bitrate=800000 buffer=3000
initial fullness=0
[0x1bf8248] asf stream debug: - maximum object size=15765
[0x1bf8248] asf stream debug: - flags=0x2
[0x1bf8248] asf stream debug: - stream number=2 language=0
[0x1bf8248] asf stream debug: - average time per frame=333667
[0x1bf8248] asf stream debug: - stream name count=0
[0x1bf8248] asf stream debug: - payload extension system count=1
[0x1bf8248] asf stream debug: found object guid: 0xd6e229df-0x35da-
0x11d1-0x903400a0c90349be size:38
[0x1bf8248] asf stream warning: unknown asf object (not loaded)
[0x1bf8248] asf stream debug: found object guid: 0x6b203bad-
0x3f11-0x48e4-0xaca8d7613de2cfa7 size:38
[0x1bf8248] asf stream warning: unknown asf object (not loaded)
[0x1bf8248] asf stream debug: found object guid:
0xd2d0a440-0xe307-0x11d2-0x97f000a0c95ea850 size:1530
[0x1bf8248] asf stream debug: read "extended content description object"
[0x1bf8248] asf stream debug: - 'WMFSDKVersion' = '11.0.5721.5275'
[0x1bf8248] asf stream debug: - 'WMFSDKNeeded' = '0.0.0.0000'
[0x1bf8248] asf stream debug: - 'IsVBR' = 'true'
[0x1bf8248] asf stream debug: - 'ASFLeakyBucketPairs' =
'0000C05D0000A6250800307500007B780600C8AF0000423C040090E20000BF3B030000C20100DE82010080A90300669A000030570500F556000020A10700D12A000090230B007E0A000040420F0040000000C05C15002D000000200B20001E000000404B4C000C0000008096980006000000'
[0x1bf8248] asf stream debug: - 'WM/AlbumTitle' = ''
[0x1bf8248] asf stream debug: - 'WM/Track' = ''
[0x1bf8248] asf stream debug: - 'WM/PromotionURL' = ''
[0x1bf8248] asf stream debug: - 'WM/AlbumCoverURL' = ''
[0x1bf8248] asf stream debug: - 'WM/Genre' = ''
[0x1bf8248] asf stream debug: - 'WM/Year' = ''
[0x1bf8248] asf stream debug: - 'WM/GenreID' = ''
[0x1bf8248] asf stream debug: - 'WM/Composer' = ''
[0x1bf8248] asf stream debug: - 'WM/Lyrics' = ''
[0x1bf8248] asf stream debug: - 'WM/ToolName' = ''
[0x1bf8248] asf stream debug: - 'WM/ToolVersion' = ''
[0x1bf8248] asf stream debug: - 'WM/AlbumArtist' = ''
[0x1bf8248] asf stream debug: - 'WM/AuthorURL' = ''
[0x1bf8248] asf stream debug: - 'WM/AudioFileURL' = ''
[0x1bf8248] asf stream debug: - 'WM/Language' = ''
[0x1bf8248] asf stream debug: - 'WM/ParentalRating' = ''
[0x1bf8248] asf stream debug: - 'WM/BeatsPerMinute' = ''
[0x1bf8248] asf stream debug: - 'WM/InitialKey' = ''
[0x1bf8248] asf stream debug: - 'WM/Mood' = ''
[0x1bf8248] asf stream debug: - 'WM/DVDID' = ''
[0x1bf8248] asf stream debug: - 'WM/UniqueFileIdentifier' = ''
[0x1bf8248] asf stream debug: - 'WM/ModifiedBy' = ''
[0x1bf8248] asf stream debug: - 'WM/RadioStationName' = ''
[0x1bf8248] asf stream debug: - 'WM/RadioStationOwner' = ''
[0x1bf8248] asf stream debug: - 'WM/PlaylistDelay' = ''
[0x1bf8248] asf stream debug: - 'WM/Codec' = ''
[0x1bf8248] asf stream debug: - 'WM/DRM' = ''
[0x1bf8248] asf stream debug: - 'WM/ISRC' = ''
[0x1bf8248] asf stream debug: - 'WM/Provider' = ''
[0x1bf8248] asf stream debug: - 'WM/ProviderRating' = ''
[0x1bf8248] asf stream debug: - 'WM/ProviderStyle' = ''
[0x1bf8248] asf stream debug: - 'WM/ContentDistributor' = ''
[0x1bf8248] asf stream debug: - 'WM/SubscriptionContentID' = ''
[0x1bf8248] asf stream debug: found object guid: 0xd6e229dc-0x35da-
0x11d1-0x903400a0c90349be size:44
[0x1bf8248] asf stream warning: unknown asf object (not loaded)
[0x1bf8248] asf stream debug: found object guid: 0x86d15240-0x311d-
0x11d0-0xa3a400a0c90348f6 size:232
[0x1bf8248] asf stream debug: read "codec list object" reserved_guid:0x86d15241
-0x311d-0x11d0-0xa3a400a0c90348f6 codec_entries_count:2
[0x1bf8248] asf stream debug: - codec[0] audio name:"Windows Media Audio 9.2"
description:" 48 kbps, 44 kHz, stereo 2-pass VBR" information_length:2
[0x1bf8248] asf stream debug: - codec[1] video name:"Windows Media Video 9"
description:"" information_length:4
[0x1bf8248] asf stream debug: found object guid: 0xb7dc0791-0xa9b7-0x11cf-
0x8ee600c00c205365 size:114
[0x1bf8248] asf stream debug: read "stream Properties object"
stream_type:0xf8699e40-0x5b4d-0x11cf-0xa8fd00805f5c442b
error_correction_type:0xbfc3cd50-0x618f-0x11cf-0x8bb200aa00b4e220 time_offset:0
type_specific_data_length:28 error_correction_data_length:8 flags:0x1
stream_number:1
[0x1bf8248] asf stream debug: found object guid: 0xb7dc0791-0xa9b7-0x11cf-
0x8ee600c00c205365 size:134
[0x1bf8248] asf stream debug: read "stream Properties object"
stream_type:0xbc19efc0-0x5b4d-0x11cf-0xa8fd00805f5c442b
error_correction_type:0x20fb5700-0x5b55-0x11cf-0xa8fd00805f5c442b time_offset:0
type_specific_data_length:56 error_correction_data_length:0 flags:0x2
stream_number:2
[0x1bf8248] asf stream debug: found object guid: 0x7bf875ce-0x468d-
0x11d1-0x8d82006097c9a2b2 size:38
[0x1bf8248] asf stream debug: read "stream bitrate properties object"
[0x1bf8248] asf stream debug: - stream=1 bitrate=49318
[0x1bf8248] asf stream debug: - stream=2 bitrate=808825
[0x1bf8248] asf stream debug: found object guid: 0x75b22633-0x668e-0x11cf-
0xa6d900aa0062ce6c size:44
[0x1bf8248] asf stream debug: read "content description object" title:""
artist:"" copyright:"" description:"" rating:""
[0x1bf8248] asf stream debug: found object guid: 0x2211b3fa-
0xbd23-0x11d2-0xb4b700a0c955fc6e size:42
[0x1bf8248] asf stream warning: unknown asf object (not loaded)
[0x1bf8248] asf stream debug: found object guid: 0x75b22636-0x668e-0x11cf-
0xa6d900aa0062ce6c size:1656050
[0x1bf8248] asf stream debug: read "data object" file_id:0xf6e46897-0x7eb2
-0x443e-0xb2d84eaf01360929 total data packet:207 reserved:257
[0x1bf8248] asf stream debug: found object guid: 0x42e897a9-0x719c-
0x9499-0x91e3afacf00b0000 size:8104297056383795200
[0x1bf8248] asf stream warning: unknown asf object (not loaded)
[0x1bf8248] asf stream warning: unknow object found
[0x1bf8248] asf stream debug: found object guid: 0x6469763a-
0x6f65-0x7246-0x616d65526174653d size:7363446109478924834
[0x1bf8248] asf stream warning: unknown asf object (not loaded)
[0x1bf8248] asf stream warning: unknow object found
[0x1bf8248] asf stream debug: found object guid:
0x20202020-0x2020-0x2020-0x2020202020202020 size:2314885530818453536
[0x1bf8248] asf stream warning: unknown asf object (not loaded)
[0x1bf8248] asf stream warning: unknow object found
[0x1bf8248] asf stream debug: found object guid:
0x20202020-0x2020-0x2020-0x2020202020202020 size:2314885530818453536
[0x1bf8248] asf stream warning: unknown asf object (not loaded)
[0x1bf8248] asf stream warning: unknow object found
[0x1bf8248] asf stream debug: found object guid:
0x20202020-0x2020-0x2020-0x2020202020202020 size:2314885530818453536
The last 3 lines are repeated until it crashes (because there's no more memory
/ swap available):
[0x1bf8248] asf stream debug: found object guid:
0x20202020-0x2020-0x2020-0x2020202020202020 size:2314885530818453536
[0x1bf8248] asf stream warning: unknown asf object (not loaded)
[0x1bf8248] asf stream warning: unknow object found
[0x1bf8248] Getötet
-- System Information:
Debian Release: 7.0
APT prefers testing-updates
APT policy: (500, 'testing-updates'), (500, 'testing-proposed-updates'),
(500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages vlc depends on:
ii dpkg 1.16.10
ii fonts-freefont-ttf 20120503-1
ii libaa1 1.4p5-40
ii libavcodec53 6:0.8.6-1
ii libavutil51 6:0.8.6-1
ii libc6 2.13-38
ii libcaca0 0.99.beta18-1
ii libfreetype6 2.4.9-1.1
ii libfribidi0 0.19.2-3
ii libgcc1 1:4.7.2-5
ii libgl1-mesa-glx [libgl1] 8.0.5-4
ii libice6 2:1.0.8-2
ii libqtcore4 4:4.8.2+dfsg-11
ii libqtgui4 4:4.8.2+dfsg-11
ii libsdl-image1.2 1.2.12-2
ii libsdl1.2debian 1.2.15-5
ii libsm6 2:1.2.1-2
ii libstdc++6 4.7.2-5
ii libtar0 1.2.16-1
ii libva-x11-1 1.0.15-4
ii libva1 1.0.15-4
ii libvlccore5 2.0.3-5
ii libx11-6 2:1.5.0-1
ii libxcb-composite0 1.8.1-2
ii libxcb-keysyms1 0.3.9-1
ii libxcb-randr0 1.8.1-2
ii libxcb-render0 1.8.1-2
ii libxcb-shape0 1.8.1-2
ii libxcb-shm0 1.8.1-2
ii libxcb-xfixes0 1.8.1-2
ii libxcb-xv0 1.8.1-2
ii libxcb1 1.8.1-2
ii libxext6 2:1.3.1-2
ii libxinerama1 2:1.1.2-1
ii libxpm4 1:3.5.10-1
ii vlc-nox 2.0.3-5
ii zlib1g 1:1.2.7.dfsg-13
Versions of packages vlc recommends:
ii vlc-plugin-notify 2.0.3-5
ii vlc-plugin-pulse 2.0.3-5
ii xdg-utils 1.1.0~rc1+git20111210-6
Versions of packages vlc suggests:
pn videolan-doc <none>
Versions of packages vlc-nox depends on:
ii dpkg 1.16.10
ii liba52-0.7.4 0.7.4-16
ii libasound2 1.0.25-4
ii libass4 0.10.0-3
ii libavahi-client3 0.6.31-2
ii libavahi-common3 0.6.31-2
ii libavc1394-0 0.5.4-2
ii libavcodec53 6:0.8.6-1
ii libavformat53 6:0.8.6-1
ii libavutil51 6:0.8.6-1
ii libbluray1 1:0.2.2-1
ii libc6 2.13-38
ii libcddb2 1.3.2-3
ii libcdio13 0.83-4
ii libcrystalhd3 1:0.0~git20110715.fdd2f19-9
ii libdbus-1-3 1.6.8-1
ii libdc1394-22 2.2.0-2
ii libdca0 0.0.5-5
ii libdirac-decoder0 1.0.2-6
ii libdirac-encoder0 1.0.2-6
ii libdirectfb-1.2-9 1.2.10.0-5
ii libdvbpsi7 0.2.2-1
ii libdvdnav4 4.2.0+20120524-2
ii libdvdread4 4.2.0+20120521-2
ii libebml3 1.2.2-2
ii libfaad2 2.7-8
ii libflac8 1.2.1-6
ii libfontconfig1 2.9.0-7.1
ii libfreetype6 2.4.9-1.1
ii libfribidi0 0.19.2-3
ii libgcc1 1:4.7.2-5
ii libgcrypt11 1.5.0-5
ii libgnutls26 2.12.20-4
ii libgpg-error0 1.10-3.1
ii libiso9660-8 0.83-4
ii libkate1 0.4.1-1
ii liblircclient0 0.9.0~pre1-1
ii liblua5.1-0 5.1.5-4
ii libmad0 0.15.1b-7
ii libmatroska5 1.3.0-2
ii libmodplug1 1:0.8.8.4-3
ii libmpcdec6 2:0.1~r459-4
ii libmpeg2-4 0.4.1-3
ii libmtp9 1.1.3-35-g0ece104-5
ii libncursesw5 5.9-10
ii libogg0 1.3.0-4
ii libpng12-0 1.2.49-1
ii libpostproc52 6:0.8.6-1
ii libproxy0 0.3.1-6
ii libraw1394-11 2.0.9-1
ii libresid-builder0c2a 2.1.1-14
ii libsamplerate0 0.1.8-5
ii libschroedinger-1.0-0 1.0.11-2
ii libshout3 2.2.2-8
ii libsidplay2 2.1.1-14
ii libsmbclient 2:3.6.6-5
ii libspeex1 1.2~rc1-7
ii libspeexdsp1 1.2~rc1-7
ii libstdc++6 4.7.2-5
ii libswscale2 6:0.8.6-1
ii libtag1c2a 1.7.2-1
ii libtheora0 1.1.1+dfsg.1-3.1
ii libtinfo5 5.9-10
ii libtwolame0 0.3.13-1
ii libudev0 175-7.1
ii libupnp6 1:1.6.17-1.2
ii libusb-1.0-0 2:1.0.11-1
ii libv4l-0 0.8.8-3
ii libvcdinfo0 0.7.24+dfsg-0.1
ii libvlc5 2.0.3-5
ii libvlccore5 2.0.3-5
ii libvorbis0a 1.3.2-1.3
ii libvorbisenc2 1.3.2-1.3
ii libx264-123 2:0.123.2189+git35cf912-1
ii libxml2 2.8.0+dfsg1-7+nmu1
ii libzvbi0 0.2.33-6
ii zlib1g 1:1.2.7.dfsg-13
Versions of packages libvlc5 depends on:
ii dpkg 1.16.10
ii libc6 2.13-38
ii libvlccore5 2.0.3-5
Versions of packages libvlccore5 depends on:
ii dpkg 1.16.10
ii libc6 2.13-38
ii libdbus-1-3 1.6.8-1
ii vlc-data 2.0.3-5
Versions of packages vlc is related to:
pn libavutil50 <none>
ii libavutil51 6:0.8.6-1
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 2.0.6-1
On Wed, Apr 10, 2013 at 4:16 PM, Lars Cebulla <[email protected]> wrote:
> Package: vlc
> Version: 2.0.3-5
> Severity: normal
>
> I guess it's the bug described here:
> http://www.h-online.com/open/news/item/Latest-VLC-version-has-dangerous-
> hole-1794474.html
>
> It's caused by opening a file with an invalid / corrupted asf stream.
That issue is tracked as http://www.videolan.org/security/sa1302.html
The pach for this seems to be this one:
http://git.videolan.org/?p=vlc.git;a=commitdiff;h=b31ce523331aa3a6e620b68cdfe3f161d519631e
Fortuatenly, we already have a fix in unstable, but not in testing
yet. Unfortunately, there does not seem to be a CVE for this issue
yet. Also, I have not checked yet if stable (Version 1.1.3) is
affected by this.
Dear Security team, can you assign a temporary identifier for tracking
purposes? Also, how do we want to handle this for wheezy? Shall we
prepare an upload for t-p-u, or do you prefer to go via
security.debian.org?
--
regards,
Reinhard
--- End Message ---