On Tue, Nov 25, 2008 at 07:46:19PM -0500, Steven M. Christey wrote:
>
> On Sat, 22 Nov 2008, Thomas Viehmann wrote:
>
> > I am not quite sure whether I can agree with Will Drewry's analysis[1]
> > accompanying ocert advisory 2008-008[1]. Looking at item 1A, which Will
> > says is fixed in 1.1.5, attached .mov seems to fit the case description
> > and will still corrupt the memory when viewed e.g. in gxine.
>
> This has finally prompted me to process CVE's for the issues originally
> disclosed by Will back in August. Our analysts didn't have a very
> pleasant time with the volume and complexity, I'm sure. Sorry it took so
> long.
>
Steve, thanks for this assignment, I updated our advisory with the
references. We'll try to take a look at the new test case sometimes next
week.
Cheers
> CVE-2008-5234 includes two separate bugs, one of which is the item 1A you
> mention (parse_moov_atom in demux_qt.c). If CVE-2008-5234 actually wasn't
> fixed in 1.1.15, we might need a new CVE to handle the variant.
>
> There are also some cases where an xine bug announcement includes some
> bugs that weren't covered by Will's analysis; those won't have an OCERT
> reference.
>
> CVE-2008-5236 and CVE-2008-5237, and possibly others, don't have a
> "CONFIRM" reference in them - which implies that, based on CVE analysis,
> the upstream vendor didn't provide enough clear evidence of a fix.
>
> My brain is too fried to process the followup comment that listed
> individual patches.
>
> - Steve
>
--
Andrea Barisani | Founder & Project Coordinator
oCERT | Open Source Computer Emergency Response Team
<[EMAIL PROTECTED]> http://www.ocert.org
0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
"Pluralitas non est ponenda sine necessitate"
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
