Your message dated Wed, 22 Aug 2007 07:57:14 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#429726: fixed in vlc 0.8.1.svn20050314-1sarge3
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: vlc
Version: 0.8.6.a.debian-6
Severity: grave
Tags: security, fixed-upstream
Justification: user security hole
VLC versions in old-stable, stable and unstable are affectd by multiple
remotely triggerable format string vulnerabilities, addressed in
upstream release 0.8.6c.
http://www.videolan.org/sa0702.html
Sorry for the inconvenience,
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.21-1-686 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages vlc depends on:
ii libaa1 1.4p5-32 ascii art library
ii libatk1.0-0 1.18.0-2 The ATK accessibility
toolkit
ii libc6 2.5-11 GNU C Library: Shared
libraries
ii libcaca0 0.99.beta11.debian-3 colour ASCII art library
ii libcairo2 1.4.6-1.1 The Cairo 2D vector
graphics libra
ii libcdio6 0.76-1 library to read and control
CD-ROM
ii libcucul0 0.99.beta11.debian-3 low-level Unicode character
drawin
ii libdbus-1-3 1.1.0-1 simple interprocess
messaging syst
ii libdbus-glib-1-2 0.73-2 simple interprocess
messaging syst
ii libfontconfig1 2.4.2-1.2 generic font configuration
library
ii libfreetype6 2.2.1-6 FreeType 2 font engine,
shared lib
ii libfribidi0 0.10.7-4 Free Implementation of the
Unicode
ii libgcc1 1:4.2-20070609-1 GCC support library
ii libgl1-mesa-glx [li 6.5.2-5 A free implementation of
the OpenG
ii libglib2.0-0 2.12.12-1 The GLib library of C
routines
ii libglu1-mesa [libgl 6.5.2-5 The OpenGL utility library
(GLU)
ii libgtk2.0-0 2.10.13-1 The GTK+ graphical user
interface
ii libice6 1:1.0.3-2 X11 Inter-Client Exchange
library
ii libiso9660-4 0.76-1 library to work with
ISO9660 files
ii libjpeg62 6b-13 The Independent JPEG
Group's JPEG
ii libnotify1 0.4.4-3 sends desktop notifications
to a n
ii libpango1.0-0 1.16.4-1 Layout and rendering of
internatio
ii libpng12-0 1.2.15~beta5-2 PNG library - runtime
ii libsdl-image1.2 1.2.5-3 image loading library for
Simple D
ii libsdl1.2debian 1.2.11-9 Simple DirectMedia Layer
ii libsm6 2:1.0.3-1 X11 Session Management
library
ii libstdc++6 4.2-20070609-1 The GNU Standard C++
Library v3
ii libtar 1.2.11-4 C library for manipulating
tar arc
ii libtiff4 3.8.2-7 Tag Image File Format
(TIFF) libra
ii libvcdinfo0 0.7.23-3 library to extract
information fro
ii libvlc0 0.8.6.a.debian-6 multimedia player and
streamer lib
ii libwxbase2.6-0 2.6.3.2.1.5 wxBase library (runtime) -
non-GUI
ii libwxgtk2.6-0 2.6.3.2.1.5 wxWidgets Cross-platform
C++ GUI t
ii libx11-6 2:1.0.3-7 X11 client-side library
ii libxcursor1 1:1.1.8-2 X cursor management library
ii libxext6 1:1.0.3-2 X11 miscellaneous extension
librar
ii libxfixes3 1:4.0.3-2 X11 miscellaneous 'fixes'
extensio
ii libxi6 1:1.0.1-4 X11 Input extension library
ii libxinerama1 1:1.0.2-1 X11 Xinerama extension
library
ii libxosd2 2.2.14-1.3 X On-Screen Display
library - runt
ii libxrandr2 2:1.2.1-1 X11 RandR extension library
ii libxrender1 1:0.9.2-1 X Rendering Extension
client libra
ii libxv1 1:1.0.3-1 X11 Video extension library
ii libxxf86vm1 1:1.0.1-2 X11 XFree86 video mode
extension l
ii ttf-dejavu 2.17-2 Vera font family derivate
with add
ii vlc-nox 0.8.6.a.debian-6 multimedia player and
streamer (wi
ii zlib1g 1:1.2.3-15 compression library -
runtime
Versions of packages vlc recommends:
pn videolan-doc <none> (no description available)
-- no debconf information
--
RĂ©mi Denis-Courmont
http://www.remlab.net/
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Source: vlc
Source-Version: 0.8.1.svn20050314-1sarge3
We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive:
gnome-vlc_0.8.1.svn20050314-1sarge3_i386.deb
to pool/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge3_i386.deb
gvlc_0.8.1.svn20050314-1sarge3_i386.deb
to pool/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge3_i386.deb
kvlc_0.8.1.svn20050314-1sarge3_i386.deb
to pool/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge3_i386.deb
libvlc0-dev_0.8.1.svn20050314-1sarge3_i386.deb
to pool/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge3_i386.deb
mozilla-plugin-vlc_0.8.1.svn20050314-1sarge3_i386.deb
to pool/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge3_i386.deb
qvlc_0.8.1.svn20050314-1sarge3_i386.deb
to pool/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge3_i386.deb
vlc-alsa_0.8.1.svn20050314-1sarge3_i386.deb
to pool/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge3_i386.deb
vlc-esd_0.8.1.svn20050314-1sarge3_i386.deb
to pool/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge3_i386.deb
vlc-ggi_0.8.1.svn20050314-1sarge3_i386.deb
to pool/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge3_i386.deb
vlc-glide_0.8.1.svn20050314-1sarge3_i386.deb
to pool/main/v/vlc/vlc-glide_0.8.1.svn20050314-1sarge3_i386.deb
vlc-gnome_0.8.1.svn20050314-1sarge3_i386.deb
to pool/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge3_i386.deb
vlc-gtk_0.8.1.svn20050314-1sarge3_i386.deb
to pool/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge3_i386.deb
vlc-plugin-alsa_0.8.1.svn20050314-1sarge3_i386.deb
to pool/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge3_i386.deb
vlc-plugin-arts_0.8.1.svn20050314-1sarge3_i386.deb
to pool/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge3_i386.deb
vlc-plugin-esd_0.8.1.svn20050314-1sarge3_i386.deb
to pool/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge3_i386.deb
vlc-plugin-ggi_0.8.1.svn20050314-1sarge3_i386.deb
to pool/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge3_i386.deb
vlc-plugin-glide_0.8.1.svn20050314-1sarge3_i386.deb
to pool/main/v/vlc/vlc-plugin-glide_0.8.1.svn20050314-1sarge3_i386.deb
vlc-plugin-sdl_0.8.1.svn20050314-1sarge3_i386.deb
to pool/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge3_i386.deb
vlc-plugin-svgalib_0.8.1.svn20050314-1sarge3_i386.deb
to pool/main/v/vlc/vlc-plugin-svgalib_0.8.1.svn20050314-1sarge3_i386.deb
vlc-qt_0.8.1.svn20050314-1sarge3_i386.deb
to pool/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge3_i386.deb
vlc-sdl_0.8.1.svn20050314-1sarge3_i386.deb
to pool/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge3_i386.deb
vlc_0.8.1.svn20050314-1sarge3.diff.gz
to pool/main/v/vlc/vlc_0.8.1.svn20050314-1sarge3.diff.gz
vlc_0.8.1.svn20050314-1sarge3.dsc
to pool/main/v/vlc/vlc_0.8.1.svn20050314-1sarge3.dsc
vlc_0.8.1.svn20050314-1sarge3_i386.deb
to pool/main/v/vlc/vlc_0.8.1.svn20050314-1sarge3_i386.deb
wxvlc_0.8.1.svn20050314-1sarge3_i386.deb
to pool/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sam Hocevar (Debian packages) <[EMAIL PROTECTED]> (supplier of updated vlc
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 20 Jun 2007 22:08:33 +0000
Source: vlc
Binary: vlc-esd wxvlc vlc-plugin-sdl kvlc gvlc vlc-plugin-alsa gnome-vlc vlc-qt
vlc-ggi mozilla-plugin-vlc vlc vlc-gnome vlc-gtk vlc-sdl vlc-alsa
vlc-plugin-svgalib vlc-glide vlc-plugin-ggi qvlc vlc-plugin-esd
vlc-plugin-glide vlc-plugin-arts libvlc0-dev
Architecture: source i386
Version: 0.8.1.svn20050314-1sarge3
Distribution: oldstable-security
Urgency: high
Maintainer: Sam Hocevar (Debian packages) <[EMAIL PROTECTED]>
Changed-By: Sam Hocevar (Debian packages) <[EMAIL PROTECTED]>
Description:
gnome-vlc - GNOME frontend for VLC (dummy legacy package)
gvlc - GTK+ frontend for VLC (dummy legacy package)
kvlc - KDE frontend for VLC (dummy legacy package)
libvlc0-dev - development files for VLC
mozilla-plugin-vlc - multimedia plugin for Mozilla based on VLC
qvlc - Qt frontend for VLC (dummy legacy package)
vlc - multimedia player for all audio and video formats
vlc-alsa - ALSA audio output plugin for VLC (dummy legacy package)
vlc-esd - Esound audio output plugin for VLC (dummy legacy package)
vlc-ggi - GGI video output plugin for VLC (dummy legacy package)
vlc-glide - Glide video output plugin for VLC (dummy legacy package)
vlc-gnome - GNOME frontend for VLC (dummy legacy package)
vlc-gtk - GTK+ frontend for VLC (dummy legacy package)
vlc-plugin-alsa - ALSA audio output plugin for VLC
vlc-plugin-arts - aRts audio output plugin for VLC
vlc-plugin-esd - Esound audio output plugin for VLC
vlc-plugin-ggi - GGI video output plugin for VLC
vlc-plugin-glide - Glide video output plugin for VLC
vlc-plugin-sdl - SDL video and audio output plugin for VLC
vlc-plugin-svgalib - SVGAlib video output plugin for VLC
vlc-qt - Qt frontend for VLC (dummy legacy package)
vlc-sdl - SDL video and audio output plugin for VLC (dummy legacy package)
wxvlc - wxWindows frontend for VLC
Closes: 429726
Changes:
vlc (0.8.1.svn20050314-1sarge3) oldstable-security; urgency=high
.
* modules/codec/theora.c modules/codec/vorbis.c
modules/services_discovery/sap.c:
+ Fix format string vulnerabilities (VideoLAN-SA-0702) (Closes: #429726).
* modules/misc/svg.c:
+ Fix memory leaks that could cause denials of service.
* modules/demux/avi/libavi.c:
+ Fix a buffer overflow.
* modules/codec/flac.c modules/demux/wav.c modules/misc/freetype.c
src/video_output/vout_subpictures.c src/audio_output/dec.c:
+ Fix missing checks that could cause denials of service.
Files:
5902b04c1e1b526a1bc5817e70daa34e 1916 graphics optional
vlc_0.8.1.svn20050314-1sarge3.dsc
0c881ec5261a7c670ab35e2068b3a4b3 3877 graphics optional
vlc_0.8.1.svn20050314-1sarge3.diff.gz
e469192f315a024ef1d5f7ea8fbb17ce 5248706 graphics optional
vlc_0.8.1.svn20050314-1sarge3_i386.deb
fbce776d067f9c7c44479d7613169b23 736546 libdevel optional
libvlc0-dev_0.8.1.svn20050314-1sarge3_i386.deb
f36ad7b97dc9009b1860e6933634d84a 1266 oldlibs optional
gnome-vlc_0.8.1.svn20050314-1sarge3_i386.deb
cedc5bb40e56d3ab2a67775730335885 1270 oldlibs optional
gvlc_0.8.1.svn20050314-1sarge3_i386.deb
46c8c84550748386e1986a81a2cbc053 4666 graphics optional
vlc-plugin-esd_0.8.1.svn20050314-1sarge3_i386.deb
eac10b6ca4426e778c67a9c6d2f9b80a 10476 graphics optional
vlc-plugin-alsa_0.8.1.svn20050314-1sarge3_i386.deb
a215ef7fa994cb7c2c62605e6e993e00 10590 graphics optional
vlc-plugin-sdl_0.8.1.svn20050314-1sarge3_i386.deb
f2a51c5a740904f6033a10e120a86fae 6394 graphics optional
vlc-plugin-ggi_0.8.1.svn20050314-1sarge3_i386.deb
46d191653b8a18d4ce5470180eb09ff9 4670 graphics optional
vlc-plugin-glide_0.8.1.svn20050314-1sarge3_i386.deb
808716d59e2a962c1fe39992178886cc 962 oldlibs optional
qvlc_0.8.1.svn20050314-1sarge3_i386.deb
413d8a7978830fc2393037a4c61a5997 4422 graphics optional
vlc-plugin-arts_0.8.1.svn20050314-1sarge3_i386.deb
22c0dd3f865f8cb6b5033d1eb5fccc55 582404 graphics optional
mozilla-plugin-vlc_0.8.1.svn20050314-1sarge3_i386.deb
4c4ec5557139c28341c8ea7c307fee55 974 oldlibs optional
kvlc_0.8.1.svn20050314-1sarge3_i386.deb
ff9641f1ed96fd04d35dd67987f5560c 4760 graphics optional
vlc-plugin-svgalib_0.8.1.svn20050314-1sarge3_i386.deb
190fe495c41bcb7ccf218c8691d0228a 302670 graphics optional
wxvlc_0.8.1.svn20050314-1sarge3_i386.deb
1d2cfec3d34a277e797f2cbae71bdf82 874 oldlibs optional
vlc-alsa_0.8.1.svn20050314-1sarge3_i386.deb
18a7414979e45f307d69e56c148b6f6e 874 oldlibs optional
vlc-esd_0.8.1.svn20050314-1sarge3_i386.deb
d949314bc1b63b771abbb5d77751c989 876 oldlibs optional
vlc-ggi_0.8.1.svn20050314-1sarge3_i386.deb
12e0f9d1a1e0510c78a43cc23d4f133b 878 oldlibs optional
vlc-glide_0.8.1.svn20050314-1sarge3_i386.deb
d4e1708e97bff2da33e8a5e16486c12b 874 oldlibs optional
vlc-gnome_0.8.1.svn20050314-1sarge3_i386.deb
97338ecea63d9de8d1f6eba834b3921e 866 oldlibs optional
vlc-gtk_0.8.1.svn20050314-1sarge3_i386.deb
62374cc455429e596e6a841a81073cfc 862 oldlibs optional
vlc-qt_0.8.1.svn20050314-1sarge3_i386.deb
ed943da06bea3318189df46fa6a7cb67 880 oldlibs optional
vlc-sdl_0.8.1.svn20050314-1sarge3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFGeb4xfPP1rylJn2ERAuffAJ43nP64EtzOBWYqP8ItX9BCnBwR/gCfcUCw
PKh7l3RsJk/jxVWiqImrJWk=
=4M5T
-----END PGP SIGNATURE-----
--- End Message ---
