Your message dated Sun, 2 Nov 2008 13:18:58 +0100
with message-id <[EMAIL PROTECTED]>
and subject line closing
has caused the Debian Bug report #467652,
regarding vlc: CVE-2008-0984 arbitrary code execution via crafted mp4 file
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
467652: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=467652
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: vlc
Version: 0.8.6.c-6
Severity: grave
Tags: security
Justification: user security hole
"VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer)
suffers from an arbitrary memory overwrite vulnerability when using
specially crafted (invalid) MP4 input files.
If successful, a malicious third party could trigger execution of
arbitrary code within the context of the VLC media player, or otherwise
crash the player instance.
Exploitation of the MP4 demuxer problem requires the user to explicitly
open a specially crafted file."
See also http://www.videolan.org/security/sa0802.html
This also affects Etch.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.24.2 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages vlc depends on:
ii libaa1 1.4p5-34 ascii art library
ii libatk1.0-0 1.20.0-1 The ATK accessibility toolkit
ii libc6 2.7-8 GNU C Library: Shared libraries
ii libcaca0 0.99.beta13b-4 colour ASCII art library
ii libcairo2 1.4.14-1 The Cairo 2D vector graphics libra
ii libcdio7 0.78.2+dfsg1-2 library to read and control CD-ROM
ii libcucul0 0.99.beta13b-4 low-level Unicode character drawin
ii libdbus-1-3 1.1.4-1 simple interprocess messaging syst
ii libdbus-glib-1-2 0.74-1 simple interprocess messaging syst
ii libfreetype6 2.3.5-1+b1 FreeType 2 font engine, shared lib
ii libfribidi0 0.10.9-1 Free Implementation of the Unicode
ii libgcc1 1:4.3-20080219-1 GCC support library
ii libgl1-mesa-glx [libgl 7.0.3~rc2-1 A free implementation of the OpenG
ii libglib2.0-0 2.14.6-1 The GLib library of C routines
ii libglu1-mesa [libglu1] 7.0.3~rc2-1 The OpenGL utility library (GLU)
ii libgtk2.0-0 2.12.8-1 The GTK+ graphical user interface
ii libice6 2:1.0.4-1 X11 Inter-Client Exchange library
ii libiso9660-5 0.78.2+dfsg1-2 library to work with ISO9660 files
ii libjpeg62 6b-14 The Independent JPEG Group's JPEG
ii libnotify1 [libnotify1 0.4.4-3 sends desktop notifications to a n
ii libpango1.0-0 1.18.4-1 Layout and rendering of internatio
ii libpng12-0 1.2.15~beta5-3 PNG library - runtime
ii libsdl-image1.2 1.2.6-3 image loading library for Simple D
ii libsdl1.2debian 1.2.13-2 Simple DirectMedia Layer
ii libsm6 2:1.0.3-1+b1 X11 Session Management library
ii libstdc++6 4.3-20080219-1 The GNU Standard C++ Library v3
ii libtar 1.2.11-4 C library for manipulating tar arc
ii libtiff4 3.8.2-7 Tag Image File Format (TIFF) libra
ii libvcdinfo0 0.7.23-4 library to extract information fro
ii libvlc0 0.8.6.c-6 multimedia player and streamer lib
ii libwxbase2.6-0 2.6.3.2.2-2 wxBase library (runtime) - non-GUI
ii libwxgtk2.6-0 2.6.3.2.2-2 wxWidgets Cross-platform C++ GUI t
ii libx11-6 2:1.0.3-7 X11 client-side library
ii libxext6 1:1.0.3-2 X11 miscellaneous extension librar
ii libxinerama1 1:1.0.2-1 X11 Xinerama extension library
ii libxosd2 2.2.14-1.5 X On-Screen Display library - runt
ii libxv1 1:1.0.3-1 X11 Video extension library
ii ttf-dejavu-core 2.23-1 Vera font family derivate with add
ii vlc-nox 0.8.6.c-6 multimedia player and streamer (wi
ii zlib1g 1:1.2.3.3.dfsg-11 compression library - runtime
vlc recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 0.8.6.e-1
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpxupmiuDtzj.pgp
Description: PGP signature
--- End Message ---