Bug#881133: poc from reporter
Attaching reproducer file from reporter. 881133-poc Description: Binary data ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#881133: status
Has this issue been reported to upstream? -- Henri Salo ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#778529: lame: fill_buffer_resample segmentation fault
On Wed, Feb 18, 2015 at 12:11:35PM +0100, Fabian Greffrath wrote: Phew, got it. Thank you for your comprehensive analysis. I have verified that the patch fixes this issue. Should I report this to upstream bug tracker or does package maintainer handle that? Bug tracker in sourceforge.net does not seem to be very active. -- Henri Salo ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#770918: patches
Attached patches from upstream, which apply to 1.2.1-6. DSA should be created.
---
Henri Salo
--- src/libFLAC/stream_decoder.c.orig 2014-11-25 13:41:50.280032892 +0200
+++ src/libFLAC/stream_decoder.c 2014-11-25 13:48:39.697566936 +0200
@@ -94,7 +94,7 @@
*
***/
-static FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
+static const FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
/***
*
@@ -1386,6 +1386,10 @@
id = 0;
continue;
}
+
+ if(id = 3)
+ return false;
+
if(x == ID3V2_TAG_[id]) {
id++;
i = 0;
--- src/libFLAC/stream_decoder.c.orig 2014-11-25 13:41:50.280032892 +0200
+++ src/libFLAC/stream_decoder.c 2014-11-25 13:46:21.862277460 +0200
@@ -2726,7 +2726,8 @@
if(decoder-private_-frame.header.blocksize predictor_order) {
send_error_to_client_(decoder, FLAC__STREAM_DECODER_ERROR_STATUS_LOST_SYNC);
decoder-protected_-state = FLAC__STREAM_DECODER_SEARCH_FOR_FRAME_SYNC;
- return true;
+ /* We have received a potentially malicious bt stream. All we can do is error out to avoid a heap overflow. */
+ return false;
}
}
else {
signature.asc
Description: Digital signature
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#756565: CVE
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Have you requested CVE already? If you want I can verify this issue and create the request. - --- Henri Salo -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlQOzeYACgkQXf6hBi6kbk8dlgCdFm+h5UIJ80dqKfB0oojjiQBq OCEAoJkfLRSS8t9AOTYcN2oATzqMQFwF =Tynm -END PGP SIGNATURE- ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#425775: update
Do you still have this issue with version 2.2.2-1? --- Henri Salo signature.asc Description: Digital signature ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#743033: vlc: CVE-2014-1684: crafted ASF file handling integer divide-by-zero DoS
Package: vlc Version: 2.1.2-2 Severity: important Tags: security, fixed-upstream Patch available: http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git;a=commitdiff;h=98787d0843612271e99d62bee0dfd8197f0cf404 --- Henri Salo signature.asc Description: Digital signature ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
CVE-2013-1868
Hello, Could you check if Debian packages of VLC are affected of CVE-2013-1868, thank you. References: https://security-tracker.debian.org/tracker/CVE-2013-1868 http://www.openwall.com/lists/oss-security/2013/03/17/1 http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=9b0414dc7f5c18ff2951175cf076779c444efd70 http://www.videolan.org/security/sa1301.html I can submit bug if needed. At least I can't find that file, which was changed. --- Henri Salo signature.asc Description: Digital signature ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: CVE-2013-1868
VLC 2.0.3-5 from testing is (probably) affected and VLC 2.0.5-1 from unstable is not affected. Could you submit this information to security tracker after you have verified it? http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=9b0414dc7f5c18ff2951175cf076779c444efd70 This git commit is not the correct commit. Removed from security tracker. Do you know what is the correct commitdiff? I would appreciate a bug report with an attached and tested patch. I can submit a bug to BTS, but I don't have knowledge/skills to test this issue and currently no time to create patch for it. This is the reason I contacted you via email. Please note that the commitdiff-link was in the CVE-request in oss-security mailing list. I also prefer not to report the bug with unclear details. --- Henri Salo signature.asc Description: Digital signature ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: CVE-2013-1868
On Wed, Mar 20, 2013 at 09:54:30PM +0100, Benjamin Drung wrote: Is there test case / file that triggers this bug? I don't have any. You can request such from upstream if you want or I can do it. --- Henri Salo signature.asc Description: Digital signature ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#680665: CVE-2012-3377: Ogg demuxer heap buffer overflow
Package: vlc Version: 1.1.3-1squeeze6 Severity: important Tags: security, fixed-upstream Heap buffer overflow security vulnerability has been fixed in http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=16e9e126333fb7acb47d363366fee3deadc8331e which has not been patched in Debian yet. I checked source code of 1.1.3-1squeeze6. Sorry but I do not know, which situation this issue can lead, but usually heap overflows should be fixed as soon as possible. http://cwe.mitre.org/data/definitions/122.html - Henri Salo -- System Information: Debian Release: 6.0.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.4.1 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages vlc depends on: ii libaa11.4p5-38 ascii art library ii libc6 2.11.3-3 Embedded GNU C Library: Shared lib ii libfreetype6 2.4.2-2.1+squeeze4 FreeType 2 font engine, shared lib ii libfribidi0 0.19.2-1 Free Implementation of the Unicode ii libgcc1 1:4.4.5-8 GCC support library ii libgl1-mesa-glx [libg 7.7.1-5A free implementation of the OpenG ii libqtcore44:4.6.3-4+squeeze1 Qt 4 core module ii libqtgui4 4:4.6.3-4+squeeze1 Qt 4 GUI module ii libsdl-image1.2 1.2.10-2+b2image loading library for Simple D ii libsdl1.2debian 1.2.14-6.1 Simple DirectMedia Layer ii libstdc++64.4.5-8The GNU Standard C++ Library v3 ii libtar1.2.11-6 C library for manipulating tar arc ii libvlccore4 1.1.3-1squeeze6base library for VLC and its modul ii libx11-6 2:1.3.3-4 X11 client-side library ii libx11-xcb1 2:1.3.3-4 Xlib/XCB interface library ii libxcb-keysyms1 0.3.6-1utility libraries for X C Binding ii libxcb-randr0 1.6-1 X C Binding, randr extension ii libxcb-shm0 1.6-1 X C Binding, shm extension ii libxcb-xv01.6-1 X C Binding, xv extension ii libxcb1 1.6-1 X C Binding ii libxext6 2:1.1.2-1 X11 miscellaneous extension librar ii ttf-freefont 20090104-7 Freefont Serif, Sans and Mono True ii vlc-nox 1.1.3-1squeeze6multimedia player and streamer (wi ii zlib1g1:1.2.3.4.dfsg-3 compression library - runtime Versions of packages vlc recommends: ii vlc-plugin-notify1.1.3-1squeeze6 LibNotify plugin for VLC ii vlc-plugin-pulse 1.1.3-1squeeze6 PulseAudio plugin for VLC Versions of packages vlc suggests: pn mozilla-plugin-vlcnone (no description available) pn videolan-doc none (no description available) Versions of packages vlc-nox depends on: ii liba52-0.7.4 0.7.4-14 library for decoding ATSC A/52 str ii libasound21.0.23-2.1 shared library for ALSA applicatio ii libass4 0.9.9-1library for SSA/ASS subtitles rend ii libavahi-client3 0.6.27-2+squeeze1 Avahi client library ii libavahi-common3 0.6.27-2+squeeze1 Avahi common library ii libavc1394-0 0.5.3-1+b2 control IEEE 1394 audio/video devi ii libavcodec52 4:0.5.9-1 ffmpeg codec library ii libavformat52 4:0.5.9-1 ffmpeg file format library ii libavutil49 4:0.5.9-1 ffmpeg utility library ii libc6 2.11.3-3 Embedded GNU C Library: Shared lib ii libcaca0 0.99.beta17-1 colour ASCII art library ii libcddb2 1.3.2-2library to access CDDB data - runt ii libcdio10 0.81-4 library to read and control CD-ROM ii libdbus-1-3 1.2.24-4+squeeze1 simple interprocess messaging syst ii libdc1394-22 2.1.2-3high level programming interface f ii libdca0 0.0.5-3decoding library for DTS Coherent ii libdirac-encoder0 1.0.2-3open and royalty free high quality ii libdvbpsi60.1.7-1library for MPEG TS and DVB PSI ta ii libdvdnav44.1.3-7DVD navigation library ii libdvdread4 4.1.3-10 library for reading DVDs ii libebml0 0.7.7-3.1 access library for the EBML format ii libfaad2 2.7-6 freeware Advanced Audio Decoder - ii libflac8 1.2.1-2+b1 Free Lossless Audio Codec - runtim ii libfontconfig12.8.0-2.1 generic font configuration library ii libfreetype6 2.4.2-2.1+squeeze4 FreeType 2 font engine, shared lib ii libfribidi0
Bug#680665: More information
http://securitytracker.com/id/1027224 says: A remote user can create a specially crafted file that, when loaded by the target user, will trigger a heap overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#616156: vlc: VLC bookmark buffer overflow
I don't see this one as closed. Messages got to the list in wrong order: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616156#19 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616156#24 PoC still crashes VLC/X-environment for me. I can't open new windows and I can't close some windows at all. Even kill -9 did not do anything. Could someone verify this? PoC-file: http://www.zeroscience.mk/codes/aimp2_evil.mp3 Best regards, Henri Salo ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#616156: vlc: VLC bookmark buffer overflow
Well I tried this against 1.1.3-1squeeze3 and I am not able to reproduce in 1.1.3-1squeeze5. The exploit file is in: http://www.zeroscience.mk/codes/aimp2_evil.mp3 (OSVDB ID: 62728). We can close this case. Thank you for noticing this. Best regards, Henri Salo ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
