subject:"Bug#692130\: marked as done \(vlc\: CVE\-2012\-5470\)"

Bug#692130: marked as done (vlc: CVE-2012-5470)

2012-12-06 Thread Debian Bug Tracking System

Your message dated Thu, 06 Dec 2012 21:48:48 +
with message-id e1tgjji-0002ft...@franck.debian.org
and subject line Bug#692130: fixed in vlc 2.0.3-4
has caused the Debian Bug report #692130,
regarding vlc: CVE-2012-5470
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
692130: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692130
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: vlc
Severity: grave
Tags: security
Justification: user security hole

Please see http://openwall.com/lists/oss-security/2012/10/24/3

Cheers,
Moritz
---End Message---
---BeginMessage---
Source: vlc
Source-Version: 2.0.3-4

We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 692...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Benjamin Drung bdr...@debian.org (supplier of updated vlc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 06 Dec 2012 21:55:05 +0100
Source: vlc
Binary: libvlc-dev libvlc5 libvlccore-dev libvlccore5 vlc vlc-data vlc-dbg 
vlc-nox vlc-plugin-fluidsynth vlc-plugin-jack vlc-plugin-notify 
vlc-plugin-pulse vlc-plugin-sdl vlc-plugin-svg vlc-plugin-zvbi
Architecture: source amd64 all
Version: 2.0.3-4
Distribution: testing
Urgency: low
Maintainer: Debian Multimedia Maintainers 
pkg-multimedia-maintain...@lists.alioth.debian.org
Changed-By: Benjamin Drung bdr...@debian.org
Description: 
 libvlc-dev - development files for libvlc
 libvlc5- multimedia player and streamer library
 libvlccore-dev - development files for libvlccore
 libvlccore5 - base library for VLC and its modules
 vlc- multimedia player and streamer
 vlc-data   - Common data for VLC
 vlc-dbg- debugging symbols for vlc
 vlc-nox- multimedia player and streamer (without X support)
 vlc-plugin-fluidsynth - FluidSynth plugin for VLC
 vlc-plugin-jack - Jack audio plugins for VLC
 vlc-plugin-notify - LibNotify plugin for VLC
 vlc-plugin-pulse - PulseAudio plugin for VLC
 vlc-plugin-sdl - SDL video and audio output plugin for VLC
 vlc-plugin-svg - SVG plugin for VLC
 vlc-plugin-zvbi - VBI teletext plugin for VLC
Closes: 692130
Changes: 
 vlc (2.0.3-4) testing; urgency=low
 .
   * SECURITY UPDATE: denial of service via crafted PNG file (Closes: #692130)
 - CVE-2012-5470
Checksums-Sha1: 
 a244bafc51c83a51f8f2cab50087990d7fe4b3e5 4844 vlc_2.0.3-4.dsc
 fb092d2a54844ccecff8effa8abf8fd926948cc0 58849 vlc_2.0.3-4.debian.tar.gz
 5b53f723c9f76da98eda8eed14b11ca83a311669 59484 libvlc-dev_2.0.3-4_amd64.deb
 7df718dd42fc7392fceb1f055243534c489b0c04 39264 libvlc5_2.0.3-4_amd64.deb
 5fa2043ad30a41aa6f5a61e4d2ae77bbcaf00d99 504596 
libvlccore-dev_2.0.3-4_amd64.deb
 e18a6da841c8550b1090ea7e28879f0e3165b0c8 356468 libvlccore5_2.0.3-4_amd64.deb
 d98adbd171a998187105d9a5ee9dc5f5ff024163 1050612 vlc_2.0.3-4_amd64.deb
 2ca4d89968e5bb5d2e3cc4a4a89230c86ac72eff 5104920 vlc-data_2.0.3-4_all.deb
 de77495eebf061822c070823dc93fdca9985696a 13273302 vlc-dbg_2.0.3-4_amd64.deb
 d2642ebb50503d92b0bfabdb28eb74a541b714b9 2550258 vlc-nox_2.0.3-4_amd64.deb
 3cfdb6aa01b1f941de5a77c49bafb4f7ae47692f 5468 
vlc-plugin-fluidsynth_2.0.3-4_amd64.deb
 f2cde8430e69c45163199ed940473413cd1a5d1c 10476 
vlc-plugin-jack_2.0.3-4_amd64.deb
 b7fd73efcaa5887aee4ba21efcdf2473ac76e792 5608 
vlc-plugin-notify_2.0.3-4_amd64.deb
 47a414a7e5a9c2d5baced95ae7200274dceac7a3 16680 
vlc-plugin-pulse_2.0.3-4_amd64.deb
 94f45d6e8c831f2b06b0e515fd4205030893 8088 vlc-plugin-sdl_2.0.3-4_amd64.deb
 9d915cf99fea70f70a08859bdca2fc0a83f2cd04 6292 vlc-plugin-svg_2.0.3-4_amd64.deb
 ff0a037c59ab6ac6dfcd10de91f1db4fcfe9cea3 8018 vlc-plugin-zvbi_2.0.3-4_amd64.deb
Checksums-Sha256: 
 e3dac665dfde3fd679958de066146fc360ece159f6c7707c2fab07081fc4b5ce 4844 
vlc_2.0.3-4.dsc
 f4102cc7ab5560fa147e61b5c62c1030d8ded7ec27c752c83793a0ab6d08c46d 58849 
vlc_2.0.3-4.debian.tar.gz
 cab38b1a8e916d31118afc579940b31199e1a9f68d29094b34908f6755f0465e 59484 
libvlc-dev_2.0.3-4_amd64.deb
 9c6dad68c48f8461b2a94bd01d6810e816e572c67a79371df3e531450dfbd87c 39264 
libvlc5_2.0.3-4_amd64.deb

Bug#692130: marked as done (vlc: CVE-2012-5470)

2012-11-12 Thread Debian Bug Tracking System

Your message dated Mon, 12 Nov 2012 23:43:25 +0100
with message-id 1352760205.15650.14.camel@deep-thought
and subject line Re: Bug#692130: vlc: CVE-2012-5470
has caused the Debian Bug report #692130,
regarding vlc: CVE-2012-5470
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
692130: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692130
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: vlc
Severity: grave
Tags: security
Justification: user security hole

Please see http://openwall.com/lists/oss-security/2012/10/24/3

Cheers,
Moritz
---End Message---
---BeginMessage---
Version: 2.0.4-1

Am Freitag, den 02.11.2012, 15:16 +0100 schrieb Moritz Muehlenhoff:
 Package: vlc
 Severity: grave
 Tags: security
 Justification: user security hole
 
 Please see http://openwall.com/lists/oss-security/2012/10/24/3

I downloaded the crafted png file from [1]. vlc 2.0.3-3 from testing
crashed when I opened the file. vlc 2.0.4-1 from unstable does not crash
when opening this crafted file, but prints an error on the terminal:

$ vlc crafted.png 
VLC media player 2.0.4 Twoflower (revision 2.0.3-289-g6e6100a)
libpng error: not enough data
[0x7f0c64c01e38] png image decoder error: not enough data
libpng error: not enough data
[0x7f0c64c01ab8] image demux error: Failed to load the image

[1] http://www.exploit-db.com/exploits/21889/

-- 
Benjamin Drung
Debian  Ubuntu Developer---End Message---

Bug#692130: marked as done (vlc: CVE-2012-5470)

Bug#692130: marked as done (vlc: CVE-2012-5470)

2 matches

Site Navigation

Mail list logo

Footer information