vlc_2.0.3-5+deb7u2_amd64.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sun, 01 Feb 2015 11:53:45 +0100 Source: vlc Binary: libvlc-dev libvlc5 libvlccore-dev libvlccore5 vlc vlc-data vlc-dbg vlc-nox vlc-plugin-fluidsynth vlc-plugin-jack vlc-plugin-notify vlc-plugin-pulse vlc-plugin-sdl vlc-plugin-svg vlc-plugin-zvbi Architecture: source amd64 all Version: 2.0.3-5+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Debian Multimedia Maintainers Changed-By: Alessandro Ghedini Description: libvlc-dev - development files for libvlc libvlc5- multimedia player and streamer library libvlccore-dev - development files for libvlccore libvlccore5 - base library for VLC and its modules vlc- multimedia player and streamer vlc-data - Common data for VLC vlc-dbg- debugging symbols for vlc vlc-nox- multimedia player and streamer (without X support) vlc-plugin-fluidsynth - FluidSynth plugin for VLC vlc-plugin-jack - Jack audio plugins for VLC vlc-plugin-notify - LibNotify plugin for VLC vlc-plugin-pulse - PulseAudio plugin for VLC vlc-plugin-sdl - SDL video and audio output plugin for VLC vlc-plugin-svg - SVG plugin for VLC vlc-plugin-zvbi - VBI teletext plugin for VLC Closes: 775866 Changes: vlc (2.0.3-5+deb7u2) wheezy-security; urgency=high . * Fix multiple vulnerabilities (Closes: #775866): - Fix potential buffer overflow in the Dirac and Schroedinger encoders as per CVE-2014-9629 - Fix buffer overflow when parsing string boxes in the MP4 demuxer as per CVE-2014-9626, CVE-2014-9627, CVE-2014-9628 - Fix possible invalid memory access in the RTP code as per CVE-2014-9630 * Set urgency=high accordingly Checksums-Sha1: 3ba10f05dd7f3289261ac85338d5af6aa2ec035b 4853 vlc_2.0.3-5+deb7u2.dsc cf4dc7b22684b01222a7a2e14972fa5b9de14c7b 65013 vlc_2.0.3-5+deb7u2.debian.tar.gz 27d55de2c986d2caf287f0b2122447c50aff432a 59610 libvlc-dev_2.0.3-5+deb7u2_amd64.deb dc3fde0367438dd89449d4745b91241ce07c5db8 39248 libvlc5_2.0.3-5+deb7u2_amd64.deb a0ab20338a7a669d97f25e65871c775fd25e01e4 505462 libvlccore-dev_2.0.3-5+deb7u2_amd64.deb 61a809c6cf362d9e83d6d8f3d2e31975922c555a 357012 libvlccore5_2.0.3-5+deb7u2_amd64.deb c07313774ee7a8e2a0c659a701f8ca7029a10ec7 1051662 vlc_2.0.3-5+deb7u2_amd64.deb 49b0a5fe43f59287e98abf82b789d73a7fba57d3 5120376 vlc-data_2.0.3-5+deb7u2_all.deb 6bc9837ea9cf51bdeb3339b3f455d1c2900551d4 13269808 vlc-dbg_2.0.3-5+deb7u2_amd64.deb 9425fd123a63bd1a450f2f1b1ef6e16050108f0d 2557258 vlc-nox_2.0.3-5+deb7u2_amd64.deb 6f110318bda90749f937607764203a302b93073f 5494 vlc-plugin-fluidsynth_2.0.3-5+deb7u2_amd64.deb 9bba3e9f5187919f6cdc755d6e9b43b9fecb8e05 10508 vlc-plugin-jack_2.0.3-5+deb7u2_amd64.deb b4fb5462c9b51922611491d2f6a600a4bdc99a97 5618 vlc-plugin-notify_2.0.3-5+deb7u2_amd64.deb ad2f0f6fe3ff1a9593fbcb89c2229a0a817da986 16784 vlc-plugin-pulse_2.0.3-5+deb7u2_amd64.deb dbe381e362282ab9b7d9f21d8c2d5e7799c6ee53 8104 vlc-plugin-sdl_2.0.3-5+deb7u2_amd64.deb 298e25ecaca4607a40b121c7b46a6a6790d427c3 6318 vlc-plugin-svg_2.0.3-5+deb7u2_amd64.deb 28f058af8b20d3f1340aadecd1d607217b363a47 8042 vlc-plugin-zvbi_2.0.3-5+deb7u2_amd64.deb Checksums-Sha256: 1121ff16c7fbc14a8e6373da17b0afc9e72688eb430e8f25907334626a8a7140 4853 vlc_2.0.3-5+deb7u2.dsc ca0f806a7e1d9fb3c6547a9373f03322209c69722608d5d2c2e88fadac1744ab 65013 vlc_2.0.3-5+deb7u2.debian.tar.gz b58228987642ac00888d5e4fe2e9c962081c6ed2966a9667d774d6e8fd16 59610 libvlc-dev_2.0.3-5+deb7u2_amd64.deb da5cca6d7ed0cd67ab8fadcde91ddfafa5217a68f8638088a25183bdab11d698 39248 libvlc5_2.0.3-5+deb7u2_amd64.deb 59a14f262f73151e07169f1d3cd231d6f6e7a957cbd79f6d8bf73774f010932f 505462 libvlccore-dev_2.0.3-5+deb7u2_amd64.deb c28f8b895a5d342522be9906acfee80ba9e795aab3c7ef8f00b65e190dc1c415 357012 libvlccore5_2.0.3-5+deb7u2_amd64.deb 3bd56e6e32fe544f9a573c9021400a766c2c4b2fc5b6710a0079300b3997f030 1051662 vlc_2.0.3-5+deb7u2_amd64.deb 679d2a64db56f5e41d5e66f54bad6de2b579e0c566216b2e79380da19556c12c 5120376 vlc-data_2.0.3-5+deb7u2_all.deb e7fb13d69f7ae71607cfad9ae5660e41c1689387ebb51aec203048d41ece3175 13269808 vlc-dbg_2.0.3-5+deb7u2_amd64.deb 55b65ad895467ab78cb8320bb794221e0daed25a265eaac8ef1609099b2bc742 2557258 vlc-nox_2.0.3-5+deb7u2_amd64.deb 6c7a7bcaa5f72f974131b800386a298b47631f46ae62d1d90263018b94e4ce1d 5494 vlc-plugin-fluidsynth_2.0.3-5+deb7u2_amd64.deb 1f5c1b8491c25ea58de3fa732ddd694772506192fbace36d6ee81212d4516491 10508 vlc-plugin-jack_2.0.3-5+deb7u2_amd64.deb 6727fc897a3f8c7070e89697de46754e8802439e9e26e39ef3d146d712ecf9af 5618 vlc-plugin-notify_2.0.3-5+deb7u2_amd64.deb c34c309ff61c30680976e9c255276995ec17b5cb0086da4f18f8eb061657bca4 16784 vlc-plugin-pulse_2.0.3-5+deb7u2_amd64.deb 3bdd895910a82a414c3e1d5f3b594216f4f5cd5ac8aa49501a20d79681ce61cc 8104 vlc-plugin-sdl_2.0.3-5+deb7u2_amd64.deb 9b7b4ecf4fdfd2ecd7621be57cba60dc90c4445cf44b71360853f97e3e2b4990 6318 vlc-plugin-svg_2.0.3-5+deb7u2_amd64.deb 7a76e86bc5ec17a5cd4dc695b2bcb10d4bcd58
Bug#775866: marked as done (vlc: multiple vulnerabilities)
Your message dated Thu, 05 Feb 2015 19:33:01 + with message-id and subject line Bug#775866: fixed in vlc 2.0.3-5+deb7u2 has caused the Debian Bug report #775866, regarding vlc: multiple vulnerabilities to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 775866: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775866 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: vlc Version: 2.1.5-1 Severity: grave Tags: security Justification: user security hole Hi, multiple vulnerabilities were reported against vlc 2.1.5. The complete mail is at http://seclists.org/oss-sec/2015/q1/187 but at least the following vulnerabilities are fixed in vlc master branch: * Buffer overflow in updater: https://github.com/videolan/vlc/commit/fbe2837bc80f155c001781041a54c58b5524fc14 * Buffer overflow in mp4 demuxer: https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39 * Potential buffer overflow in Schroedinger Encoder https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5 * Invalid memory access in rtp code: https://github.com/videolan/vlc/commit/204291467724867b79735c0ee3aeb0dbc2200f97 * Null-pointer dereference in dmo codec: https://github.com/videolan/vlc/commit/229c385a79d48e41687fae8b4dfeaeef9c8c3eb7 And there are unfixed ones: * The potential buffer overflow in the Dirac Encoder was not fixed as the Dirac encoder no longer exists in the master branch. * The potential invalid writes in modules/services_discovery/sap.c and modules/access/ftp.c were not fixed as I did not provide a trigger. Note, that the code looks very similar to the confirmed bug in rtp_packetize_xiph_config, and so I leave it to you to decide whether you want to patch this. CVEs should follow soon. Also, I guess Wheezy and Jessie are affected too, so a DSA might be needed. Regards, -- Yves-Alexis -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (450, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) --- End Message --- --- Begin Message --- Source: vlc Source-Version: 2.0.3-5+deb7u2 We believe that the bug you reported is fixed in the latest version of vlc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 775...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Alessandro Ghedini (supplier of updated vlc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sun, 01 Feb 2015 11:53:45 +0100 Source: vlc Binary: libvlc-dev libvlc5 libvlccore-dev libvlccore5 vlc vlc-data vlc-dbg vlc-nox vlc-plugin-fluidsynth vlc-plugin-jack vlc-plugin-notify vlc-plugin-pulse vlc-plugin-sdl vlc-plugin-svg vlc-plugin-zvbi Architecture: source amd64 all Version: 2.0.3-5+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Debian Multimedia Maintainers Changed-By: Alessandro Ghedini Description: libvlc-dev - development files for libvlc libvlc5- multimedia player and streamer library libvlccore-dev - development files for libvlccore libvlccore5 - base library for VLC and its modules vlc- multimedia player and streamer vlc-data - Common data for VLC vlc-dbg- debugging symbols for vlc vlc-nox- multimedia player and streamer (without X support) vlc-plugin-fluidsynth - FluidSynth plugin for VLC vlc-plugin-jack - Jack audio plugins for VLC vlc-plugin-notify - LibNotify plugin for VLC vlc-plugin-pulse - PulseAudio plugin for VLC vlc-plugin-sdl - SDL video and audio output plugin for VLC vlc-plugin-svg - SVG plugin for VLC vlc-plugin-zvbi - VBI teletext plugin for VLC Closes: 775866 Changes: vlc (2.0.3-5+deb7u2) wheezy-security; urgency=high . * Fix multiple vulnerabilities (Closes: #775866): - Fix potential buffer overflow in the Dirac and Schroedinger encoders as per CVE-2014-9629 - Fix buffer overflow when parsing string boxes in
Bug#738453: Hyvää päivää,
Hyvää päivää, Tämä viesti on peräisin asiakaspalveluun yritys. Tämä on ilmoittaa teille, että annamme lainaa korolla 2% tässä kuussa sekä vanhoja ja uusia asiakkaita ja meidän etumme tässä kuussa lainaa on erittäin edullinen ja meidän laina prosessi on hyvin nopea. Sillä kaikki kiinnostuneet yritykset, rahoituslaitokset ja yksityishenkilöille, ota yhteyttä takaisin tänään alla olevaan saamiseksi lainaa. Lainan määrä: Laina Kesto: Puhelin: Maa: Ystävällisin terveisin Pääjohtaja / toimitusjohtaja Asiakaspalvelu ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
