[Bug 191488] Re: [mplayer] [DSA-1496-1] several buffer overflows
** Changed in: mplayer (Ubuntu Dapper) Status: In Progress = Fix Committed ** Changed in: mplayer (Ubuntu Edgy) Status: In Progress = Fix Committed ** Changed in: mplayer (Ubuntu Feisty) Status: In Progress = Fix Committed ** Changed in: mplayer (Ubuntu Gutsy) Status: In Progress = Fix Committed -- [mplayer] [DSA-1496-1] several buffer overflows https://bugs.launchpad.net/bugs/191488 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191488] Re: [mplayer] [DSA-1496-1] several buffer overflows
This bug was fixed in the package mplayer - 2:1.0~rc1-0ubuntu9.3 --- mplayer (2:1.0~rc1-0ubuntu9.3) feisty-security; urgency=low * SECURITY UPDATE: buffer overruns in RMMF, CDDB, MOV demuxer, FLAC header parser, and URL parser. (LP: #191488) * stream/librtsp/rtsp_session.c, stream/realrtsp/rmff.c, stream/realrtsp/rmff.h, libmpdemux/demux_audio.c, libmpdemux/demux_mov.c, stream/stream_cddb.c, stream/url.c: Patches from upstream. * References: - CVE-2008-0225 - CVE-2008-0238 - CVE-2008-0485 - CVE-2008-0486 - CVE-2008-0629 - CVE-2008-0630 -- William Grant [EMAIL PROTECTED] Sat, 08 Mar 2008 21:42:49 +1100 -- [mplayer] [DSA-1496-1] several buffer overflows https://bugs.launchpad.net/bugs/191488 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191488] Re: [mplayer] [DSA-1496-1] several buffer overflows
This bug was fixed in the package mplayer - 2:1.0~rc1-0ubuntu13.2 --- mplayer (2:1.0~rc1-0ubuntu13.2) gutsy-security; urgency=low * SECURITY UPDATE: buffer overruns in RMMF, CDDB, MOV demuxer, FLAC header parser, and URL parser. (LP: #191488) * stream/librtsp/rtsp_session.c, stream/realrtsp/rmff.c, stream/realrtsp/rmff.h, libmpdemux/demux_audio.c, libmpdemux/demux_mov.c, stream/stream_cddb.c, stream/url.c: Patches from upstream. * References: - CVE-2008-0225 - CVE-2008-0238 - CVE-2008-0485 - CVE-2008-0486 - CVE-2008-0629 - CVE-2008-0630 -- William Grant [EMAIL PROTECTED] Sat, 08 Mar 2008 21:14:04 +1100 ** Changed in: mplayer (Ubuntu Gutsy) Status: Fix Committed = Fix Released ** Changed in: mplayer (Ubuntu Feisty) Status: Fix Committed = Fix Released -- [mplayer] [DSA-1496-1] several buffer overflows https://bugs.launchpad.net/bugs/191488 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191488] Re: [mplayer] [DSA-1496-1] several buffer overflows
** Changed in: mplayer (Ubuntu Edgy) Status: Fix Committed = Fix Released ** Changed in: mplayer (Ubuntu Dapper) Status: Fix Committed = Fix Released -- [mplayer] [DSA-1496-1] several buffer overflows https://bugs.launchpad.net/bugs/191488 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191488] Re: [mplayer] [DSA-1496-1] several buffer overflows
This bug was fixed in the package mplayer - 2:1.0~rc2-0ubuntu9 --- mplayer (2:1.0~rc2-0ubuntu9) hardy; urgency=low [ Luke Yelavich ] * etc/example.conf: Use pulseaudio by default, and fallback to alsa. [ William Grant ] * SECURITY UPDATE: buffer overruns in CDDB, MOV demuxer, FLAC header parser, and URL parser. (LP: #191488) * libmpdemux/demux_audio.c, libmpdemux/demux_mov.c, stream/stream_cddb.c, stream/url.c: Patches from upstream. * References: - CVE-2008-0485 - CVE-2008-0486 - CVE-2008-0629 - CVE-2008-0630 * debian/rules: Unset CFLAGS, to make it build again. -- William Grant [EMAIL PROTECTED] Mon, 24 Mar 2008 13:55:38 +1100 ** Changed in: mplayer (Ubuntu Hardy) Status: In Progress = Fix Released -- [mplayer] [DSA-1496-1] several buffer overflows https://bugs.launchpad.net/bugs/191488 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191488] Re: [mplayer] [DSA-1496-1] several buffer overflows
Thanks for the debdiffs. Gutsy's mplayer uses dpatch for patch management. Can you update the gutsy debdiff to use dpatch? -- [mplayer] [DSA-1496-1] several buffer overflows https://bugs.launchpad.net/bugs/191488 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191488] Re: [mplayer] [DSA-1496-1] several buffer overflows
It doesn't really use dpatch for it; it uses bzr. Somebody unrelated to the package decided to add dpatch very late in the cycle, without telling anyone, and without bzr, and we're trying to ignore that mistake. bzr + dpatch == silly. -- [mplayer] [DSA-1496-1] several buffer overflows https://bugs.launchpad.net/bugs/191488 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191488] Re: [mplayer] [DSA-1496-1] several buffer overflows
spuk: Are you suggesting that's a fix for those two issues? -- [mplayer] [DSA-1496-1] several buffer overflows https://bugs.launchpad.net/bugs/191488 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191488] Re: [mplayer] [DSA-1496-1] several buffer overflows
** Changed in: mplayer (Ubuntu Feisty) Importance: Undecided = High Assignee: (unassigned) = William Grant (fujitsu) Status: New = In Progress ** Changed in: mplayer (Ubuntu Gutsy) Importance: Undecided = High Assignee: (unassigned) = William Grant (fujitsu) Status: New = In Progress ** Changed in: mplayer (Ubuntu Hardy) Assignee: (unassigned) = William Grant (fujitsu) Status: Confirmed = In Progress -- [mplayer] [DSA-1496-1] several buffer overflows https://bugs.launchpad.net/bugs/191488 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191488] Re: [mplayer] [DSA-1496-1] several buffer overflows
Yes. -- [mplayer] [DSA-1496-1] several buffer overflows https://bugs.launchpad.net/bugs/191488 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191488] Re: [mplayer] [DSA-1496-1] several buffer overflows
** Attachment added: feisty debdiff http://launchpadlibrarian.net/12522852/feisty.diff -- [mplayer] [DSA-1496-1] several buffer overflows https://bugs.launchpad.net/bugs/191488 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191488] Re: [mplayer] [DSA-1496-1] several buffer overflows
** Attachment added: gutsy debdiff http://launchpadlibrarian.net/12522855/gutsy.diff -- [mplayer] [DSA-1496-1] several buffer overflows https://bugs.launchpad.net/bugs/191488 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191488] Re: [mplayer] [DSA-1496-1] several buffer overflows
The patches took a few crowbarrings to fit into Feisty and Gutsy, but they work fine now. Hardy's FTBFS for some unrelated reason. I'm checking the applicability to Dapper and Edgy now. -- [mplayer] [DSA-1496-1] several buffer overflows https://bugs.launchpad.net/bugs/191488 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191488] Re: [mplayer] [DSA-1496-1] several buffer overflows
CVE-2008-0486 doesn't affect dapper, but all of the others do. ** Attachment added: dapper debdiff http://launchpadlibrarian.net/12524325/dapper.diff ** Changed in: mplayer (Ubuntu Dapper) Importance: Undecided = High Assignee: (unassigned) = William Grant (fujitsu) Status: New = In Progress ** Changed in: mplayer (Ubuntu Edgy) Importance: Undecided = High Assignee: (unassigned) = William Grant (fujitsu) Status: New = In Progress -- [mplayer] [DSA-1496-1] several buffer overflows https://bugs.launchpad.net/bugs/191488 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191488] Re: [mplayer] [DSA-1496-1] several buffer overflows
** Attachment added: edgy debdiff http://launchpadlibrarian.net/12524327/edgy.diff -- [mplayer] [DSA-1496-1] several buffer overflows https://bugs.launchpad.net/bugs/191488 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191488] Re: [mplayer] [DSA-1496-1] several buffer overflows
MDVSA-2008:045 (http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:045) also lists the following xine-lib issues, which also affects MPlayer due to code similarity.: CVE-2008-0225 CVE-2008-0238 ** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0225 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-0238 -- [mplayer] [DSA-1496-1] several buffer overflows https://bugs.launchpad.net/bugs/191488 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191488] Re: [mplayer] [DSA-1496-1] several buffer overflows
FYI (re CVE-2008-0225 CVE-2008-0238): svn log -vr 22821 svn://svn.mplayerhq.hu/mplayer/trunk/ -- [mplayer] [DSA-1496-1] several buffer overflows https://bugs.launchpad.net/bugs/191488 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191488] Re: [mplayer] [DSA-1496-1] several buffer overflows
** Changed in: mplayer (Ubuntu) Importance: Undecided = High -- [mplayer] [DSA-1496-1] several buffer overflows https://bugs.launchpad.net/bugs/191488 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191488] Re: [mplayer] [DSA-1496-1] several buffer overflows
CVE 2008-0630 http://www.mplayerhq.hu/MPlayer/patches/ ** Attachment added: url_fix_20080120.diff http://launchpadlibrarian.net/11951737/url_fix_20080120.diff -- [mplayer] [DSA-1496-1] several buffer overflows https://bugs.launchpad.net/bugs/191488 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191488] Re: [mplayer] [DSA-1496-1] several buffer overflows
CVE-2008-0485 http://www.mplayerhq.hu/MPlayer/patches/ ** Attachment added: demux_mov_fix_20080129.diff http://launchpadlibrarian.net/11917882/demux_mov_fix_20080129.diff -- [mplayer] [DSA-1496-1] several buffer overflows https://bugs.launchpad.net/bugs/191488 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191488] Re: [mplayer] [DSA-1496-1] several buffer overflows
** Changed in: mplayer (Ubuntu) Status: New = Confirmed -- [mplayer] [DSA-1496-1] several buffer overflows https://bugs.launchpad.net/bugs/191488 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191488] Re: [mplayer] [DSA-1496-1] several buffer overflows
CVE 2008-0629 http://www.mplayerhq.hu/MPlayer/patches/ ** Attachment added: stream_cddb_fix_20080120.diff http://launchpadlibrarian.net/11951742/stream_cddb_fix_20080120.diff -- [mplayer] [DSA-1496-1] several buffer overflows https://bugs.launchpad.net/bugs/191488 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 191488] Re: [mplayer] [DSA-1496-1] several buffer overflows
CVE 2008-0486 http://www.mplayerhq.hu/MPlayer/patches/ ** Attachment added: demux_audio_fix_20080129.diff http://launchpadlibrarian.net/11951752/demux_audio_fix_20080129.diff -- [mplayer] [DSA-1496-1] several buffer overflows https://bugs.launchpad.net/bugs/191488 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs