[Bug 277110] Re: [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file
** Changed in: faad2 (Ubuntu Intrepid) Status: In Progress = Fix Released -- [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file https://bugs.launchpad.net/bugs/277110 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 277110] Re: [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file
** Changed in: faad2 (Ubuntu Dapper) Status: Fix Committed = Fix Released -- [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file https://bugs.launchpad.net/bugs/277110 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 277110] Re: [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file
Thanks for your patch! The dapper and feisty versions had to be adjusted according to https://wiki.ubuntu.com/SecurityUpdateProcedures (Ubuntu 6.06 and 7.04 have the same version). -- [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file https://bugs.launchpad.net/bugs/277110 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 277110] Re: [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file
** Changed in: faad2 (Ubuntu Dapper) Status: In Progress = Fix Committed ** Changed in: faad2 (Ubuntu Feisty) Status: In Progress = Fix Committed ** Changed in: faad2 (Ubuntu Gutsy) Status: In Progress = Fix Committed ** Changed in: faad2 (Ubuntu Hardy) Status: In Progress = Fix Committed -- [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file https://bugs.launchpad.net/bugs/277110 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 277110] Re: [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file
This bug was fixed in the package faad2 - 2.6.1-2ubuntu0.1 --- faad2 (2.6.1-2ubuntu0.1) hardy-security; urgency=low * SECURITY UPDATE: Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 before 2.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file. (Closes LP: #277110) * 12_heap_overflow.dpatch - Patch supplied by upstream to address vulnerability. * References http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4201 http://www.audiocoding.com/patch/main_overflow.diff CVE-2008-4201 -- Stefan Lesicnik [EMAIL PROTECTED] Thu, 02 Oct 2008 16:26:26 +0200 ** Changed in: faad2 (Ubuntu Hardy) Status: Fix Committed = Fix Released ** Changed in: faad2 (Ubuntu Gutsy) Status: Fix Committed = Fix Released -- [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file https://bugs.launchpad.net/bugs/277110 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 277110] Re: [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file
This bug was fixed in the package faad2 - 2.0.0+cvs20040908+mp4v2+bmp- 0ubuntu5.1 --- faad2 (2.0.0+cvs20040908+mp4v2+bmp-0ubuntu5.1) gutsy-security; urgency=low * SECURITY UPDATE: Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 before 2.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file. (Closes LP: #277110) * 11_CVE-2008-4201.diff - Patch supplied by upstream modified slightly to patch cleanly and address vulnerability. * References http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4201 http://www.audiocoding.com/patch/main_overflow.diff CVE-2008-4201 -- Stefan Lesicnik [EMAIL PROTECTED] Fri, 03 Oct 2008 10:46:07 +0200 ** Changed in: faad2 (Ubuntu Feisty) Status: Fix Committed = Fix Released -- [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file https://bugs.launchpad.net/bugs/277110 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 277110] Re: [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file
This bug was fixed in the package faad2 - 2.0.0+cvs20040908+mp4v2+bmp- 0ubuntu3.7.04.1 --- faad2 (2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1) feisty-security; urgency=low * SECURITY UPDATE: Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 before 2.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file. (Closes LP: #277110) * 11_CVE-2008-4201.diff - Patch supplied by upstream modified slightly to patch cleanly and address vulnerability. * References http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4201 http://www.audiocoding.com/patch/main_overflow.diff CVE-2008-4201 -- Stefan Lesicnik [EMAIL PROTECTED] Fri, 03 Oct 2008 10:55:41 +0200 -- [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file https://bugs.launchpad.net/bugs/277110 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 277110] Re: [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file
** Changed in: faad2 (Ubuntu Intrepid) Assignee: (unassigned) = William Grant (wgrant) Status: New = In Progress -- [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file https://bugs.launchpad.net/bugs/277110 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 277110] Re: [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file
Debdiff to patch Gutsy. ** Attachment added: debdiff-gutsy http://launchpadlibrarian.net/18157305/debdiff-gutsy -- [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file https://bugs.launchpad.net/bugs/277110 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 277110] Re: [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file
Debdiff to patch Feisty ** Attachment added: debdiff-feisty http://launchpadlibrarian.net/18157342/debdiff-feisty -- [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file https://bugs.launchpad.net/bugs/277110 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 277110] Re: [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file
Debdiff to patch Dapper ** Attachment added: debdiff-dapper http://launchpadlibrarian.net/18157362/debdiff-dapper -- [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file https://bugs.launchpad.net/bugs/277110 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 277110] Re: [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file
** Changed in: faad2 (Ubuntu Hardy) Assignee: (unassigned) = Stefan Lesicnik (stefanlsd) Status: New = In Progress ** Changed in: faad2 (Ubuntu Gutsy) Assignee: (unassigned) = Stefan Lesicnik (stefanlsd) Status: New = In Progress ** Changed in: faad2 (Ubuntu Feisty) Assignee: (unassigned) = Stefan Lesicnik (stefanlsd) Status: New = In Progress ** Changed in: faad2 (Ubuntu Dapper) Assignee: (unassigned) = Stefan Lesicnik (stefanlsd) Status: New = In Progress -- [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file https://bugs.launchpad.net/bugs/277110 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 277110] Re: [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file
After being in contact with upstream, I received a non-public exploit. This exploit was run against Intrepid, Hardy, Gutsy, Feisty and Dapper and caused the application to segfault. [12013.368559] faad[9750]: segfault at 9758000 ip 0804bed3 sp bfba6d50 error 4 in faad[8048000+6000] After applying the fix, the same exploit was run and the application exited successfully without segfaulting. This is a minor patch, created by upstream, and no regressions or functionality problems were detected. -- [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file https://bugs.launchpad.net/bugs/277110 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 277110] Re: [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file
Intrepid sync request has been requested. https://bugs.edge.launchpad.net/ubuntu/+source/faad2/+bug/275311 Thanks William. ** Visibility changed to: Public -- [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file https://bugs.launchpad.net/bugs/277110 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 277110] Re: [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file
Debdiff to patch Hardy. ** Attachment added: debdiff-hardy http://launchpadlibrarian.net/18139645/debdiff-hardy -- [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file https://bugs.launchpad.net/bugs/277110 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs