Package: xine-ui
Version: 0.99.3-1.3
Severity: grave
Tags: security patch sid etch
Several format string vulnerabilities have been discovered in xine-ui,
the user interface of the xine video player, which may cause a denial
of service.
This bug report refers to DSA 1093.
Regards,
Joey
--
All language designers are arrogant. Goes with the territory...
-- Larry Wall
Please always Cc to me when replying to me on the lists.
diff -u xine-ui-0.99.3/debian/changelog xine-ui-0.99.3/debian/changelog
--- xine-ui-0.99.3/debian/changelog
+++ xine-ui-0.99.3/debian/changelog
@@ -1,3 +1,12 @@
+xine-ui (0.99.3-1sarge1) stable-security; urgency=high
+
+ * Non-maintainer upload by the Security Team
+ * Corrected call to report() and printf() to fix format string
+ vulnerabilities [src/xitk/main.c, src/xitk/xine-toolkit/xitk.c,
+ CVE-2006-2230]
+
+ -- Martin Schulze <[EMAIL PROTECTED]> Wed, 17 May 2006 20:44:37 +0200
+
xine-ui (0.99.3-1) unstable; urgency=high
* new upstream release(s)
only in patch2:
unchanged:
--- xine-ui-0.99.3.orig/src/xitk/xine-toolkit/xitk.c
+++ xine-ui-0.99.3/src/xitk/xine-toolkit/xitk.c
@@ -1852,7 +1852,7 @@
sprintf(buffer, "%s%s", buffer, " ]-");
if(verbosity)
- printf(buffer);
+ printf("%s", buffer);
gXitk->wm_type = xitk_check_wm(display);
only in patch2:
unchanged:
--- xine-ui-0.99.3.orig/src/xitk/main.c
+++ xine-ui-0.99.3/src/xitk/main.c
@@ -453,7 +453,7 @@
int len;
char *blanks = " ";
- printf(title);
+ printf("%s", title);
sprintf(buffer, "%s", blanks);
plugin = *plugins++;
@@ -466,7 +466,7 @@
sprintf(buffer, "%s%s%s", buffer, (strlen(buffer) == strlen(blanks)) ?
"" : ", ", plugin);
}
else {
- printf(buffer);
+ printf("%s", buffer);
printf(",\n");
snprintf(buffer, sizeof(buffer), "%s%s", blanks, plugin);
}
@@ -475,7 +475,7 @@
}
if(strlen(buffer))
- printf(buffer);
+ printf("%s", buffer);
printf(".\n\n");
}
@@ -1194,7 +1194,7 @@
}
if(strlen(buffer))
- report(buffer);
+ report("%s", buffer);
}
break;
