Your message dated Tue, 25 May 2010 18:47:39 +0000
with message-id <e1ogzab-0002zb...@ries.debian.org>
and subject line Bug#524805: fixed in mplayer 2:1.0~rc3+svn20100502-3
has caused the Debian Bug report #524805,
regarding mplayer: CVE-2009-0385 integer signedness error
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
524805: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524805
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
package: mplayer
severity: important
tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published for mplayer.
CVE-2009-0385[0]:
| Integer signedness error in the fourxm_read_header function in
| libavformat/4xm.c in FFmpeg before revision 16846 allows remote
| attackers to execute arbitrary code via a malformed 4X movie file with
| a large current_track value, which triggers a NULL pointer
| dereference.
See fedora security announcement for more details [1].
Please coordinate with the security team to prepare updated packages
for the stable releases.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0385
http://security-tracker.debian.net/tracker/CVE-2009-0385
[1] http://lwn.net/Articles/328039/
--- End Message ---
--- Begin Message ---
Source: mplayer
Source-Version: 2:1.0~rc3+svn20100502-3
We believe that the bug you reported is fixed in the latest version of
mplayer, which is due to be installed in the Debian FTP archive:
mplayer-dbg_1.0~rc3+svn20100502-3_i386.deb
to main/m/mplayer/mplayer-dbg_1.0~rc3+svn20100502-3_i386.deb
mplayer-doc_1.0~rc3+svn20100502-3_all.deb
to main/m/mplayer/mplayer-doc_1.0~rc3+svn20100502-3_all.deb
mplayer_1.0~rc3+svn20100502-3.diff.gz
to main/m/mplayer/mplayer_1.0~rc3+svn20100502-3.diff.gz
mplayer_1.0~rc3+svn20100502-3.dsc
to main/m/mplayer/mplayer_1.0~rc3+svn20100502-3.dsc
mplayer_1.0~rc3+svn20100502-3_i386.deb
to main/m/mplayer/mplayer_1.0~rc3+svn20100502-3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 524...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Reinhard Tartler <siret...@tauware.de> (supplier of updated mplayer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 25 May 2010 20:18:08 +0200
Source: mplayer
Binary: mplayer mplayer-dbg mplayer-doc
Architecture: source i386 all
Version: 2:1.0~rc3+svn20100502-3
Distribution: unstable
Urgency: low
Maintainer: Debian multimedia packages maintainers
<pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Reinhard Tartler <siret...@tauware.de>
Description:
mplayer - movie player for Unix-like systems
mplayer-dbg - debugging symbols for MPlayer
mplayer-doc - documentation for MPlayer
Closes: 524805 558196 580113 581225 581245 582369 582784
Changes:
mplayer (2:1.0~rc3+svn20100502-3) medium; urgency=low
.
* Fix rtsp vulnerability. Patch applied by DSA. Closes: #581245
* Fix another integer overflow, Closes: #524805
* prepare new upload
* sync libao2/ao_pulse.c with svn r30062, Closes: #558196, #580113
* make configure use pkg-config for fribidi checks. Closes: #582784,
LP: #556200
* document 23mplayer-debug-printf.patch
* avoid mentioning of GTK frontend in mplayer description
* improve package descriptions of mplayer-doc and mplayer-dbg
* medium urgency because of fixed security issue
* fix SVN_VERION regex in debian rules to unbreak get-orig-source
target. Closes: #582369
* forcefully disable arts support. Closes: #581225
Checksums-Sha1:
d597fec01c2029713a1064b06b82f9a3c20d703d 2634 mplayer_1.0~rc3+svn20100502-3.dsc
f530e68a4f8ccb4073f0dac40b02026d6c935b27 75258
mplayer_1.0~rc3+svn20100502-3.diff.gz
59c924894d69a82b7a484702da8d8cfb27c8a16c 3002870
mplayer_1.0~rc3+svn20100502-3_i386.deb
f9aca82ff3ccada259a3bb44afff2c7b8fd3b77f 2396236
mplayer-dbg_1.0~rc3+svn20100502-3_i386.deb
8c83e5169da127eab9e010f454c330886d98fc93 2326650
mplayer-doc_1.0~rc3+svn20100502-3_all.deb
Checksums-Sha256:
da8d7c18f57015fd05effbf8a76f5dad274079214a9f01566e44b788d0ef7e20 2634
mplayer_1.0~rc3+svn20100502-3.dsc
2b8258558f6d2802d166f540de403c42f9b77910f55f334117e74071c5ae811d 75258
mplayer_1.0~rc3+svn20100502-3.diff.gz
dd4d75337c71761848b8c84ace0e2dd0d651fd46a58ef9624bfdc644984ce69c 3002870
mplayer_1.0~rc3+svn20100502-3_i386.deb
474f36de31cc03abb56b11d72ad453cefd38d80ad8ee9d1c5fb713dae4989173 2396236
mplayer-dbg_1.0~rc3+svn20100502-3_i386.deb
bccc7cc3f8346191d1fb8331c902b4cf7d3dd5cf611ce87d6c466768a94dd82c 2326650
mplayer-doc_1.0~rc3+svn20100502-3_all.deb
Files:
7066cea91c24930d5eda436afa00a4db 2634 video optional
mplayer_1.0~rc3+svn20100502-3.dsc
392f1f19dc8092113ecfc2eedd10cd25 75258 video optional
mplayer_1.0~rc3+svn20100502-3.diff.gz
90c6c24b220c6a87b6d7b4cc82927c75 3002870 video optional
mplayer_1.0~rc3+svn20100502-3_i386.deb
4b7d6053ee2a6ff189c04346e8ed8692 2396236 debug extra
mplayer-dbg_1.0~rc3+svn20100502-3_i386.deb
4e399fb6092f26a99087bd320d544cd3 2326650 doc optional
mplayer-doc_1.0~rc3+svn20100502-3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Debian Powered!
iJwEAQECAAYFAkv8F2oACgkQ78RAoABp8o9j/gQArMZHQLLP3pxZ3SFNN4g/jJc7
d5fDid1OgkvhRVv+lukBvK/X0p0GZjPc/YS8y5EqRtums7Gk0k50QRaeJfoBw8LN
jVK0QH19y6gVMmx7McBqixPFskmKd+1VqevpXkuY02DNjHN4mANKHW3w6flVw6EO
A0v9MraxVfCmGRPpDmM=
=EWlO
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
