Your message dated Sat, 17 Nov 2012 17:43:46 -0500
with message-id
<CANTw=MPROHZSGqnwnCGJy=eazq3dso5bh1mx1cl_medsith...@mail.gmail.com>
and subject line
has caused the Debian Bug report #680665,
regarding vlc: CVE-2012-3377: Ogg demuxer heap buffer overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
680665: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680665
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: vlc
Version: 1.1.3-1squeeze6
Severity: important
Tags: security, fixed-upstream
Heap buffer overflow security vulnerability has been fixed in
http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=16e9e126333fb7acb47d363366fee3deadc8331e
which has not been patched in Debian yet. I checked source code of
1.1.3-1squeeze6. Sorry but I do not know, which situation this issue can lead,
but usually heap overflows should be fixed as soon as possible.
http://cwe.mitre.org/data/definitions/122.html
- Henri Salo
-- System Information:
Debian Release: 6.0.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.4.1 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages vlc depends on:
ii libaa1 1.4p5-38 ascii art library
ii libc6 2.11.3-3 Embedded GNU C Library: Shared lib
ii libfreetype6 2.4.2-2.1+squeeze4 FreeType 2 font engine, shared lib
ii libfribidi0 0.19.2-1 Free Implementation of the Unicode
ii libgcc1 1:4.4.5-8 GCC support library
ii libgl1-mesa-glx [libg 7.7.1-5 A free implementation of the OpenG
ii libqtcore4 4:4.6.3-4+squeeze1 Qt 4 core module
ii libqtgui4 4:4.6.3-4+squeeze1 Qt 4 GUI module
ii libsdl-image1.2 1.2.10-2+b2 image loading library for Simple D
ii libsdl1.2debian 1.2.14-6.1 Simple DirectMedia Layer
ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3
ii libtar 1.2.11-6 C library for manipulating tar arc
ii libvlccore4 1.1.3-1squeeze6 base library for VLC and its modul
ii libx11-6 2:1.3.3-4 X11 client-side library
ii libx11-xcb1 2:1.3.3-4 Xlib/XCB interface library
ii libxcb-keysyms1 0.3.6-1 utility libraries for X C Binding
ii libxcb-randr0 1.6-1 X C Binding, randr extension
ii libxcb-shm0 1.6-1 X C Binding, shm extension
ii libxcb-xv0 1.6-1 X C Binding, xv extension
ii libxcb1 1.6-1 X C Binding
ii libxext6 2:1.1.2-1 X11 miscellaneous extension librar
ii ttf-freefont 20090104-7 Freefont Serif, Sans and Mono True
ii vlc-nox 1.1.3-1squeeze6 multimedia player and streamer (wi
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages vlc recommends:
ii vlc-plugin-notify 1.1.3-1squeeze6 LibNotify plugin for VLC
ii vlc-plugin-pulse 1.1.3-1squeeze6 PulseAudio plugin for VLC
Versions of packages vlc suggests:
pn mozilla-plugin-vlc <none> (no description available)
pn videolan-doc <none> (no description available)
Versions of packages vlc-nox depends on:
ii liba52-0.7.4 0.7.4-14 library for decoding ATSC A/52 str
ii libasound2 1.0.23-2.1 shared library for ALSA applicatio
ii libass4 0.9.9-1 library for SSA/ASS subtitles rend
ii libavahi-client3 0.6.27-2+squeeze1 Avahi client library
ii libavahi-common3 0.6.27-2+squeeze1 Avahi common library
ii libavc1394-0 0.5.3-1+b2 control IEEE 1394 audio/video devi
ii libavcodec52 4:0.5.9-1 ffmpeg codec library
ii libavformat52 4:0.5.9-1 ffmpeg file format library
ii libavutil49 4:0.5.9-1 ffmpeg utility library
ii libc6 2.11.3-3 Embedded GNU C Library: Shared lib
ii libcaca0 0.99.beta17-1 colour ASCII art library
ii libcddb2 1.3.2-2 library to access CDDB data - runt
ii libcdio10 0.81-4 library to read and control CD-ROM
ii libdbus-1-3 1.2.24-4+squeeze1 simple interprocess messaging syst
ii libdc1394-22 2.1.2-3 high level programming interface f
ii libdca0 0.0.5-3 decoding library for DTS Coherent
ii libdirac-encoder0 1.0.2-3 open and royalty free high quality
ii libdvbpsi6 0.1.7-1 library for MPEG TS and DVB PSI ta
ii libdvdnav4 4.1.3-7 DVD navigation library
ii libdvdread4 4.1.3-10 library for reading DVDs
ii libebml0 0.7.7-3.1 access library for the EBML format
ii libfaad2 2.7-6 freeware Advanced Audio Decoder -
ii libflac8 1.2.1-2+b1 Free Lossless Audio Codec - runtim
ii libfontconfig1 2.8.0-2.1 generic font configuration library
ii libfreetype6 2.4.2-2.1+squeeze4 FreeType 2 font engine, shared lib
ii libfribidi0 0.19.2-1 Free Implementation of the Unicode
ii libgcc1 1:4.4.5-8 GCC support library
ii libgcrypt11 1.4.5-2 LGPL Crypto library - runtime libr
ii libgnutls26 2.8.6-1+squeeze2 the GNU TLS library - runtime libr
ii libgpg-error0 1.6-1 library for common error values an
ii libkate1 0.3.7-3 Kate is a codec for karaoke and te
ii liblircclient0 0.8.3-5 infra-red remote control support -
ii liblua5.1-0 5.1.4-5 Simple, extensible, embeddable pro
ii libmad0 0.15.1b-5 MPEG audio decoder library
ii libmatroska0 0.8.1-1.1 extensible open standard audio/vid
ii libmodplug1 1:0.8.8.1-1+squeeze2 shared libraries for mod music bas
ii libmpcdec6 2:0.1~r459-1 MusePack decoder - library
ii libmpeg2-4 0.4.1-3 MPEG1 and MPEG2 video decoder libr
ii libmtp8 1.0.3-1+squeeze1 Media Transfer Protocol (MTP) libr
ii libncursesw5 5.7+20100313-5 shared libraries for terminal hand
ii libogg0 1.2.0~dfsg-1 Ogg bitstream library
ii libpng12-0 1.2.44-1+squeeze4 PNG library - runtime
ii libpostproc51 4:0.5.9-1 ffmpeg video postprocessing librar
ii libproxy0 0.3.1-2 automatic proxy configuration mana
ii libraw1394-11 2.0.5-2 library for direct access to IEEE
ii libschroedinger-1 1.0.9-2 library for encoding/decoding of D
ii libshout3 2.2.2-5+b1 MP3/Ogg Vorbis broadcast streaming
ii libsmbclient 2:3.5.6~dfsg-3squeeze8 shared library for communication w
ii libspeex1 1.2~rc1-1 The Speex codec runtime library
ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3
ii libswscale0 4:0.5.9-1 ffmpeg video scaling library
ii libtag1c2a 1.6.3-1 TagLib Audio Meta-Data Library
ii libtheora0 1.1.1+dfsg.1-3 The Theora Video Compression Codec
ii libtwolame0 0.3.12-1 MPEG Audio Layer 2 encoding librar
ii libudev0 164-3 libudev shared library
ii libupnp3 1:1.6.6-5 Portable SDK for UPnP Devices, ver
ii libv4l-0 0.8.0-1 Collection of video4linux support
ii libvcdinfo0 0.7.23-4+b2 library to extract information fro
ii libvlc5 1.1.3-1squeeze6 multimedia player and streamer lib
ii libvlccore4 1.1.3-1squeeze6 base library for VLC and its modul
ii libvorbis0a 1.3.1-1+squeeze1 The Vorbis General Audio Compressi
ii libvorbisenc2 1.3.1-1+squeeze1 The Vorbis General Audio Compressi
ii libxml2 2.7.8.dfsg-2+squeeze4 GNOME XML library
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages libvlc5 depends on:
ii libc6 2.11.3-3 Embedded GNU C Library: Shared lib
ii libvlccore4 1.1.3-1squeeze6 base library for VLC and its modul
Versions of packages libvlccore4 depends on:
ii libc6 2.11.3-3 Embedded GNU C Library: Shared lib
ii libdbus-1-3 1.2.24-4+squeeze1 simple interprocess messaging syst
ii vlc-data 1.1.3-1squeeze6 Common data for VLC
Versions of packages vlc is related to:
pn libavutil50 <none> (no description available)
pn libavutil51 <none> (no description available)
-- no debconf information
--- End Message ---
--- Begin Message ---
version: 2.0.2-1
Fixed upstream in this version.
--- End Message ---
_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
