Package: vlc; Maintainer for vlc is Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>; Source for vlc is src:vlc (PTS, buildd, popcon).
Reported by: Rémi Denis-Courmont <rdenis@simphalempin.com>
Date: Tue, 19 Jun 2007 18:54:02 UTC
Severity: grave
Tags: fixed-upstream, security
Found in version vlc/0.8.6.a.debian-6
Fixed in versions vlc/0.8.6.c-1, vlc/0.8.6-svn20061012.debian-5etch4, vlc/0.8.1.svn20050314-1sarge3
Done: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
Bug is archived. No further changes may be made.
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded to debian-bugs-dist@lists.debian.org, Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>:
Bug#429726; Package vlc.
(full text, mbox, link).
Acknowledgement sent to Rémi Denis-Courmont <rdenis@simphalempin.com>:
New Bug report received and forwarded. Copy sent to Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: vlc Version: 0.8.6.a.debian-6 Severity: grave Tags: security, fixed-upstream Justification: user security hole VLC versions in old-stable, stable and unstable are affectd by multiple remotely triggerable format string vulnerabilities, addressed in upstream release 0.8.6c. http://www.videolan.org/sa0702.html Sorry for the inconvenience, -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.21-1-686 (SMP w/1 CPU core) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages vlc depends on: ii libaa1 1.4p5-32 ascii art library ii libatk1.0-0 1.18.0-2 The ATK accessibility toolkit ii libc6 2.5-11 GNU C Library: Shared libraries ii libcaca0 0.99.beta11.debian-3 colour ASCII art library ii libcairo2 1.4.6-1.1 The Cairo 2D vector graphics libra ii libcdio6 0.76-1 library to read and control CD-ROM ii libcucul0 0.99.beta11.debian-3 low-level Unicode character drawin ii libdbus-1-3 1.1.0-1 simple interprocess messaging syst ii libdbus-glib-1-2 0.73-2 simple interprocess messaging syst ii libfontconfig1 2.4.2-1.2 generic font configuration library ii libfreetype6 2.2.1-6 FreeType 2 font engine, shared lib ii libfribidi0 0.10.7-4 Free Implementation of the Unicode ii libgcc1 1:4.2-20070609-1 GCC support library ii libgl1-mesa-glx [li 6.5.2-5 A free implementation of the OpenG ii libglib2.0-0 2.12.12-1 The GLib library of C routines ii libglu1-mesa [libgl 6.5.2-5 The OpenGL utility library (GLU) ii libgtk2.0-0 2.10.13-1 The GTK+ graphical user interface ii libice6 1:1.0.3-2 X11 Inter-Client Exchange library ii libiso9660-4 0.76-1 library to work with ISO9660 files ii libjpeg62 6b-13 The Independent JPEG Group's JPEG ii libnotify1 0.4.4-3 sends desktop notifications to a n ii libpango1.0-0 1.16.4-1 Layout and rendering of internatio ii libpng12-0 1.2.15~beta5-2 PNG library - runtime ii libsdl-image1.2 1.2.5-3 image loading library for Simple D ii libsdl1.2debian 1.2.11-9 Simple DirectMedia Layer ii libsm6 2:1.0.3-1 X11 Session Management library ii libstdc++6 4.2-20070609-1 The GNU Standard C++ Library v3 ii libtar 1.2.11-4 C library for manipulating tar arc ii libtiff4 3.8.2-7 Tag Image File Format (TIFF) libra ii libvcdinfo0 0.7.23-3 library to extract information fro ii libvlc0 0.8.6.a.debian-6 multimedia player and streamer lib ii libwxbase2.6-0 2.6.3.2.1.5 wxBase library (runtime) - non-GUI ii libwxgtk2.6-0 2.6.3.2.1.5 wxWidgets Cross-platform C++ GUI t ii libx11-6 2:1.0.3-7 X11 client-side library ii libxcursor1 1:1.1.8-2 X cursor management library ii libxext6 1:1.0.3-2 X11 miscellaneous extension librar ii libxfixes3 1:4.0.3-2 X11 miscellaneous 'fixes' extensio ii libxi6 1:1.0.1-4 X11 Input extension library ii libxinerama1 1:1.0.2-1 X11 Xinerama extension library ii libxosd2 2.2.14-1.3 X On-Screen Display library - runt ii libxrandr2 2:1.2.1-1 X11 RandR extension library ii libxrender1 1:0.9.2-1 X Rendering Extension client libra ii libxv1 1:1.0.3-1 X11 Video extension library ii libxxf86vm1 1:1.0.1-2 X11 XFree86 video mode extension l ii ttf-dejavu 2.17-2 Vera font family derivate with add ii vlc-nox 0.8.6.a.debian-6 multimedia player and streamer (wi ii zlib1g 1:1.2.3-15 compression library - runtime Versions of packages vlc recommends: pn videolan-doc <none> (no description available) -- no debconf information -- Rémi Denis-Courmont http://www.remlab.net/
[signature.asc (application/pgp-signature, inline)]
Reply sent to Sam Hocevar (Debian packages) <sam+deb@zoy.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Rémi Denis-Courmont <rdenis@simphalempin.com>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #10 received at 429726-close@bugs.debian.org (full text, mbox, reply):
Source: vlc Source-Version: 0.8.6.c-1 We believe that the bug you reported is fixed in the latest version of vlc, which is due to be installed in the Debian FTP archive: libvlc0-dev_0.8.6.c-1_i386.deb to pool/main/v/vlc/libvlc0-dev_0.8.6.c-1_i386.deb libvlc0_0.8.6.c-1_i386.deb to pool/main/v/vlc/libvlc0_0.8.6.c-1_i386.deb mozilla-plugin-vlc_0.8.6.c-1_i386.deb to pool/main/v/vlc/mozilla-plugin-vlc_0.8.6.c-1_i386.deb vlc-nox_0.8.6.c-1_i386.deb to pool/main/v/vlc/vlc-nox_0.8.6.c-1_i386.deb vlc-plugin-alsa_0.8.6.c-1_all.deb to pool/main/v/vlc/vlc-plugin-alsa_0.8.6.c-1_all.deb vlc-plugin-arts_0.8.6.c-1_i386.deb to pool/main/v/vlc/vlc-plugin-arts_0.8.6.c-1_i386.deb vlc-plugin-esd_0.8.6.c-1_i386.deb to pool/main/v/vlc/vlc-plugin-esd_0.8.6.c-1_i386.deb vlc-plugin-ggi_0.8.6.c-1_i386.deb to pool/main/v/vlc/vlc-plugin-ggi_0.8.6.c-1_i386.deb vlc-plugin-glide_0.8.6.c-1_i386.deb to pool/main/v/vlc/vlc-plugin-glide_0.8.6.c-1_i386.deb vlc-plugin-sdl_0.8.6.c-1_i386.deb to pool/main/v/vlc/vlc-plugin-sdl_0.8.6.c-1_i386.deb vlc-plugin-svgalib_0.8.6.c-1_i386.deb to pool/main/v/vlc/vlc-plugin-svgalib_0.8.6.c-1_i386.deb vlc_0.8.6.c-1.diff.gz to pool/main/v/vlc/vlc_0.8.6.c-1.diff.gz vlc_0.8.6.c-1.dsc to pool/main/v/vlc/vlc_0.8.6.c-1.dsc vlc_0.8.6.c-1_i386.deb to pool/main/v/vlc/vlc_0.8.6.c-1_i386.deb vlc_0.8.6.c.orig.tar.gz to pool/main/v/vlc/vlc_0.8.6.c.orig.tar.gz wxvlc_0.8.6.c-1_all.deb to pool/main/v/vlc/wxvlc_0.8.6.c-1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 429726@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sam Hocevar (Debian packages) <sam+deb@zoy.org> (supplier of updated vlc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 26 Jun 2007 01:41:02 +0200 Source: vlc Binary: wxvlc vlc-plugin-sdl vlc-plugin-ggi vlc-plugin-alsa vlc-plugin-glide vlc-plugin-esd mozilla-plugin-vlc vlc libvlc0 vlc-plugin-arts vlc-nox vlc-plugin-svgalib libvlc0-dev Architecture: source i386 all Version: 0.8.6.c-1 Distribution: unstable Urgency: high Maintainer: Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org> Changed-By: Sam Hocevar (Debian packages) <sam+deb@zoy.org> Description: libvlc0 - multimedia player and streamer library libvlc0-dev - development files for VLC mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC vlc - multimedia player and streamer vlc-nox - multimedia player and streamer (without X support) vlc-plugin-alsa - dummy transitional package vlc-plugin-arts - aRts audio output plugin for VLC vlc-plugin-esd - Esound audio output plugin for VLC vlc-plugin-ggi - GGI video output plugin for VLC vlc-plugin-glide - Glide video output plugin for VLC vlc-plugin-sdl - SDL video and audio output plugin for VLC vlc-plugin-svgalib - SVGAlib video output plugin for VLC wxvlc - dummy transitional package Closes: 405035 407290 417750 424915 426673 429726 Changes: vlc (0.8.6.c-1) unstable; urgency=high . [ Fathi Boudra, Christophe Mutricy ] . * New upstream release (Closes: #424915): + multiple format string vulnerabilities (VideoLAN-SA-0207). (Closes: #429726) + media player unspecified Denial Of Service vulnerability (CVE-2007-0256). (Closes: #407290) + missing includes to fix FTBFS with GCC 4.3.0. (Closes: #417750) + fullscreen opens a normal window instead of going fullscreen on amd64. (Closes: #405035) + fix building with libflac8. (Closes: #426673) + The following patches are no longer necessary: 105_audio_format_crash.diff 106_xshm_check.diff 107_gcc-4.3.diff 108_flac-1.1.3.diff . * Install libtelx_plugin.so in vlc-nox package. Files: 5fe4f3a8b85e84d7f5e1c5c035be3364 2706 graphics optional vlc_0.8.6.c-1.dsc e0644b2981e21fcda77f3563376750b9 16457106 graphics optional vlc_0.8.6.c.orig.tar.gz e5ba7d726ad8ab1336c223fa713e412d 33221 graphics optional vlc_0.8.6.c-1.diff.gz 68f9b1c64dd62815d8c72b839223fc0c 774 graphics optional vlc-plugin-alsa_0.8.6.c-1_all.deb 56a76cbdaf5db870c181e1b90003da07 770 graphics optional wxvlc_0.8.6.c-1_all.deb 3af0a5a74753aa17d7fe1e7501b520e9 1143084 graphics optional vlc_0.8.6.c-1_i386.deb c27dc1d1d16000676d89cd19ccab5d5d 4664768 net optional vlc-nox_0.8.6.c-1_i386.deb 278034a61532f2dc6ff47f8e9ace38c6 460956 libs optional libvlc0_0.8.6.c-1_i386.deb 28d4458c01ed90129227f71c28e8b8db 509376 libdevel optional libvlc0-dev_0.8.6.c-1_i386.deb e15a8474063fcb3135e31e3060bf4c10 4714 graphics optional vlc-plugin-esd_0.8.6.c-1_i386.deb 02719b9afc1678d773c56da8ac648dff 10486 graphics optional vlc-plugin-sdl_0.8.6.c-1_i386.deb 8269ecfebef7130f54f6f7a6ea939021 5722 graphics optional vlc-plugin-ggi_0.8.6.c-1_i386.deb 33a391fda65ce74d367f0bac337b9c08 4020 graphics optional vlc-plugin-glide_0.8.6.c-1_i386.deb 0c22b7fb918eac0cf1fbb234e8625d14 3998 graphics optional vlc-plugin-arts_0.8.6.c-1_i386.deb fc3ff7ebfe43e5d604c02cdaa5386aaa 36382 graphics optional mozilla-plugin-vlc_0.8.6.c-1_i386.deb a19cb4d7cb1bdeefad22a26f0e081c5d 4424 graphics optional vlc-plugin-svgalib_0.8.6.c-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGgF00fPP1rylJn2ERAlXfAJ9gO34bheNgN6pfx+q/hMonP73GwQCaAyH1 az8Ry2C0uplpl+nC9ukhAdU= =nj3J -----END PGP SIGNATURE-----
Reply sent to Sam Hocevar (Debian packages) <sam+deb@zoy.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Rémi Denis-Courmont <rdenis@simphalempin.com>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #15 received at 429726-close@bugs.debian.org (full text, mbox, reply):
Source: vlc Source-Version: 0.8.6-svn20061012.debian-5etch4 We believe that the bug you reported is fixed in the latest version of vlc, which is due to be installed in the Debian FTP archive: libvlc0-dev_0.8.6-svn20061012.debian-5etch4_i386.deb to pool/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5etch4_i386.deb libvlc0_0.8.6-svn20061012.debian-5etch4_i386.deb to pool/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5etch4_i386.deb mozilla-plugin-vlc_0.8.6-svn20061012.debian-5etch4_i386.deb to pool/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5etch4_i386.deb vlc-nox_0.8.6-svn20061012.debian-5etch4_i386.deb to pool/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5etch4_i386.deb vlc-plugin-alsa_0.8.6-svn20061012.debian-5etch4_all.deb to pool/main/v/vlc/vlc-plugin-alsa_0.8.6-svn20061012.debian-5etch4_all.deb vlc-plugin-arts_0.8.6-svn20061012.debian-5etch4_i386.deb to pool/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5etch4_i386.deb vlc-plugin-esd_0.8.6-svn20061012.debian-5etch4_i386.deb to pool/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5etch4_i386.deb vlc-plugin-ggi_0.8.6-svn20061012.debian-5etch4_i386.deb to pool/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5etch4_i386.deb vlc-plugin-glide_0.8.6-svn20061012.debian-5etch4_i386.deb to pool/main/v/vlc/vlc-plugin-glide_0.8.6-svn20061012.debian-5etch4_i386.deb vlc-plugin-sdl_0.8.6-svn20061012.debian-5etch4_i386.deb to pool/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5etch4_i386.deb vlc-plugin-svgalib_0.8.6-svn20061012.debian-5etch4_i386.deb to pool/main/v/vlc/vlc-plugin-svgalib_0.8.6-svn20061012.debian-5etch4_i386.deb vlc_0.8.6-svn20061012.debian-5etch4.diff.gz to pool/main/v/vlc/vlc_0.8.6-svn20061012.debian-5etch4.diff.gz vlc_0.8.6-svn20061012.debian-5etch4.dsc to pool/main/v/vlc/vlc_0.8.6-svn20061012.debian-5etch4.dsc vlc_0.8.6-svn20061012.debian-5etch4_i386.deb to pool/main/v/vlc/vlc_0.8.6-svn20061012.debian-5etch4_i386.deb wxvlc_0.8.6-svn20061012.debian-5etch4_all.deb to pool/main/v/vlc/wxvlc_0.8.6-svn20061012.debian-5etch4_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 429726@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sam Hocevar (Debian packages) <sam+deb@zoy.org> (supplier of updated vlc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 20 Jun 2007 20:53:40 +0200 Source: vlc Binary: wxvlc vlc-plugin-sdl vlc-plugin-ggi vlc-plugin-alsa vlc-plugin-glide vlc-plugin-esd mozilla-plugin-vlc vlc libvlc0 vlc-plugin-arts vlc-nox vlc-plugin-svgalib libvlc0-dev Architecture: source i386 all Version: 0.8.6-svn20061012.debian-5etch4 Distribution: stable-security Urgency: high Maintainer: Sam Hocevar (Debian packages) <sam+deb@zoy.org> Changed-By: Sam Hocevar (Debian packages) <sam+deb@zoy.org> Description: libvlc0 - multimedia player and streamer library libvlc0-dev - development files for VLC mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC vlc - multimedia player and streamer vlc-nox - multimedia player and streamer (without X support) vlc-plugin-alsa - dummy transitional package vlc-plugin-arts - aRts audio output plugin for VLC vlc-plugin-esd - Esound audio output plugin for VLC vlc-plugin-ggi - GGI video output plugin for VLC vlc-plugin-glide - Glide video output plugin for VLC vlc-plugin-sdl - SDL video and audio output plugin for VLC vlc-plugin-svgalib - SVGAlib video output plugin for VLC wxvlc - dummy transitional package Closes: 429726 Changes: vlc (0.8.6-svn20061012.debian-5etch4) stable-security; urgency=high . * patch-formatstring-0.8.6debian-0.8.6c.diff: + Fix format string vulnerabilities (VideoLAN-SA-0702) (Closes: #429726). * patch-overflows-0.8.6debian-0.8.6c.diff: + Fix integer and buffer overflows. * patch-memleak-0.8.6debian-0.8.6c.diff: * patch-missingchecks-0.8.6debian-0.8.6c.diff: * patch-uninitialised-0.8.6debian-0.8.6c.diff: + Fix memory leaks, missing checks and uninitialised variables that can lead to denials of service. Files: a78b0e31b43f1d6519485222254c8591 2608 graphics optional vlc_0.8.6-svn20061012.debian-5etch4.dsc 30c18a2fdc4105606033ff6e6aeab81c 15168393 graphics optional vlc_0.8.6-svn20061012.debian.orig.tar.gz d3465014c27a536eb1e0e055e381e378 2376828 graphics optional vlc_0.8.6-svn20061012.debian-5etch4.diff.gz 0100725dbe353382fae899953a44bd90 782 graphics optional vlc-plugin-alsa_0.8.6-svn20061012.debian-5etch4_all.deb 5e3b682a006ae7aab3a2c762e7c3f5e5 774 graphics optional wxvlc_0.8.6-svn20061012.debian-5etch4_all.deb 3ea8114ac3cef6a979c0444afad72331 1137646 graphics optional vlc_0.8.6-svn20061012.debian-5etch4_i386.deb 325759b017bc105ebc8121d4f51f77f5 4628428 net optional vlc-nox_0.8.6-svn20061012.debian-5etch4_i386.deb a480bbcf93fd8b5661cf103326d447b5 957680 libs optional libvlc0_0.8.6-svn20061012.debian-5etch4_i386.deb 953afed452ce74818b60fe123e6b39cc 20192 libdevel optional libvlc0-dev_0.8.6-svn20061012.debian-5etch4_i386.deb eee461e1a79b5b509dd0e3fe8d87d358 4816 graphics optional vlc-plugin-esd_0.8.6-svn20061012.debian-5etch4_i386.deb 9f2d3b61e96095f5ea07d7541b281149 10712 graphics optional vlc-plugin-sdl_0.8.6-svn20061012.debian-5etch4_i386.deb 9e9b6a49d9c311ac9062752744df9953 5838 graphics optional vlc-plugin-ggi_0.8.6-svn20061012.debian-5etch4_i386.deb 2806e46188b5d3a86996b66adac01d19 4134 graphics optional vlc-plugin-glide_0.8.6-svn20061012.debian-5etch4_i386.deb 847a4204b2a8e03e9ffb495ddbe09f74 4104 graphics optional vlc-plugin-arts_0.8.6-svn20061012.debian-5etch4_i386.deb 72db66b31b1105b5e30ccbfb11be1293 36182 graphics optional mozilla-plugin-vlc_0.8.6-svn20061012.debian-5etch4_i386.deb 044d220ad46949a671788d2ef6112cdc 4532 graphics optional vlc-plugin-svgalib_0.8.6-svn20061012.debian-5etch4_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGevX7Xm3vHE4uyloRAivcAJ4vxpCxSbZGdH45u7iSRH6bY5HpXACgh0j3 Lm7FgiFdmw6EwSDaJO+JsRw= =fjxE -----END PGP SIGNATURE-----
Reply sent to Sam Hocevar (Debian packages) <sam+deb@zoy.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Rémi Denis-Courmont <rdenis@simphalempin.com>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #20 received at 429726-close@bugs.debian.org (full text, mbox, reply):
Source: vlc Source-Version: 0.8.1.svn20050314-1sarge3 We believe that the bug you reported is fixed in the latest version of vlc, which is due to be installed in the Debian FTP archive: gnome-vlc_0.8.1.svn20050314-1sarge3_i386.deb to pool/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge3_i386.deb gvlc_0.8.1.svn20050314-1sarge3_i386.deb to pool/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge3_i386.deb kvlc_0.8.1.svn20050314-1sarge3_i386.deb to pool/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge3_i386.deb libvlc0-dev_0.8.1.svn20050314-1sarge3_i386.deb to pool/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge3_i386.deb mozilla-plugin-vlc_0.8.1.svn20050314-1sarge3_i386.deb to pool/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge3_i386.deb qvlc_0.8.1.svn20050314-1sarge3_i386.deb to pool/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge3_i386.deb vlc-alsa_0.8.1.svn20050314-1sarge3_i386.deb to pool/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge3_i386.deb vlc-esd_0.8.1.svn20050314-1sarge3_i386.deb to pool/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge3_i386.deb vlc-ggi_0.8.1.svn20050314-1sarge3_i386.deb to pool/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge3_i386.deb vlc-glide_0.8.1.svn20050314-1sarge3_i386.deb to pool/main/v/vlc/vlc-glide_0.8.1.svn20050314-1sarge3_i386.deb vlc-gnome_0.8.1.svn20050314-1sarge3_i386.deb to pool/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge3_i386.deb vlc-gtk_0.8.1.svn20050314-1sarge3_i386.deb to pool/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge3_i386.deb vlc-plugin-alsa_0.8.1.svn20050314-1sarge3_i386.deb to pool/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge3_i386.deb vlc-plugin-arts_0.8.1.svn20050314-1sarge3_i386.deb to pool/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge3_i386.deb vlc-plugin-esd_0.8.1.svn20050314-1sarge3_i386.deb to pool/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge3_i386.deb vlc-plugin-ggi_0.8.1.svn20050314-1sarge3_i386.deb to pool/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge3_i386.deb vlc-plugin-glide_0.8.1.svn20050314-1sarge3_i386.deb to pool/main/v/vlc/vlc-plugin-glide_0.8.1.svn20050314-1sarge3_i386.deb vlc-plugin-sdl_0.8.1.svn20050314-1sarge3_i386.deb to pool/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge3_i386.deb vlc-plugin-svgalib_0.8.1.svn20050314-1sarge3_i386.deb to pool/main/v/vlc/vlc-plugin-svgalib_0.8.1.svn20050314-1sarge3_i386.deb vlc-qt_0.8.1.svn20050314-1sarge3_i386.deb to pool/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge3_i386.deb vlc-sdl_0.8.1.svn20050314-1sarge3_i386.deb to pool/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge3_i386.deb vlc_0.8.1.svn20050314-1sarge3.diff.gz to pool/main/v/vlc/vlc_0.8.1.svn20050314-1sarge3.diff.gz vlc_0.8.1.svn20050314-1sarge3.dsc to pool/main/v/vlc/vlc_0.8.1.svn20050314-1sarge3.dsc vlc_0.8.1.svn20050314-1sarge3_i386.deb to pool/main/v/vlc/vlc_0.8.1.svn20050314-1sarge3_i386.deb wxvlc_0.8.1.svn20050314-1sarge3_i386.deb to pool/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge3_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 429726@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sam Hocevar (Debian packages) <sam+deb@zoy.org> (supplier of updated vlc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 20 Jun 2007 22:08:33 +0000 Source: vlc Binary: vlc-esd wxvlc vlc-plugin-sdl kvlc gvlc vlc-plugin-alsa gnome-vlc vlc-qt vlc-ggi mozilla-plugin-vlc vlc vlc-gnome vlc-gtk vlc-sdl vlc-alsa vlc-plugin-svgalib vlc-glide vlc-plugin-ggi qvlc vlc-plugin-esd vlc-plugin-glide vlc-plugin-arts libvlc0-dev Architecture: source i386 Version: 0.8.1.svn20050314-1sarge3 Distribution: oldstable-security Urgency: high Maintainer: Sam Hocevar (Debian packages) <sam+deb@zoy.org> Changed-By: Sam Hocevar (Debian packages) <sam+deb@zoy.org> Description: gnome-vlc - GNOME frontend for VLC (dummy legacy package) gvlc - GTK+ frontend for VLC (dummy legacy package) kvlc - KDE frontend for VLC (dummy legacy package) libvlc0-dev - development files for VLC mozilla-plugin-vlc - multimedia plugin for Mozilla based on VLC qvlc - Qt frontend for VLC (dummy legacy package) vlc - multimedia player for all audio and video formats vlc-alsa - ALSA audio output plugin for VLC (dummy legacy package) vlc-esd - Esound audio output plugin for VLC (dummy legacy package) vlc-ggi - GGI video output plugin for VLC (dummy legacy package) vlc-glide - Glide video output plugin for VLC (dummy legacy package) vlc-gnome - GNOME frontend for VLC (dummy legacy package) vlc-gtk - GTK+ frontend for VLC (dummy legacy package) vlc-plugin-alsa - ALSA audio output plugin for VLC vlc-plugin-arts - aRts audio output plugin for VLC vlc-plugin-esd - Esound audio output plugin for VLC vlc-plugin-ggi - GGI video output plugin for VLC vlc-plugin-glide - Glide video output plugin for VLC vlc-plugin-sdl - SDL video and audio output plugin for VLC vlc-plugin-svgalib - SVGAlib video output plugin for VLC vlc-qt - Qt frontend for VLC (dummy legacy package) vlc-sdl - SDL video and audio output plugin for VLC (dummy legacy package) wxvlc - wxWindows frontend for VLC Closes: 429726 Changes: vlc (0.8.1.svn20050314-1sarge3) oldstable-security; urgency=high . * modules/codec/theora.c modules/codec/vorbis.c modules/services_discovery/sap.c: + Fix format string vulnerabilities (VideoLAN-SA-0702) (Closes: #429726). * modules/misc/svg.c: + Fix memory leaks that could cause denials of service. * modules/demux/avi/libavi.c: + Fix a buffer overflow. * modules/codec/flac.c modules/demux/wav.c modules/misc/freetype.c src/video_output/vout_subpictures.c src/audio_output/dec.c: + Fix missing checks that could cause denials of service. Files: 5902b04c1e1b526a1bc5817e70daa34e 1916 graphics optional vlc_0.8.1.svn20050314-1sarge3.dsc 0c881ec5261a7c670ab35e2068b3a4b3 3877 graphics optional vlc_0.8.1.svn20050314-1sarge3.diff.gz e469192f315a024ef1d5f7ea8fbb17ce 5248706 graphics optional vlc_0.8.1.svn20050314-1sarge3_i386.deb fbce776d067f9c7c44479d7613169b23 736546 libdevel optional libvlc0-dev_0.8.1.svn20050314-1sarge3_i386.deb f36ad7b97dc9009b1860e6933634d84a 1266 oldlibs optional gnome-vlc_0.8.1.svn20050314-1sarge3_i386.deb cedc5bb40e56d3ab2a67775730335885 1270 oldlibs optional gvlc_0.8.1.svn20050314-1sarge3_i386.deb 46c8c84550748386e1986a81a2cbc053 4666 graphics optional vlc-plugin-esd_0.8.1.svn20050314-1sarge3_i386.deb eac10b6ca4426e778c67a9c6d2f9b80a 10476 graphics optional vlc-plugin-alsa_0.8.1.svn20050314-1sarge3_i386.deb a215ef7fa994cb7c2c62605e6e993e00 10590 graphics optional vlc-plugin-sdl_0.8.1.svn20050314-1sarge3_i386.deb f2a51c5a740904f6033a10e120a86fae 6394 graphics optional vlc-plugin-ggi_0.8.1.svn20050314-1sarge3_i386.deb 46d191653b8a18d4ce5470180eb09ff9 4670 graphics optional vlc-plugin-glide_0.8.1.svn20050314-1sarge3_i386.deb 808716d59e2a962c1fe39992178886cc 962 oldlibs optional qvlc_0.8.1.svn20050314-1sarge3_i386.deb 413d8a7978830fc2393037a4c61a5997 4422 graphics optional vlc-plugin-arts_0.8.1.svn20050314-1sarge3_i386.deb 22c0dd3f865f8cb6b5033d1eb5fccc55 582404 graphics optional mozilla-plugin-vlc_0.8.1.svn20050314-1sarge3_i386.deb 4c4ec5557139c28341c8ea7c307fee55 974 oldlibs optional kvlc_0.8.1.svn20050314-1sarge3_i386.deb ff9641f1ed96fd04d35dd67987f5560c 4760 graphics optional vlc-plugin-svgalib_0.8.1.svn20050314-1sarge3_i386.deb 190fe495c41bcb7ccf218c8691d0228a 302670 graphics optional wxvlc_0.8.1.svn20050314-1sarge3_i386.deb 1d2cfec3d34a277e797f2cbae71bdf82 874 oldlibs optional vlc-alsa_0.8.1.svn20050314-1sarge3_i386.deb 18a7414979e45f307d69e56c148b6f6e 874 oldlibs optional vlc-esd_0.8.1.svn20050314-1sarge3_i386.deb d949314bc1b63b771abbb5d77751c989 876 oldlibs optional vlc-ggi_0.8.1.svn20050314-1sarge3_i386.deb 12e0f9d1a1e0510c78a43cc23d4f133b 878 oldlibs optional vlc-glide_0.8.1.svn20050314-1sarge3_i386.deb d4e1708e97bff2da33e8a5e16486c12b 874 oldlibs optional vlc-gnome_0.8.1.svn20050314-1sarge3_i386.deb 97338ecea63d9de8d1f6eba834b3921e 866 oldlibs optional vlc-gtk_0.8.1.svn20050314-1sarge3_i386.deb 62374cc455429e596e6a841a81073cfc 862 oldlibs optional vlc-qt_0.8.1.svn20050314-1sarge3_i386.deb ed943da06bea3318189df46fa6a7cb67 880 oldlibs optional vlc-sdl_0.8.1.svn20050314-1sarge3_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFGeb4xfPP1rylJn2ERAuffAJ43nP64EtzOBWYqP8ItX9BCnBwR/gCfcUCw PKh7l3RsJk/jxVWiqImrJWk= =4M5T -----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 15 Mar 2008 07:26:57 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.
Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.
Vulmon