Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Memory corruption in libvpx

Related Vulnerabilities: CVE-2010-4203  

Source

Debian Bug report logs - #602693
Memory corruption in libvpx

version graph

Package: libvpx; Maintainer for libvpx is Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>;

Reported by: Giuseppe Iuculano <iuculano@debian.org>

Date: Sun, 7 Nov 2010 09:30:01 UTC

Severity: serious

Tags: patch, security

Found in version 0.9.1-1

Fixed in versions 0.9.5-1, libvpx/0.9.1-2

Done: Sebastian Dröge <slomo@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Sebastian Dröge <slomo@debian.org>:
Bug#602693; Package libvpx. (Sun, 07 Nov 2010 09:30:04 GMT) (full text, mbox, link).

Acknowledgement sent to Giuseppe Iuculano <iuculano@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Sebastian Dröge <slomo@debian.org>. (Sun, 07 Nov 2010 09:30:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Giuseppe Iuculano <iuculano@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Memory corruption in libvpx
Date: Sun, 07 Nov 2010 10:27:31 +0100
Package: libvpx
Version: 0.9.1-1
Severity: serious
Tags: security patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Christoph Diehl discovered a memory corruption in libvpx.
(see the chromium blog post[0],
[$1000] [60055] High Memory corruption in libvpx. Credit to Christoph Diehl.)

Patch: https://review.webmproject.org/#change,928


[0] http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html

Cheers,
Giuseppe.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkzWcQAACgkQNxpp46476arvJACggX5WwHL8bAtBD45YFbD4VokK
rO8Anj9dRhk/WUWk2kg8XJ55QlCdVJS8
=8Jj8
-----END PGP SIGNATURE-----

Information forwarded to debian-bugs-dist@lists.debian.org, Sebastian Dröge <slomo@debian.org>:
Bug#602693; Package libvpx. (Sun, 07 Nov 2010 09:45:03 GMT) (full text, mbox, link).

Acknowledgement sent to Giuseppe Iuculano <iuculano@debian.org>:
Extra info received and forwarded to list. Copy sent to Sebastian Dröge <slomo@debian.org>. (Sun, 07 Nov 2010 09:45:03 GMT) (full text, mbox, link).

Message #10 received at 602693@bugs.debian.org (full text, mbox, reply):

From: Giuseppe Iuculano <iuculano@debian.org>
To: 602693@bugs.debian.org
Subject: Re: Bug#602693: Memory corruption in libvpx
Date: Sun, 07 Nov 2010 10:40:23 +0100
[Message part 1 (text/plain, inline)]
On 11/07/2010 10:27 AM, Giuseppe Iuculano wrote:
> Patch: https://review.webmproject.org/#change,928

Please also apply the following regression patch:
http://review.webmproject.org/#change,1098

Cheers,
Giuseppe.


[signature.asc (application/pgp-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Sebastian Dröge <slomo@debian.org>:
Bug#602693; Package libvpx. (Fri, 12 Nov 2010 08:21:03 GMT) (full text, mbox, link).

Acknowledgement sent to Sebastian Dröge <slomo@circular-chaos.org>:
Extra info received and forwarded to list. Copy sent to Sebastian Dröge <slomo@debian.org>. (Fri, 12 Nov 2010 08:21:03 GMT) (full text, mbox, link).

Message #15 received at 602693@bugs.debian.org (full text, mbox, reply):

From: Sebastian Dröge <slomo@circular-chaos.org>
To: Giuseppe Iuculano <iuculano@debian.org>, 602693@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: Bug#602693: Memory corruption in libvpx
Date: Fri, 12 Nov 2010 09:18:46 +0100
[Message part 1 (text/plain, inline)]
notfound 602693 0.9.5-1
fixed 602693 0.9.5-1
thanks

On Sun, 2010-11-07 at 10:40 +0100, Giuseppe Iuculano wrote:
> On 11/07/2010 10:27 AM, Giuseppe Iuculano wrote:
> > Patch: https://review.webmproject.org/#change,928
> 
> Please also apply the following regression patch:
> http://review.webmproject.org/#change,1098

Thanks, I've applied this to 0.9.1 and adjusted it to work correctly
with that version.

[signature.asc (application/pgp-signature, inline)]

Bug Marked as fixed in versions 0.9.5-1. Request was from Sebastian Dröge <slomo@circular-chaos.org> to control@bugs.debian.org. (Fri, 12 Nov 2010 08:21:04 GMT) (full text, mbox, link).

Reply sent to Sebastian Dröge <slomo@debian.org>:
You have taken responsibility. (Fri, 12 Nov 2010 08:36:08 GMT) (full text, mbox, link).

Notification sent to Giuseppe Iuculano <iuculano@debian.org>:
Bug acknowledged by developer. (Fri, 12 Nov 2010 08:36:08 GMT) (full text, mbox, link).

Message #22 received at 602693-close@bugs.debian.org (full text, mbox, reply):

From: Sebastian Dröge <slomo@debian.org>
To: 602693-close@bugs.debian.org
Subject: Bug#602693: fixed in libvpx 0.9.1-2
Date: Fri, 12 Nov 2010 08:32:37 +0000
Source: libvpx
Source-Version: 0.9.1-2

We believe that the bug you reported is fixed in the latest version of
libvpx, which is due to be installed in the Debian FTP archive:

libvpx-dev_0.9.1-2_amd64.deb
  to main/libv/libvpx/libvpx-dev_0.9.1-2_amd64.deb
libvpx-doc_0.9.1-2_all.deb
  to main/libv/libvpx/libvpx-doc_0.9.1-2_all.deb
libvpx0-dbg_0.9.1-2_amd64.deb
  to main/libv/libvpx/libvpx0-dbg_0.9.1-2_amd64.deb
libvpx0_0.9.1-2_amd64.deb
  to main/libv/libvpx/libvpx0_0.9.1-2_amd64.deb
libvpx_0.9.1-2.debian.tar.gz
  to main/libv/libvpx/libvpx_0.9.1-2.debian.tar.gz
libvpx_0.9.1-2.dsc
  to main/libv/libvpx/libvpx_0.9.1-2.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 602693@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Dröge <slomo@debian.org> (supplier of updated libvpx package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 12 Nov 2010 08:44:13 +0100
Source: libvpx
Binary: libvpx-dev libvpx0 libvpx0-dbg libvpx-doc
Architecture: source all amd64
Version: 0.9.1-2
Distribution: unstable
Urgency: high
Maintainer: Sebastian Dröge <slomo@debian.org>
Changed-By: Sebastian Dröge <slomo@debian.org>
Description: 
 libvpx-dev - VP8 video codec (development files)
 libvpx-doc - VP8 video codec (API documentation)
 libvpx0    - VP8 video codec (shared library)
 libvpx0-dbg - VP8 video codec (debugging symbols)
Closes: 602693
Changes: 
 libvpx (0.9.1-2) unstable; urgency=high
 .
   * debian/patches/900_CVE-2010-4203.patch:
     + SECURITY CVE-2010-4203:
       Fix heap memory corruption which could lead to denial of service
       or possibly execution of arbitrary code. Properly validate frame
       size and partition sizes (Closes: #602693).
       This patch contains two upstream commits, adjusted to work with
       libvpx 0.9.1. It is fixed upstream in 0.9.5.
Checksums-Sha1: 
 383f3c3207a513b7c4cf5ad9502b2cb1a1631087 1155 libvpx_0.9.1-2.dsc
 310ede953d0d74de67b49b68767e5faee6157727 10830 libvpx_0.9.1-2.debian.tar.gz
 2962cb9dcf4ff008a3a7c8fe9f726d2d93917df4 233540 libvpx-doc_0.9.1-2_all.deb
 2d2c1136acbf6dcb6be2e9ec654b81ab50adf683 301834 libvpx-dev_0.9.1-2_amd64.deb
 8a5d80d0f7238f76830ddba26669ad0f816164e9 232060 libvpx0_0.9.1-2_amd64.deb
 c799da3b3edc9ceeb415ada2ca10666be22345b1 488872 libvpx0-dbg_0.9.1-2_amd64.deb
Checksums-Sha256: 
 f0411465ba821299ca21d3614b156caad495527b8bc4ffd9c15569cce338082f 1155 libvpx_0.9.1-2.dsc
 aa02e1e4b4ac7e7d493ca6d16134e9ab0b37a5e3d7b629a6a76c3d2489b06d40 10830 libvpx_0.9.1-2.debian.tar.gz
 3017352a7c6c6c4c7f9b263b815361326abedd604c87e870c5c7538499dbc978 233540 libvpx-doc_0.9.1-2_all.deb
 50f153a2aa0b50428ae8102f06c4fa3b5a1dac029ca299073bb0700702454e2e 301834 libvpx-dev_0.9.1-2_amd64.deb
 b7aae8a93cef188bb139aa2e40f09b4bf356bbf4981591ef753fdb06227b72bd 232060 libvpx0_0.9.1-2_amd64.deb
 71804a61349ea7941e783241185fb2a8fe07cddf624903b36b53377c66c3bd9f 488872 libvpx0-dbg_0.9.1-2_amd64.deb
Files: 
 76d08b244425e2f4b7a4913f63821a6c 1155 video optional libvpx_0.9.1-2.dsc
 8c61c8ec740baf53ea90145d14dde4a6 10830 video optional libvpx_0.9.1-2.debian.tar.gz
 659a7c0ccf281a544c56c1891fc2a0aa 233540 doc optional libvpx-doc_0.9.1-2_all.deb
 69b4851184716c7cdcbafc15d96f390c 301834 libdevel optional libvpx-dev_0.9.1-2_amd64.deb
 d0041d740a98a4abe815a8ab648dde0c 232060 libs optional libvpx0_0.9.1-2_amd64.deb
 c2b393af2a5a9ca76e5a36214b92f369 488872 debug extra libvpx0-dbg_0.9.1-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkzc+TcACgkQBsBdh4vkHyFAkQCdGsIkwzypzTOitzxvJt3h49S+
KYYAoKH5tQQ5m3Plrc5aC/+DJFbXDn2V
=ZtVc
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 13 Dec 2010 07:37:24 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 13:27:31 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started