Debian Bug report logs -
#464532
mplayer: CVE-2008-0630 buffer overflow via crafted url
Reported by: Nico Golde <nion@debian.org>
Date: Thu, 7 Feb 2008 13:45:02 UTC
Severity: grave
Tags: patch, security
Fixed in versions mplayer/1.0~rc2-8, mplayer/1.0~rc2-7+lenny1, mplayer/1.0~rc1-12etch4
Done: A Mennucc1 <mennucc1@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, A Mennucc1 <mennucc1@debian.org>:
Bug#464532; Package mplayer.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to A Mennucc1 <mennucc1@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Source: mplayer
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for mplayer.
CVE-2008-0630[0]:
| Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823
| allows remote attackers to execute arbitrary code via a crafted URL
| that prevents the IPv6 parsing code from setting a pointer to NULL,
| which causes the buffer to be reused by the unescape code.
You can find a patch for this on:
http://svn.mplayerhq.hu/mplayer/trunk/stream/stream_cddb.c?r1=25820&r2=25824
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0630
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, A Mennucc1 <mennucc1@debian.org>:
Bug#464532; Package mplayer.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to A Mennucc1 <mennucc1@debian.org>.
(full text, mbox, link).
Message #10 received at 464532@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
retitle 464532 mplayer: CVE-2008-0630 buffer overflow via crafted url
thanks
Hi,
mixed this one up with the other CVE id thus renaming the
bug.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Changed Bug title to `mplayer: CVE-2008-0630 buffer overflow via crafted url' from `mplayer: CVE-2008-0630 buffer overflow in cddb title parsing'.
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org.
(Thu, 07 Feb 2008 13:51:03 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, A Mennucc1 <mennucc1@debian.org>:
Bug#464532; Package mplayer.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to A Mennucc1 <mennucc1@debian.org>.
(full text, mbox, link).
Message #17 received at 464532@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tags 464532 + patch
thanks
The correct url for the fix is:
http://svn.mplayerhq.hu/mplayer/trunk/stream/url.c?r1=25648&r2=25823
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Tags added: patch
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org.
(Thu, 07 Feb 2008 13:54:05 GMT) (full text, mbox, link).
Reply sent to A Mennucc1 <mennucc1@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #24 received at 464532-close@bugs.debian.org (full text, mbox, reply):
Source: mplayer
Source-Version: 1.0~rc2-8
We believe that the bug you reported is fixed in the latest version of
mplayer, which is due to be installed in the Debian FTP archive:
mplayer-doc_1.0~rc2-8_all.deb
to pool/main/m/mplayer/mplayer-doc_1.0~rc2-8_all.deb
mplayer_1.0~rc2-8.diff.gz
to pool/main/m/mplayer/mplayer_1.0~rc2-8.diff.gz
mplayer_1.0~rc2-8.dsc
to pool/main/m/mplayer/mplayer_1.0~rc2-8.dsc
mplayer_1.0~rc2-8_i386.deb
to pool/main/m/mplayer/mplayer_1.0~rc2-8_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 464532@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
A Mennucc1 <mennucc1@debian.org> (supplier of updated mplayer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 8 Feb 2008 20:42:41 +0100
Source: mplayer
Binary: mplayer mplayer-doc
Architecture: source all i386
Version: 1.0~rc2-8
Distribution: unstable
Urgency: low
Maintainer: A Mennucc1 <mennucc1@debian.org>
Changed-By: A Mennucc1 <mennucc1@debian.org>
Description:
mplayer - movie player for Unix-like systems
mplayer-doc - documentation for MPlayer
Closes: 464060 464532 464533
Changes:
mplayer (1.0~rc2-8) unstable; urgency=low
.
* fix SVN25823 for
CVE-2008-0630, buffer overflow via crafted url ,
thanks Niko Golde (closes: #464532)
* fix SVN25824 for
CVE-2008-0629, buffer overflow via crafted cddb title
thanks Niko Golde (closes: #464533)
* fix for CVE-2008-0485 Array index error in libmpdemux/demux_mov.c
a.k.a. CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability
thanks Stefan Fritsch
* fix for CVE-2008-0486 Array index vulnerability in libmpdemux/demux_audio.c
a.k.a. CORE-2008-0122: MPlayer arbitrary pointer dereference
thanks Stefan Fritsch (closes: #464060)
Files:
0568765d5a84e0ff43e8d694c8116f29 1421 graphics optional mplayer_1.0~rc2-8.dsc
cee9732063a7d2247a7af449a7f79fa7 72030 graphics optional mplayer_1.0~rc2-8.diff.gz
5b259bd81ddb9c718ac306e5a9c501f4 2457170 graphics optional mplayer-doc_1.0~rc2-8_all.deb
163f1d55b6dedef7258a0403f6b36917 5054576 graphics optional mplayer_1.0~rc2-8_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHrNtd9B/tjjP8QKQRAkmBAJ9hRmLG1uk1Z9cdhUF2/ITQvcHXWQCdFRQb
hGuhNPIf4U98nbDr39mRBWc=
=HPB0
-----END PGP SIGNATURE-----
Reply sent to Nico Golde <nion@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #29 received at 464532-close@bugs.debian.org (full text, mbox, reply):
Source: mplayer
Source-Version: 1.0~rc2-7+lenny1
We believe that the bug you reported is fixed in the latest version of
mplayer, which is due to be installed in the Debian FTP archive:
mplayer-doc_1.0~rc2-7+lenny1_all.deb
to pool/main/m/mplayer/mplayer-doc_1.0~rc2-7+lenny1_all.deb
mplayer_1.0~rc2-7+lenny1.diff.gz
to pool/main/m/mplayer/mplayer_1.0~rc2-7+lenny1.diff.gz
mplayer_1.0~rc2-7+lenny1.dsc
to pool/main/m/mplayer/mplayer_1.0~rc2-7+lenny1.dsc
mplayer_1.0~rc2-7+lenny1_i386.deb
to pool/main/m/mplayer/mplayer_1.0~rc2-7+lenny1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 464532@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated mplayer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 15 Feb 2008 12:35:24 +0100
Source: mplayer
Binary: mplayer mplayer-doc
Architecture: source all i386
Version: 1.0~rc2-7+lenny1
Distribution: testing-security
Urgency: high
Maintainer: A Mennucc1 <mennucc1@debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description:
mplayer - movie player for Unix-like systems
mplayer-doc - documentation for MPlayer
Closes: 464060 464532 464533
Changes:
mplayer (1.0~rc2-7+lenny1) testing-security; urgency=high
.
* Non-maintainer upload by security team.
* This update addresses the following security issues:
- CVE-2008-0630: remote buffer overflow via crafted URL
(Closes: #464532).
- CVE-2008-0629: remote buffer overflow leading to arbitrary
code execution via a crafted CDDB entry (Closes: #464533).
- CVE-2008-0485: array index error in libmpdemux/demux_mov.c
leading to code execution via crafted MOV file (Closes: #464060).
- CVE-2008-0486: array index vulnerability in libmpdemux/demux_audio.c
possibly leading to code execution via crafted FLAC tag.
Files:
e7b91dd0d640af735852b0112d69f612 1435 graphics optional mplayer_1.0~rc2-7+lenny1.dsc
f1da15bc4accee0a5551928e31d7b779 11727998 graphics optional mplayer_1.0~rc2.orig.tar.gz
12bee461cc224473a4d52483058ac3bb 71387 graphics optional mplayer_1.0~rc2-7+lenny1.diff.gz
583ecd8e0d27cd9e91f8e355c643ecb4 2466212 graphics optional mplayer-doc_1.0~rc2-7+lenny1_all.deb
323b899ca4ac3e199c00f9589129939d 5057120 graphics optional mplayer_1.0~rc2-7+lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHtYGtHYflSXNkfP8RAhpnAJ4hRXN3/psRsQSSAf1dSAOD6WmF5gCeJB9m
LtAMgUpDqS6j6hJF974VHZI=
=0ixp
-----END PGP SIGNATURE-----
Reply sent to A Mennucc1 <mennucc1@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #34 received at 464532-close@bugs.debian.org (full text, mbox, reply):
Source: mplayer
Source-Version: 1.0~rc1-12etch4
We believe that the bug you reported is fixed in the latest version of
mplayer, which is due to be installed in the Debian FTP archive:
mplayer-doc_1.0~rc1-12etch4_all.deb
to pool/main/m/mplayer/mplayer-doc_1.0~rc1-12etch4_all.deb
mplayer_1.0~rc1-12etch4.diff.gz
to pool/main/m/mplayer/mplayer_1.0~rc1-12etch4.diff.gz
mplayer_1.0~rc1-12etch4.dsc
to pool/main/m/mplayer/mplayer_1.0~rc1-12etch4.dsc
mplayer_1.0~rc1-12etch4_i386.deb
to pool/main/m/mplayer/mplayer_1.0~rc1-12etch4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 464532@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
A Mennucc1 <mennucc1@debian.org> (supplier of updated mplayer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 8 Feb 2008 20:32:41 +0100
Source: mplayer
Binary: mplayer-doc mplayer
Architecture: source i386 all
Version: 1.0~rc1-12etch4
Distribution: stable-security
Urgency: high
Maintainer: A Mennucc1 <mennucc1@debian.org>
Changed-By: A Mennucc1 <mennucc1@debian.org>
Description:
mplayer - The Movie Player
mplayer-doc - documentation for MPlayer
Closes: 464060 464532 464533
Changes:
mplayer (1.0~rc1-12etch4) stable-security; urgency=high
.
* fix SVN25823 for
CVE-2008-0630, buffer overflow via crafted url ,
thanks Niko Golde (closes: #464532)
* fix SVN25824 for
CVE-2008-0629, buffer overflow via crafted cddb title
thanks Niko Golde (closes: #464533)
* fix for CVE-2008-0485 Array index error in libmpdemux/demux_mov.c
a.k.a. CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability
thanks Stefan Fritsch
* fix for CVE-2008-0486 Array index vulnerability in libmpdemux/demux_audio.c
a.k.a. CORE-2008-0122: MPlayer arbitrary pointer dereference
thanks Stefan Fritsch (closes: #464060)
Files:
e247c07b25f52ae90c66d1147ed2dad3 1265 graphics optional mplayer_1.0~rc1-12etch4.dsc
4fbe0a18dad58eb0fde6388bfa0fd6fe 82320 graphics optional mplayer_1.0~rc1-12etch4.diff.gz
dcae457fc598d095481ae958b4b2be33 2042982 graphics optional mplayer-doc_1.0~rc1-12etch4_all.deb
fc9d62d80284dcb7501d4aa46d90705f 4556720 graphics optional mplayer_1.0~rc1-12etch4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHrNDw9B/tjjP8QKQRAnaQAJ9CFXIMOOTzZm0l+Vze1HpOrRBVqACdG20v
UvBP/cfX6B7uk/aPAJA1Oko=
=k6y2
-----END PGP SIGNATURE-----
Reply sent to A Mennucc1 <mennucc1@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #39 received at 464532-close@bugs.debian.org (full text, mbox, reply):
Source: mplayer
Source-Version: 1.0~rc1-12etch4
We believe that the bug you reported is fixed in the latest version of
mplayer, which is due to be installed in the Debian FTP archive:
mplayer-doc_1.0~rc1-12etch4_all.deb
to pool/main/m/mplayer/mplayer-doc_1.0~rc1-12etch4_all.deb
mplayer_1.0~rc1-12etch4.diff.gz
to pool/main/m/mplayer/mplayer_1.0~rc1-12etch4.diff.gz
mplayer_1.0~rc1-12etch4.dsc
to pool/main/m/mplayer/mplayer_1.0~rc1-12etch4.dsc
mplayer_1.0~rc1-12etch4_i386.deb
to pool/main/m/mplayer/mplayer_1.0~rc1-12etch4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 464532@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
A Mennucc1 <mennucc1@debian.org> (supplier of updated mplayer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 8 Feb 2008 20:32:41 +0100
Source: mplayer
Binary: mplayer-doc mplayer
Architecture: source i386 all
Version: 1.0~rc1-12etch4
Distribution: stable-security
Urgency: high
Maintainer: A Mennucc1 <mennucc1@debian.org>
Changed-By: A Mennucc1 <mennucc1@debian.org>
Description:
mplayer - The Movie Player
mplayer-doc - documentation for MPlayer
Closes: 464060 464532 464533
Changes:
mplayer (1.0~rc1-12etch4) stable-security; urgency=high
.
* fix SVN25823 for
CVE-2008-0630, buffer overflow via crafted url ,
thanks Niko Golde (closes: #464532)
* fix SVN25824 for
CVE-2008-0629, buffer overflow via crafted cddb title
thanks Niko Golde (closes: #464533)
* fix for CVE-2008-0485 Array index error in libmpdemux/demux_mov.c
a.k.a. CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability
thanks Stefan Fritsch
* fix for CVE-2008-0486 Array index vulnerability in libmpdemux/demux_audio.c
a.k.a. CORE-2008-0122: MPlayer arbitrary pointer dereference
thanks Stefan Fritsch (closes: #464060)
Files:
e247c07b25f52ae90c66d1147ed2dad3 1265 graphics optional mplayer_1.0~rc1-12etch4.dsc
4fbe0a18dad58eb0fde6388bfa0fd6fe 82320 graphics optional mplayer_1.0~rc1-12etch4.diff.gz
dcae457fc598d095481ae958b4b2be33 2042982 graphics optional mplayer-doc_1.0~rc1-12etch4_all.deb
fc9d62d80284dcb7501d4aa46d90705f 4556720 graphics optional mplayer_1.0~rc1-12etch4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHrNDw9B/tjjP8QKQRAnaQAJ9CFXIMOOTzZm0l+Vze1HpOrRBVqACdG20v
UvBP/cfX6B7uk/aPAJA1Oko=
=k6y2
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 22 Mar 2008 07:29:11 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:48:49 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon