Debian Bug report logs -
#743033
vlc: CVE-2014-1684: crafted ASF file handling integer divide-by-zero DoS
Reported by: Henri Salo <henri@nerv.fi>
Date: Sun, 30 Mar 2014 09:09:02 UTC
Severity: important
Tags: fixed-upstream, security
Found in version vlc/2.1.2-2
Fixed in version vlc/2.1.4-1
Done: Benjamin Drung <bdrung@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>:
Bug#743033; Package vlc.
(Sun, 30 Mar 2014 09:09:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Henri Salo <henri@nerv.fi>:
New Bug report received and forwarded. Copy sent to Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>.
(Sun, 30 Mar 2014 09:09:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: vlc
Version: 2.1.2-2
Severity: important
Tags: security, fixed-upstream
Patch available: http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git;a=commitdiff;h=98787d0843612271e99d62bee0dfd8197f0cf404
---
Henri Salo
[signature.asc (application/pgp-signature, inline)]
Reply sent
to Benjamin Drung <bdrung@debian.org>:
You have taken responsibility.
(Sat, 10 May 2014 23:39:15 GMT) (full text, mbox, link).
Notification sent
to Henri Salo <henri@nerv.fi>:
Bug acknowledged by developer.
(Sat, 10 May 2014 23:39:15 GMT) (full text, mbox, link).
Message #10 received at 743033-close@bugs.debian.org (full text, mbox, reply):
Source: vlc
Source-Version: 2.1.4-1
We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 743033@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Benjamin Drung <bdrung@debian.org> (supplier of updated vlc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 11 May 2014 00:57:13 +0200
Source: vlc
Binary: libvlc-dev libvlc5 libvlccore-dev libvlccore7 vlc vlc-data vlc-dbg vlc-nox vlc-plugin-fluidsynth vlc-plugin-jack vlc-plugin-notify vlc-plugin-pulse vlc-plugin-sdl vlc-plugin-svg vlc-plugin-zvbi
Architecture: source amd64 all
Version: 2.1.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Benjamin Drung <bdrung@debian.org>
Description:
libvlc-dev - development files for libvlc
libvlc5 - multimedia player and streamer library
libvlccore-dev - development files for libvlccore
libvlccore7 - base library for VLC and its modules
vlc - multimedia player and streamer
vlc-data - Common data for VLC
vlc-dbg - debugging symbols for vlc
vlc-nox - multimedia player and streamer (without X support)
vlc-plugin-fluidsynth - FluidSynth plugin for VLC
vlc-plugin-jack - Jack audio plugins for VLC
vlc-plugin-notify - LibNotify plugin for VLC
vlc-plugin-pulse - PulseAudio plugin for VLC
vlc-plugin-sdl - SDL video and audio output plugin for VLC
vlc-plugin-svg - SVG plugin for VLC
vlc-plugin-zvbi - VBI teletext plugin for VLC
Closes: 742625 743033
Changes:
vlc (2.1.4-1) unstable; urgency=medium
.
* New upstream release (Closes: #742625, LP: #1276650)
* SECURITY UPDATE: crafted ASF file handling integer divide-by-zero DoS
- CVE-2014-1684
(Closes: #743033)
Checksums-Sha1:
d91d4cc9876e894a86b12bdb6fa1545dfd7cd6d6 5052 vlc_2.1.4-1.dsc
53896c88947803193a21fb4619f34034bad05920 19560884 vlc_2.1.4.orig.tar.xz
6819b9eb6823e21581a8d68d4a02e9241f818838 56348 vlc_2.1.4-1.debian.tar.xz
97f49df5fa260a2cc2fe6c8f57e079ac97b3091b 25436 libvlc-dev_2.1.4-1_amd64.deb
fa1066936de4efabc4d65eb9ab31a2ac499e04a7 40412 libvlc5_2.1.4-1_amd64.deb
5569951961466d921b7fe755dbf665219ef84485 114022 libvlccore-dev_2.1.4-1_amd64.deb
df9b5eebfcfa9c0a7c92000027c51e4f93ef85d9 345042 libvlccore7_2.1.4-1_amd64.deb
dacd8bd2278a180df8055c6e75f63b70906bc777 1209886 vlc_2.1.4-1_amd64.deb
5d3f480ed46d2875f122a901b9d202e827a043f2 5004426 vlc-data_2.1.4-1_all.deb
c9190649bdc135d6b6c288e56e222c25082df051 23280612 vlc-dbg_2.1.4-1_amd64.deb
266a024b21958074c945415a37c3a4c62901bdb0 2086182 vlc-nox_2.1.4-1_amd64.deb
eaaf2322b930204a9a3ff57ae8a1bd8fc24108b4 5524 vlc-plugin-fluidsynth_2.1.4-1_amd64.deb
9ee83f0fb0f853389d3bff10d285ca8dfdfbf941 10728 vlc-plugin-jack_2.1.4-1_amd64.deb
e683e385797f1c5761c9afba876145680d171a1f 5410 vlc-plugin-notify_2.1.4-1_amd64.deb
21d7d5ad208b603486dd8e4b2a6d16d5fbe1589d 16832 vlc-plugin-pulse_2.1.4-1_amd64.deb
4fd49f4724bf11f3955b71159120f9e453eb372f 8008 vlc-plugin-sdl_2.1.4-1_amd64.deb
068e19178465618dc017fc1507c6c821aae5015e 6090 vlc-plugin-svg_2.1.4-1_amd64.deb
e48fb5128c2a56311c9e03f2369e4039c5e9549c 8492 vlc-plugin-zvbi_2.1.4-1_amd64.deb
Checksums-Sha256:
7821ca29da3ef6ad7c92624c9ba0712d7501586ecbf5ebdf64af6858bc118e78 5052 vlc_2.1.4-1.dsc
3e566c7525478167e18cc53dc75d621e4af91eb40aabb6231e47db25d682d5d3 19560884 vlc_2.1.4.orig.tar.xz
b271dab7c52c5cb78f87b14359cb88003883c5571cce54de751079c555a73c54 56348 vlc_2.1.4-1.debian.tar.xz
a298bcf7258666c00eca8d0f2536a31628fe2681ba49c371914a56c133eeabb4 25436 libvlc-dev_2.1.4-1_amd64.deb
b967e9a03508010a4b939567cef99fe446347d30ff3e9c62f1678d033e66b642 40412 libvlc5_2.1.4-1_amd64.deb
4aa5f7b1e5797593bfc17677cb1f06802ea773e6c8e4a455ba1096d85ea6c3ca 114022 libvlccore-dev_2.1.4-1_amd64.deb
eff7b8bc15b9738cf2067c9db661cb435053849c5dc6051cffe3cec054feaca8 345042 libvlccore7_2.1.4-1_amd64.deb
ebbe8c7a9b7147cf35f4a94e8642b3a06c5c520860c6423f16b33cad2c9557b4 1209886 vlc_2.1.4-1_amd64.deb
e2665724e08ddd2f8f420d085f73031b1f9da8a237776463a13df2245fa0919e 5004426 vlc-data_2.1.4-1_all.deb
a4462258b716502d82cb1cad13478206f2ee33791bce96da93982c6d8f12190d 23280612 vlc-dbg_2.1.4-1_amd64.deb
988517f7fb0c72f2d9ff3c4678e0ba5ca83c23ddb43cc05fcf5403f33683ae29 2086182 vlc-nox_2.1.4-1_amd64.deb
54af3d008e22821ef66da33c8f3c78b50aa05c6ffa014bc7c933e1957be06dff 5524 vlc-plugin-fluidsynth_2.1.4-1_amd64.deb
ad19496d31c179556cf8016731339093ef21f54b5dcb4b1e5e137f801a568ae4 10728 vlc-plugin-jack_2.1.4-1_amd64.deb
a0494a8fb0e02e8aaecddbc7af2633e5f6fd05fc0a321294758a6801c400ee84 5410 vlc-plugin-notify_2.1.4-1_amd64.deb
1a285f6f62fc0be1fac5cbf9b70422dce9dc2b78d3c58bc3a8e55d77f1f86f2a 16832 vlc-plugin-pulse_2.1.4-1_amd64.deb
a384d2fc108ee76248868f01c696accfbcafad53d3e51d8c2c4e7eb6098ad7bf 8008 vlc-plugin-sdl_2.1.4-1_amd64.deb
03061776abb4dc3664791c870792b013459451dd2261edfbc1cb33075c44fa5e 6090 vlc-plugin-svg_2.1.4-1_amd64.deb
0de530d443104f6a664416acd01d83034b9bfa89a4779eaec56d83718d233c99 8492 vlc-plugin-zvbi_2.1.4-1_amd64.deb
Files:
a0a9c33e033bfa3b9cdfd5d353c195e8 25436 libdevel optional libvlc-dev_2.1.4-1_amd64.deb
c837e0ebfea94d8a2fa33e429cd93b2d 40412 libs optional libvlc5_2.1.4-1_amd64.deb
a0f590fb10eaef2e344885396e8503c1 114022 libdevel optional libvlccore-dev_2.1.4-1_amd64.deb
f22f2af0d6689fad225240e1d2a95e0f 345042 libs optional libvlccore7_2.1.4-1_amd64.deb
99944cb584120054edfff40f50144642 1209886 video optional vlc_2.1.4-1_amd64.deb
cb8cafaffe2021b3180384aae0d6b5c5 5004426 video optional vlc-data_2.1.4-1_all.deb
cc0b6a3335c356ba999c8ec7a5d3efb5 23280612 debug extra vlc-dbg_2.1.4-1_amd64.deb
0847b0e5887fa3afa4b9b938bf46c352 2086182 video optional vlc-nox_2.1.4-1_amd64.deb
9a4f2c518704467c5bdc19c5912d9410 5524 video optional vlc-plugin-fluidsynth_2.1.4-1_amd64.deb
6ca5a09848f99fb61d2ef2178116fe65 10728 video optional vlc-plugin-jack_2.1.4-1_amd64.deb
15403def69359ad784122152422db41b 5410 video optional vlc-plugin-notify_2.1.4-1_amd64.deb
d6f5d9ac1e283cb24b9304540f1f6585 16832 video optional vlc-plugin-pulse_2.1.4-1_amd64.deb
89c0d57af3ea4f4e68cb4decbff0ed95 8008 video optional vlc-plugin-sdl_2.1.4-1_amd64.deb
4400a957bc104103ef1a78b73881ca50 6090 video optional vlc-plugin-svg_2.1.4-1_amd64.deb
23076ff968e1e6bbe9e1f596d88c33d8 8492 video optional vlc-plugin-zvbi_2.1.4-1_amd64.deb
6f892febe6f568c44d635c3bb2d64ae7 5052 video optional vlc_2.1.4-1.dsc
7ed67d22f7425011078772bfc62ac222 19560884 video optional vlc_2.1.4.orig.tar.xz
a437f71bbcae20459f0ceeecae9160dd 56348 video optional vlc_2.1.4-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJTbrU9AAoJEBWetcTvyHdM16gQAIEcbwtU7DFFv311FUnhI5iP
jGhtZ2tLlH5kEDIP/MMBRyj136bXjqbexC9EiMXJc0wN3WFudlmGoxgTAW3fqJrD
wMV4j+sIsWsqXrAkjqiNpsrecywziVz8ifC8mobQwofzFoLep1ZyNzIBF/wClBul
fG83/mN2yLdzxz0xyckhPf/McTwlkIZ8MbJ17gdBcK89eeEkDvi086q1sTmNO9ZT
WASna+EGTmOy9oPZls9LXhZ+f+Zf+/yed6mEKuHu2XHLE0QxjWFx4xEmHiTsOBjP
TRXm57Ev8pc+2Uvf7114VJGQOMYJPlLTsJMgHGr/c8VhnucNCtFMRlCY+hD0+JIp
uaKEdO9IcB0fKOSkFCLdAcl8g7GN8UyfnzbnGDEHfm92QLCixSI/gJUfc9Sqmrcq
GuTPYiSwMfzT7vYwyc4UTltz1r/6TDkxBC7ZHuiMXUSZ7lGNZsNqCcT9nVLu41+r
8TQ9lbXNoTARzcGOL6grnCTYxW3PQQr0FZ3TPAy54vJZnejIZF1YdlATe89BAfdD
9RKG2Vk2sPWpZawpDBXpgHx4qg6Zb5RUXLP9TBTdGf25mBS/OE1HYjiHrAN8wInO
vPigVtPhI0QjlshP93kxJRgTEEHzotU8ND5ASK+AE0vTT1d0IVfpnFh4PNGE/su1
4Oddrxi4fgDcF/DdsyvH
=zhOp
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 06 Aug 2014 07:29:14 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:28:14 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon