Package: vlc; Maintainer for vlc is Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>; Source for vlc is src:vlc (PTS, buildd, popcon).
Reported by: Alex de Oliveira Silva <enerv@host.sk>
Date: Wed, 3 Jan 2007 14:18:08 UTC
Severity: grave
Tags: fixed-upstream, patch, security
Found in versions vlc/0.8.6-svn20061012.debian-1, 0.8.1.svn20050314-1sarge1
Fixed in versions vlc/0.8.6-svn20061012.debian-1.2, vlc/0.8.6-svn20061012.debian-2, vlc/0.8.6-svn20061012.debian-3, vlc/0.8.1.svn20050314-1sarge2
Done: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
Bug is archived. No further changes may be made.
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Sam Hocevar (Debian packages) <sam+deb@zoy.org>:
Bug#405425; Package vlc.
(full text, mbox, link).
Acknowledgement sent to Alex de Oliveira Silva <enerv@host.sk>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Sam Hocevar (Debian packages) <sam+deb@zoy.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: vlc Version: 0.8.6-svn20061012.debian-1 Severity: critical Tags: security Justification: root security hole Description: Multiple vulnerabilities have been identified in VideoLAN VLC, which could be exploited by attackers to take complete control of an affected system. These issues are due to format string errors in the "cdio_log_handler()" and "vcd_log_handler()" functions that call "msg_Dbg()", "msg_Warn()", and "msg_Err()" in an insecure manner, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a specially crafted web page or opening a malicious M3U playlist. Affected: VideoLAN VLC version 0.8.6 and prior Solution: A fix is available via SVN : http://trac.videolan.org/vlc/changeset/18481 References: http://www.frsirt.com/english/advisories/2007/0026 http://projects.info-pull.com/moab/MOAB-02-01-2007.html -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) -- .''`. : :' : Alex de Oliveira Silva | enerv `. `' www.enerv.net `-
Bug marked as found in version 0.8.1.svn20050314-1sarge1.
Request was from Rémi Denis-Courmont <rdenis@simphalempin.com>
to control@bugs.debian.org.
(full text, mbox, link).
Severity set to `grave' from `critical'
Request was from Steve Langasek <vorlon@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Tags added: fixed-upstream, patch
Request was from Clément Stenac <zorglub@diwi.org>
to control@bugs.debian.org.
(full text, mbox, link).
Message #14 received at 405425-submitter@bugs.debian.org (full text, mbox, reply):
tag 405425 +fixed-upstream patch thanks Upstream patch for this bug: http://www.videolan.org/patches/vlc-0.8.6-MOAB-02-01-2007.patch By the way, if this bug is for you a "root security hole", then you are doing really reckless stuff with your root account, like running as root a program that does not need to be run as root with untrusted and unchecked input downloaded from internet. -- Zorglub Clément Stenac
Acknowledgement sent to Alex de Oliveira Silva <enerv@host.sk>:
Extra info received and filed, but not forwarded.
(full text, mbox, link).
Message #19 received at 405425-quiet@bugs.debian.org (full text, mbox, reply):
Its true. Thanks vorlon to change severity. Clément Stenac escreveu: > tag 405425 +fixed-upstream patch > thanks > > Upstream patch for this bug: > http://www.videolan.org/patches/vlc-0.8.6-MOAB-02-01-2007.patch > > By the way, if this bug is for you a "root security hole", then you are > doing really reckless stuff with your root account, like running as root > a program that does not need to be run as root with untrusted and > unchecked input downloaded from internet. > > regards, -- .''`. : :' : Alex de Oliveira Silva | enerv `. `' www.enerv.net `-
Information forwarded to debian-bugs-dist@lists.debian.org, Sam Hocevar (Debian packages) <sam+deb@zoy.org>:
Bug#405425; Package vlc.
(full text, mbox, link).
Acknowledgement sent to Andreas Barth <aba@not.so.argh.org>:
Extra info received and forwarded to list. Copy sent to Sam Hocevar (Debian packages) <sam+deb@zoy.org>.
(full text, mbox, link).
Message #24 received at 405425@bugs.debian.org (full text, mbox, reply):
Hi, I uploaded an NMU of your package. Please see this as help to get the package into a releaseable condition for etch. Please find the used diff below. Cheers, Andi diff -Nur ../vlc-0.8.6-svn20061012.debian~~/debian/changelog ../vlc-0.8.6-svn20061012.debian/debian/changelog --- ../vlc-0.8.6-svn20061012.debian~~/debian/changelog 2006-12-23 19:18:21.000000000 +0000 +++ ../vlc-0.8.6-svn20061012.debian/debian/changelog 2007-01-06 23:08:27.000000000 +0000 @@ -1,3 +1,11 @@ +vlc (0.8.6-svn20061012.debian-1.2) unstable; urgency=high + + * Non-maintainer upload. + * Fix format string vulnerability with patch + MOAB-02-01-2007-CVE-2007-0017.patch, CVE-2007-0017. Closes: #405425 + + -- Andreas Barth <aba@not.so.argh.org> Sat, 6 Jan 2007 23:07:51 +0000 + vlc (0.8.6-svn20061012.debian-1.1) unstable; urgency=high * Non-maintainer upload. diff -Nur ../vlc-0.8.6-svn20061012.debian~~/debian/patches/MOAB-02-01-2007-CVE-2007-0017.patch ../vlc-0.8.6-svn20061012.debian/debian/patches/MOAB-02-01-2007-CVE-2007-0017.patch --- ../vlc-0.8.6-svn20061012.debian~~/debian/patches/MOAB-02-01-2007-CVE-2007-0017.patch 1970-01-01 00:00:00.000000000 +0000 +++ ../vlc-0.8.6-svn20061012.debian/debian/patches/MOAB-02-01-2007-CVE-2007-0017.patch 2007-01-03 15:55:03.000000000 +0000 @@ -0,0 +1,68 @@ +diff -ru vlc-0.8.6.orig/modules/access/cdda/access.c vlc-0.8.6/modules/access/cdda/access.c +--- vlc-0.8.6.orig/modules/access/cdda/access.c 2007-01-03 10:01:09.000000000 +0100 ++++ vlc-0.8.6/modules/access/cdda/access.c 2007-01-03 10:02:45.000000000 +0100 +@@ -89,17 +89,17 @@ + case CDIO_LOG_DEBUG: + case CDIO_LOG_INFO: + if (p_cdda->i_debug & INPUT_DBG_CDIO) +- msg_Dbg( p_cdda_input, message); ++ msg_Dbg( p_cdda_input, "%s", message); + break; + case CDIO_LOG_WARN: +- msg_Warn( p_cdda_input, message); ++ msg_Warn( p_cdda_input, "%s", message); + break; + case CDIO_LOG_ERROR: + case CDIO_LOG_ASSERT: +- msg_Err( p_cdda_input, message); ++ msg_Err( p_cdda_input, "%s", message); + break; + default: +- msg_Warn( p_cdda_input, message, ++ msg_Warn( p_cdda_input, "%s\n%s %d", message, + "the above message had unknown cdio log level", + level); + } +diff -ru vlc-0.8.6.orig/modules/access/vcdx/access.c vlc-0.8.6/modules/access/vcdx/access.c +--- vlc-0.8.6.orig/modules/access/vcdx/access.c 2007-01-03 10:01:10.000000000 +0100 ++++ vlc-0.8.6/modules/access/vcdx/access.c 2007-01-03 10:01:52.000000000 +0100 +@@ -92,17 +92,17 @@ + case CDIO_LOG_DEBUG: + case CDIO_LOG_INFO: + if (p_vcdplayer->i_debug & INPUT_DBG_CDIO) +- msg_Dbg( p_vcd_access, message); ++ msg_Dbg( p_vcd_access, "%s", message); + break; + case CDIO_LOG_WARN: +- msg_Warn( p_vcd_access, message); ++ msg_Warn( p_vcd_access, "%s", message); + break; + case CDIO_LOG_ERROR: + case CDIO_LOG_ASSERT: +- msg_Err( p_vcd_access, message); ++ msg_Err( p_vcd_access, "%s", message); + break; + default: +- msg_Warn( p_vcd_access, message, ++ msg_Warn( p_vcd_access, "%s\n%s %d", message, + _("The above message had unknown log level"), + level); + } +@@ -118,14 +118,14 @@ + case VCD_LOG_DEBUG: + case VCD_LOG_INFO: + if (p_vcdplayer->i_debug & INPUT_DBG_VCDINFO) +- msg_Dbg( p_vcd_access, message); ++ msg_Dbg( p_vcd_access, "%s", message); + break; + case VCD_LOG_WARN: +- msg_Warn( p_vcd_access, message); ++ msg_Warn( p_vcd_access, "%s", message); + break; + case VCD_LOG_ERROR: + case VCD_LOG_ASSERT: +- msg_Err( p_vcd_access, message); ++ msg_Err( p_vcd_access, "%s", message); + break; + default: + msg_Warn( p_vcd_access, "%s\n%s %d", message, diff -Nur ../vlc-0.8.6-svn20061012.debian~~/debian/patches/series ../vlc-0.8.6-svn20061012.debian/debian/patches/series --- ../vlc-0.8.6-svn20061012.debian~~/debian/patches/series 2006-12-12 14:00:25.000000000 +0000 +++ ../vlc-0.8.6-svn20061012.debian/debian/patches/series 2007-01-06 23:07:30.000000000 +0000 @@ -5,3 +5,4 @@ 020_dejavu_font.diff 020_notify.diff 020_certificates_paths.diff +MOAB-02-01-2007-CVE-2007-0017.patch -- http://home.arcor.de/andreas-barth/
Reply sent to Andreas Barth <aba@not.so.argh.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Alex de Oliveira Silva <enerv@host.sk>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #29 received at 405425-close@bugs.debian.org (full text, mbox, reply):
Source: vlc Source-Version: 0.8.6-svn20061012.debian-1.2 We believe that the bug you reported is fixed in the latest version of vlc, which is due to be installed in the Debian FTP archive: libvlc0-dev_0.8.6-svn20061012.debian-1.2_amd64.deb to pool/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-1.2_amd64.deb libvlc0_0.8.6-svn20061012.debian-1.2_amd64.deb to pool/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-1.2_amd64.deb vlc-nox_0.8.6-svn20061012.debian-1.2_amd64.deb to pool/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-1.2_amd64.deb vlc-plugin-alsa_0.8.6-svn20061012.debian-1.2_all.deb to pool/main/v/vlc/vlc-plugin-alsa_0.8.6-svn20061012.debian-1.2_all.deb vlc-plugin-arts_0.8.6-svn20061012.debian-1.2_amd64.deb to pool/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-1.2_amd64.deb vlc-plugin-esd_0.8.6-svn20061012.debian-1.2_amd64.deb to pool/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-1.2_amd64.deb vlc-plugin-ggi_0.8.6-svn20061012.debian-1.2_amd64.deb to pool/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-1.2_amd64.deb vlc-plugin-sdl_0.8.6-svn20061012.debian-1.2_amd64.deb to pool/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-1.2_amd64.deb vlc_0.8.6-svn20061012.debian-1.2.diff.gz to pool/main/v/vlc/vlc_0.8.6-svn20061012.debian-1.2.diff.gz vlc_0.8.6-svn20061012.debian-1.2.dsc to pool/main/v/vlc/vlc_0.8.6-svn20061012.debian-1.2.dsc vlc_0.8.6-svn20061012.debian-1.2_amd64.deb to pool/main/v/vlc/vlc_0.8.6-svn20061012.debian-1.2_amd64.deb wxvlc_0.8.6-svn20061012.debian-1.2_all.deb to pool/main/v/vlc/wxvlc_0.8.6-svn20061012.debian-1.2_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 405425@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Barth <aba@not.so.argh.org> (supplier of updated vlc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 6 Jan 2007 23:07:51 +0000 Source: vlc Binary: wxvlc vlc-plugin-sdl vlc-plugin-ggi vlc-plugin-alsa vlc-plugin-glide vlc-plugin-esd vlc libvlc0 vlc-plugin-arts vlc-nox vlc-plugin-svgalib libvlc0-dev Architecture: source amd64 all Version: 0.8.6-svn20061012.debian-1.2 Distribution: unstable Urgency: high Maintainer: Sam Hocevar (Debian packages) <sam+deb@zoy.org> Changed-By: Andreas Barth <aba@not.so.argh.org> Description: libvlc0 - multimedia player and streamer library libvlc0-dev - development files for VLC vlc - multimedia player and streamer vlc-nox - multimedia player and streamer (without X support) vlc-plugin-alsa - dummy transitional package vlc-plugin-arts - aRts audio output plugin for VLC vlc-plugin-esd - Esound audio output plugin for VLC vlc-plugin-ggi - GGI video output plugin for VLC vlc-plugin-sdl - SDL video and audio output plugin for VLC wxvlc - dummy transitional package Closes: 405425 Changes: vlc (0.8.6-svn20061012.debian-1.2) unstable; urgency=high . * Non-maintainer upload. * Fix format string vulnerability with patch MOAB-02-01-2007-CVE-2007-0017.patch, CVE-2007-0017. Closes: #405425 Files: 4e0820da566a30b27c7cc7bce435a15d 2184 graphics optional vlc_0.8.6-svn20061012.debian-1.2.dsc 70af4320598c31339f046420c507249d 31799 graphics optional vlc_0.8.6-svn20061012.debian-1.2.diff.gz 8ca348fd025406b55cfa715b79427298 776 graphics optional vlc-plugin-alsa_0.8.6-svn20061012.debian-1.2_all.deb 53d89104717d59d162f755b2fb6c4e13 770 graphics optional wxvlc_0.8.6-svn20061012.debian-1.2_all.deb 563f89de087b74968af0ebfea2a584ab 1142714 graphics optional vlc_0.8.6-svn20061012.debian-1.2_amd64.deb 255960f28bd24d9ca375060da7e1bd09 4183362 net optional vlc-nox_0.8.6-svn20061012.debian-1.2_amd64.deb 9d43e5b9aa687b995249a3f24b84710e 948786 libs optional libvlc0_0.8.6-svn20061012.debian-1.2_amd64.deb c40d5cb7cd1dbc7c90662b9b38cbbd97 19518 libdevel optional libvlc0-dev_0.8.6-svn20061012.debian-1.2_amd64.deb bcfda52afe83144e09bb066df7372593 4514 graphics optional vlc-plugin-esd_0.8.6-svn20061012.debian-1.2_amd64.deb e324a943077a15e079516815df420661 11336 graphics optional vlc-plugin-sdl_0.8.6-svn20061012.debian-1.2_amd64.deb 825da1bb568cc9eab7c251e00fd294ca 6050 graphics optional vlc-plugin-ggi_0.8.6-svn20061012.debian-1.2_amd64.deb 52fabbd08db6624d2236479377e30ef6 4180 graphics optional vlc-plugin-arts_0.8.6-svn20061012.debian-1.2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFFoDOOmdOZoew2oYURAq1vAKCM2wyhg226o0749N57EbfqYZ+wQACfVEWM Em19OrxMoIgqAFXY4U1E1tM= =llep -----END PGP SIGNATURE-----
Reply sent to Sam Hocevar (Debian packages) <sam+deb@zoy.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Alex de Oliveira Silva <enerv@host.sk>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #34 received at 405425-close@bugs.debian.org (full text, mbox, reply):
Source: vlc Source-Version: 0.8.6-svn20061012.debian-2 We believe that the bug you reported is fixed in the latest version of vlc, which is due to be installed in the Debian FTP archive: libvlc0-dev_0.8.6-svn20061012.debian-2_i386.deb to pool/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-2_i386.deb libvlc0_0.8.6-svn20061012.debian-2_i386.deb to pool/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-2_i386.deb mozilla-plugin-vlc_0.8.6-svn20061012.debian-2_i386.deb to pool/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-2_i386.deb vlc-nox_0.8.6-svn20061012.debian-2_i386.deb to pool/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-2_i386.deb vlc-plugin-alsa_0.8.6-svn20061012.debian-2_all.deb to pool/main/v/vlc/vlc-plugin-alsa_0.8.6-svn20061012.debian-2_all.deb vlc-plugin-arts_0.8.6-svn20061012.debian-2_i386.deb to pool/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-2_i386.deb vlc-plugin-esd_0.8.6-svn20061012.debian-2_i386.deb to pool/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-2_i386.deb vlc-plugin-ggi_0.8.6-svn20061012.debian-2_i386.deb to pool/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-2_i386.deb vlc-plugin-glide_0.8.6-svn20061012.debian-2_i386.deb to pool/main/v/vlc/vlc-plugin-glide_0.8.6-svn20061012.debian-2_i386.deb vlc-plugin-sdl_0.8.6-svn20061012.debian-2_i386.deb to pool/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-2_i386.deb vlc-plugin-svgalib_0.8.6-svn20061012.debian-2_i386.deb to pool/main/v/vlc/vlc-plugin-svgalib_0.8.6-svn20061012.debian-2_i386.deb vlc_0.8.6-svn20061012.debian-2.diff.gz to pool/main/v/vlc/vlc_0.8.6-svn20061012.debian-2.diff.gz vlc_0.8.6-svn20061012.debian-2.dsc to pool/main/v/vlc/vlc_0.8.6-svn20061012.debian-2.dsc vlc_0.8.6-svn20061012.debian-2_i386.deb to pool/main/v/vlc/vlc_0.8.6-svn20061012.debian-2_i386.deb wxvlc_0.8.6-svn20061012.debian-2_all.deb to pool/main/v/vlc/wxvlc_0.8.6-svn20061012.debian-2_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 405425@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sam Hocevar (Debian packages) <sam+deb@zoy.org> (supplier of updated vlc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 8 Jan 2007 09:43:07 +0100 Source: vlc Binary: wxvlc vlc-plugin-sdl vlc-plugin-ggi vlc-plugin-alsa vlc-plugin-glide vlc-plugin-esd mozilla-plugin-vlc vlc libvlc0 vlc-plugin-arts vlc-nox vlc-plugin-svgalib libvlc0-dev Architecture: source i386 all Version: 0.8.6-svn20061012.debian-2 Distribution: unstable Urgency: high Maintainer: Sam Hocevar (Debian packages) <sam+deb@zoy.org> Changed-By: Sam Hocevar (Debian packages) <sam+deb@zoy.org> Description: libvlc0 - multimedia player and streamer library libvlc0-dev - development files for VLC mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC vlc - multimedia player and streamer vlc-nox - multimedia player and streamer (without X support) vlc-plugin-alsa - dummy transitional package vlc-plugin-arts - aRts audio output plugin for VLC vlc-plugin-esd - Esound audio output plugin for VLC vlc-plugin-ggi - GGI video output plugin for VLC vlc-plugin-glide - Glide video output plugin for VLC vlc-plugin-sdl - SDL video and audio output plugin for VLC vlc-plugin-svgalib - SVGAlib video output plugin for VLC wxvlc - dummy transitional package Closes: 399713 400720 400720 403022 403022 405425 Changes: vlc (0.8.6-svn20061012.debian-2) unstable; urgency=high . * Maintainer upload. * Acknowledge previous NMUs by Andreas Barth. Thanks. (Closes: #405425, #400720, #403022). . * debian/control: + Put back mozilla-plugin-vlc package. . * debian/rules: + Build with mediacontrol bindings, needed for the Mozilla plugin. . * 020_kfreebsd.diff: + New patch courtesy of Petr Salinger. Fix a GNU/kFreeBSD FTBFS (Closes: #399713). . * patch-configure.ac-syntax-0.8.6debian-0.8.6a.diff: + Fix "CFAGS" to "CFLAGS" in configure.ac. . * patch-documentation-0.8.6debian-0.8.6a.diff: + Documentation, translation and error messages updates. . * patch-network-protocols-fixes-0.8.6debian-0.8.6a.diff: + Various fixes for the IPv4, IPv6, SAP and HTTP protocols. . * patch-po-0.8.6debian-0.8.6a.diff: + Translation updates. . * patch-version-information-0.8.6debian-0.8.6a.diff: + Set version information to 0.8.6a, even if it's not really our real version, to make it clear that the security issues were fixed. . * patch-mozilla-plugin-0.8.6debian-0.8.6a.diff: + Proper fix for the Mozilla plugin (Closes: #400720, #403022). . * 000_bootstrap.diff: + Rebootstrap tarball because of changes to configure.ac. . * patch-badly-initialised-data-0.8.6debian-0.8.6a.diff: + Fix various badly initialised variables in the code. . * patch-i422-yuy2-crash-0.8.6debian-0.8.6a.diff: + Fix a crash in the I422-YUY2 chroma conversion. . * patch-integer-signedness-0.8.6debian-0.8.6a.diff: + Fix integer signedness issues in the variable code. . * patch-logo-filter-crash-0.8.6debian-0.8.6a.diff: + Fix a crash in the logo filter. . * patch-memory-leaks-0.8.6debian-0.8.6a.diff: + Fix various memory leaks. . * patch-missing-locks-0.8.6debian-0.8.6a.diff: + Add missing mutex locks. . * patch-mjpeg-separator-0.8.6debian-0.8.6a.diff: + Fix MJPEG format support. . * patch-playlist-crash-0.8.6debian-0.8.6a.diff: + Fix a crash in the playlist code. . * patch-private-libcaca-0.8.6debian-0.8.6a.diff: + Do not use private libcaca symbols. . * patch-remove-debug-messages-0.8.6debian-0.8.6a.diff: + Disable debug messages and spurious messages to stderr. . * patch-sanitise-javascript-0.8.6debian-0.8.6a.diff: + Fix the javascript string sanitising. . * patch-sanity-checks-0.8.6debian-0.8.6a.diff: + Various sanity checks for untrusted data. . * patch-sdl-image-priority-0.8.6debian-0.8.6a.diff: + Downgraded the sdl-image plugin priority. . * patch-utf8-0.8.6debian-0.8.6a.diff: + Fix Unicode support in GUIs and file access. Files: 85fd37f91f29fa66666a68717b6f53ec 2493 graphics optional vlc_0.8.6-svn20061012.debian-2.dsc b45f4bdd9f5e097f76c4a0d3e521caae 2407274 graphics optional vlc_0.8.6-svn20061012.debian-2.diff.gz 7bbcda972653dc033a32cf3a568ad76c 780 graphics optional vlc-plugin-alsa_0.8.6-svn20061012.debian-2_all.deb 19618046fcee3a051f95da843fef193f 772 graphics optional wxvlc_0.8.6-svn20061012.debian-2_all.deb 6c844c3857ddbde95c5518e6ff4d1822 1141302 graphics optional vlc_0.8.6-svn20061012.debian-2_i386.deb 1c6224253dd34d8ce1e3858533093436 4657900 net optional vlc-nox_0.8.6-svn20061012.debian-2_i386.deb dac1e6b9a3d18c7eb2a0f19829fbdc4d 958550 libs optional libvlc0_0.8.6-svn20061012.debian-2_i386.deb 0de5386e2b051309b519cf4918b99726 20098 libdevel optional libvlc0-dev_0.8.6-svn20061012.debian-2_i386.deb 6d1f59826586069473c53cae3910f580 4812 graphics optional vlc-plugin-esd_0.8.6-svn20061012.debian-2_i386.deb 65c54ea6f402ddd6cb857ff444a7187e 10738 graphics optional vlc-plugin-sdl_0.8.6-svn20061012.debian-2_i386.deb f63090495cd5a5139b1c197f500e2e21 5834 graphics optional vlc-plugin-ggi_0.8.6-svn20061012.debian-2_i386.deb 5cfcef8ee775cd586e960a4abd161641 4130 graphics optional vlc-plugin-glide_0.8.6-svn20061012.debian-2_i386.deb bc0cde568963798ae947f835a960b452 4098 graphics optional vlc-plugin-arts_0.8.6-svn20061012.debian-2_i386.deb d8dffea959637a031e0c792e3451cc42 36184 graphics optional mozilla-plugin-vlc_0.8.6-svn20061012.debian-2_i386.deb db14b638fc12995555cd784e510ad8ba 4526 graphics optional vlc-plugin-svgalib_0.8.6-svn20061012.debian-2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFoiJVfPP1rylJn2ERAlYpAKCXW5aVKh5V6dILlKtD8S9gWSmrHgCfaXs3 MfEdVC7bfWfVJ1bvb6AaOm4= =CuI/ -----END PGP SIGNATURE-----
Reply sent to Sam Hocevar (Debian packages) <sam+deb@zoy.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Alex de Oliveira Silva <enerv@host.sk>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #39 received at 405425-close@bugs.debian.org (full text, mbox, reply):
Source: vlc Source-Version: 0.8.6-svn20061012.debian-3 We believe that the bug you reported is fixed in the latest version of vlc, which is due to be installed in the Debian FTP archive: libvlc0-dev_0.8.6-svn20061012.debian-3_i386.deb to pool/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-3_i386.deb libvlc0_0.8.6-svn20061012.debian-3_i386.deb to pool/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-3_i386.deb mozilla-plugin-vlc_0.8.6-svn20061012.debian-3_i386.deb to pool/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-3_i386.deb vlc-nox_0.8.6-svn20061012.debian-3_i386.deb to pool/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-3_i386.deb vlc-plugin-alsa_0.8.6-svn20061012.debian-3_all.deb to pool/main/v/vlc/vlc-plugin-alsa_0.8.6-svn20061012.debian-3_all.deb vlc-plugin-arts_0.8.6-svn20061012.debian-3_i386.deb to pool/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-3_i386.deb vlc-plugin-esd_0.8.6-svn20061012.debian-3_i386.deb to pool/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-3_i386.deb vlc-plugin-ggi_0.8.6-svn20061012.debian-3_i386.deb to pool/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-3_i386.deb vlc-plugin-glide_0.8.6-svn20061012.debian-3_i386.deb to pool/main/v/vlc/vlc-plugin-glide_0.8.6-svn20061012.debian-3_i386.deb vlc-plugin-sdl_0.8.6-svn20061012.debian-3_i386.deb to pool/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-3_i386.deb vlc-plugin-svgalib_0.8.6-svn20061012.debian-3_i386.deb to pool/main/v/vlc/vlc-plugin-svgalib_0.8.6-svn20061012.debian-3_i386.deb vlc_0.8.6-svn20061012.debian-3.diff.gz to pool/main/v/vlc/vlc_0.8.6-svn20061012.debian-3.diff.gz vlc_0.8.6-svn20061012.debian-3.dsc to pool/main/v/vlc/vlc_0.8.6-svn20061012.debian-3.dsc vlc_0.8.6-svn20061012.debian-3_i386.deb to pool/main/v/vlc/vlc_0.8.6-svn20061012.debian-3_i386.deb wxvlc_0.8.6-svn20061012.debian-3_all.deb to pool/main/v/vlc/wxvlc_0.8.6-svn20061012.debian-3_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 405425@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sam Hocevar (Debian packages) <sam+deb@zoy.org> (supplier of updated vlc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 8 Jan 2007 09:43:07 +0100 Source: vlc Binary: wxvlc vlc-plugin-sdl vlc-plugin-ggi vlc-plugin-alsa vlc-plugin-glide vlc-plugin-esd mozilla-plugin-vlc vlc libvlc0 vlc-plugin-arts vlc-nox vlc-plugin-svgalib libvlc0-dev Architecture: source i386 all Version: 0.8.6-svn20061012.debian-3 Distribution: testing-proposed-updates Urgency: high Maintainer: Sam Hocevar (Debian packages) <sam+deb@zoy.org> Changed-By: Sam Hocevar (Debian packages) <sam+deb@zoy.org> Description: libvlc0 - multimedia player and streamer library libvlc0-dev - development files for VLC mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC vlc - multimedia player and streamer vlc-nox - multimedia player and streamer (without X support) vlc-plugin-alsa - dummy transitional package vlc-plugin-arts - aRts audio output plugin for VLC vlc-plugin-esd - Esound audio output plugin for VLC vlc-plugin-ggi - GGI video output plugin for VLC vlc-plugin-glide - Glide video output plugin for VLC vlc-plugin-sdl - SDL video and audio output plugin for VLC vlc-plugin-svgalib - SVGAlib video output plugin for VLC wxvlc - dummy transitional package Closes: 399713 400720 403022 405425 Changes: vlc (0.8.6-svn20061012.debian-3) testing-proposed-updates; urgency=high . * patch-version-information-0.8.6debian-0.8.6a.diff: + Set version information to 0.8.6a, even if it's not really our real version, to make it clear that the security issues were fixed. . * MOAB-02-01-2007-CVE-2007-0017.patch: + Fix CVE-2007-0017, “format string vulnerability” (Closes: #405425). . * 020_kfreebsd.diff: + New patch courtesy of Petr Salinger. Fix a GNU/kFreeBSD FTBFS (Closes: #399713). . * patch-documentation-0.8.6debian-0.8.6a.diff: + Documentation, translation and error messages updates. . * patch-po-0.8.6debian-0.8.6a.diff: + Translation updates. . * patch-mozilla-plugin-0.8.6debian-0.8.6a.diff: + Proper fix for the Mozilla plugin (Closes: #400720, #403022). * debian/rules: + Build with mediacontrol bindings, needed for the Mozilla plugin. . * patch-badly-initialised-data-0.8.6debian-0.8.6a.diff: + Fix various badly initialised variables in the code. . * patch-i422-yuy2-crash-0.8.6debian-0.8.6a.diff: + Fix a crash in the I422-YUY2 chroma conversion. . * patch-integer-signedness-0.8.6debian-0.8.6a.diff: + Fix integer signedness issues in the variable code. . * patch-logo-filter-crash-0.8.6debian-0.8.6a.diff: + Fix a crash in the logo filter. . * patch-memory-leaks-0.8.6debian-0.8.6a.diff: + Fix various memory leaks. . * patch-missing-locks-0.8.6debian-0.8.6a.diff: + Add missing mutex locks. . * patch-playlist-crash-0.8.6debian-0.8.6a.diff: + Fix a crash in the playlist code. . * patch-sanitise-javascript-0.8.6debian-0.8.6a.diff: + Fix the javascript string sanitising. . * patch-sanity-checks-0.8.6debian-0.8.6a.diff: + Various sanity checks for untrusted data. Files: d7bc8c86c91cbffc5d2c1beb5bb27855 2493 graphics optional vlc_0.8.6-svn20061012.debian-3.dsc 87f20adfd0e54e4b8260ae7e3af1e2f8 2403880 graphics optional vlc_0.8.6-svn20061012.debian-3.diff.gz 54c9885fb9ed67557db634bf42f519ed 778 graphics optional vlc-plugin-alsa_0.8.6-svn20061012.debian-3_all.deb b6f9c9b5491c7e2bbf18f45b96dbcf84 770 graphics optional wxvlc_0.8.6-svn20061012.debian-3_all.deb 2f9afee417eee1e8832b5242b8e06544 1141126 graphics optional vlc_0.8.6-svn20061012.debian-3_i386.deb 80650ce4cc7107533239dd6e32efeed3 4657576 net optional vlc-nox_0.8.6-svn20061012.debian-3_i386.deb 67681a9e308e5c57f1f1bd8b7d056c49 958228 libs optional libvlc0_0.8.6-svn20061012.debian-3_i386.deb eea1b583c240155156eee1029b3da9a5 20126 libdevel optional libvlc0-dev_0.8.6-svn20061012.debian-3_i386.deb 768509bed47e677acdaaec62c8a553df 4814 graphics optional vlc-plugin-esd_0.8.6-svn20061012.debian-3_i386.deb 2eece62f0260eb12f568ab11f9a5bbb0 10734 graphics optional vlc-plugin-sdl_0.8.6-svn20061012.debian-3_i386.deb 209ddb639267693d534eee5bacb3dd88 5834 graphics optional vlc-plugin-ggi_0.8.6-svn20061012.debian-3_i386.deb fd68aad308847d3190a2f7dbe388e003 4126 graphics optional vlc-plugin-glide_0.8.6-svn20061012.debian-3_i386.deb f512aaa8f3ae8b100ef4d27979df89b5 4098 graphics optional vlc-plugin-arts_0.8.6-svn20061012.debian-3_i386.deb c516c29db56a44ddfb36f770224d7116 36180 graphics optional mozilla-plugin-vlc_0.8.6-svn20061012.debian-3_i386.deb 735e702891ecaf6f1caf79b0c6a3b1bb 4528 graphics optional vlc-plugin-svgalib_0.8.6-svn20061012.debian-3_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFprjifPP1rylJn2ERAokyAJ0bGfyjq+ftHZDevUMurTYYnYvhiwCff5Yz ib+bM6YeU6qd+tJY7+7D6cg= =j0Pe -----END PGP SIGNATURE-----
Reply sent to Sam Hocevar (Debian packages) <sam+deb@zoy.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Alex de Oliveira Silva <enerv@host.sk>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #44 received at 405425-close@bugs.debian.org (full text, mbox, reply):
Source: vlc Source-Version: 0.8.1.svn20050314-1sarge2 We believe that the bug you reported is fixed in the latest version of vlc, which is due to be installed in the Debian FTP archive: gnome-vlc_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge2_i386.deb gvlc_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge2_i386.deb kvlc_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge2_i386.deb libvlc0-dev_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge2_i386.deb mozilla-plugin-vlc_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge2_i386.deb qvlc_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge2_i386.deb vlc-alsa_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge2_i386.deb vlc-esd_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge2_i386.deb vlc-ggi_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge2_i386.deb vlc-glide_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-glide_0.8.1.svn20050314-1sarge2_i386.deb vlc-gnome_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge2_i386.deb vlc-gtk_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge2_i386.deb vlc-plugin-alsa_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge2_i386.deb vlc-plugin-arts_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge2_i386.deb vlc-plugin-esd_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge2_i386.deb vlc-plugin-ggi_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge2_i386.deb vlc-plugin-glide_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-plugin-glide_0.8.1.svn20050314-1sarge2_i386.deb vlc-plugin-sdl_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge2_i386.deb vlc-plugin-svgalib_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-plugin-svgalib_0.8.1.svn20050314-1sarge2_i386.deb vlc-qt_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge2_i386.deb vlc-sdl_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge2_i386.deb vlc_0.8.1.svn20050314-1sarge2.diff.gz to pool/main/v/vlc/vlc_0.8.1.svn20050314-1sarge2.diff.gz vlc_0.8.1.svn20050314-1sarge2.dsc to pool/main/v/vlc/vlc_0.8.1.svn20050314-1sarge2.dsc vlc_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc_0.8.1.svn20050314-1sarge2_i386.deb wxvlc_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge2_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 405425@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sam Hocevar (Debian packages) <sam+deb@zoy.org> (supplier of updated vlc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 15 Jan 2007 13:06:55 +0100 Source: vlc Binary: vlc-esd wxvlc vlc-plugin-sdl kvlc gvlc vlc-plugin-alsa gnome-vlc vlc-qt vlc-ggi mozilla-plugin-vlc vlc vlc-gnome vlc-gtk vlc-sdl vlc-alsa vlc-plugin-svgalib vlc-glide vlc-plugin-ggi qvlc vlc-plugin-esd vlc-plugin-glide vlc-plugin-arts libvlc0-dev Architecture: source i386 Version: 0.8.1.svn20050314-1sarge2 Distribution: stable-security Urgency: high Maintainer: Sam Hocevar (Debian packages) <sam+deb@zoy.org> Changed-By: Sam Hocevar (Debian packages) <sam+deb@zoy.org> Description: gnome-vlc - GNOME frontend for VLC (dummy legacy package) gvlc - GTK+ frontend for VLC (dummy legacy package) kvlc - KDE frontend for VLC (dummy legacy package) libvlc0-dev - development files for VLC mozilla-plugin-vlc - multimedia plugin for Mozilla based on VLC qvlc - Qt frontend for VLC (dummy legacy package) vlc - multimedia player for all audio and video formats vlc-alsa - ALSA audio output plugin for VLC (dummy legacy package) vlc-esd - Esound audio output plugin for VLC (dummy legacy package) vlc-ggi - GGI video output plugin for VLC (dummy legacy package) vlc-glide - Glide video output plugin for VLC (dummy legacy package) vlc-gnome - GNOME frontend for VLC (dummy legacy package) vlc-gtk - GTK+ frontend for VLC (dummy legacy package) vlc-plugin-alsa - ALSA audio output plugin for VLC vlc-plugin-arts - aRts audio output plugin for VLC vlc-plugin-esd - Esound audio output plugin for VLC vlc-plugin-ggi - GGI video output plugin for VLC vlc-plugin-glide - Glide video output plugin for VLC vlc-plugin-sdl - SDL video and audio output plugin for VLC vlc-plugin-svgalib - SVGAlib video output plugin for VLC vlc-qt - Qt frontend for VLC (dummy legacy package) vlc-sdl - SDL video and audio output plugin for VLC (dummy legacy package) wxvlc - wxWindows frontend for VLC Closes: 358026 405425 Changes: vlc (0.8.1.svn20050314-1sarge2) stable-security; urgency=high . * modules/access/cdda/access.c modules/access/vcdx/access.c: + Fix format string vulnerabilities (CVE-2007-0017) (Closes: #405425). * debian/control: + Build-conflict against libsmbclient-dev to avoid accidentally depending on Samba libraries (Closes: #358026). Files: a8b1c32a0625845da8b035402064351b 1916 graphics optional vlc_0.8.1.svn20050314-1sarge2.dsc c1573565b4f6c5f5bc4fb0da0ef82c4e 1419 graphics optional vlc_0.8.1.svn20050314-1sarge2.diff.gz 25303969db6cc0fbd49213be430df851 5248346 graphics optional vlc_0.8.1.svn20050314-1sarge2_i386.deb d543d6e9a80452fa3dde68aed95fba05 736194 libdevel optional libvlc0-dev_0.8.1.svn20050314-1sarge2_i386.deb 631a977a858357c6f33cdd65421d930d 1264 oldlibs optional gnome-vlc_0.8.1.svn20050314-1sarge2_i386.deb 876395121224f2dde78efbe4d3a425cd 1272 oldlibs optional gvlc_0.8.1.svn20050314-1sarge2_i386.deb e74395e32b380ff0979bb93c743ecb41 4666 graphics optional vlc-plugin-esd_0.8.1.svn20050314-1sarge2_i386.deb 2bd7aba839974f5ec5b1c5eed3225898 10474 graphics optional vlc-plugin-alsa_0.8.1.svn20050314-1sarge2_i386.deb ee701ea8bac97ed56be2814487be9793 10588 graphics optional vlc-plugin-sdl_0.8.1.svn20050314-1sarge2_i386.deb 3187af8067fcb58fcf04ee5cb6cd4a35 6390 graphics optional vlc-plugin-ggi_0.8.1.svn20050314-1sarge2_i386.deb 20ac7a7d0058973532a507bba0f58b55 4668 graphics optional vlc-plugin-glide_0.8.1.svn20050314-1sarge2_i386.deb 9a5000ace56011a555a333097acdebb9 954 oldlibs optional qvlc_0.8.1.svn20050314-1sarge2_i386.deb 9305542c6f92bba8159c925e22bc0d50 4424 graphics optional vlc-plugin-arts_0.8.1.svn20050314-1sarge2_i386.deb 58fbafb3f71ccc9d9160acd4e94d25e2 582328 graphics optional mozilla-plugin-vlc_0.8.1.svn20050314-1sarge2_i386.deb 38d79330ffd560b4070685e40356262c 974 oldlibs optional kvlc_0.8.1.svn20050314-1sarge2_i386.deb 84514a7deb4f44cb93ea14ee48358e5b 4760 graphics optional vlc-plugin-svgalib_0.8.1.svn20050314-1sarge2_i386.deb 8cbfa4c613219d31e15e13ec6f4e119b 302658 graphics optional wxvlc_0.8.1.svn20050314-1sarge2_i386.deb 182b1775c69f3d754c29eca2204ddcb3 872 oldlibs optional vlc-alsa_0.8.1.svn20050314-1sarge2_i386.deb c7d04205aa4816c4ba97191d8e09e648 872 oldlibs optional vlc-esd_0.8.1.svn20050314-1sarge2_i386.deb 5cfb1f247c297fa929c7cf781af2c63b 874 oldlibs optional vlc-ggi_0.8.1.svn20050314-1sarge2_i386.deb 33fb31c2568f63d1adb9923c6f59c6bc 878 oldlibs optional vlc-glide_0.8.1.svn20050314-1sarge2_i386.deb 1df3ade097295fa2ef607d05fb542ae4 872 oldlibs optional vlc-gnome_0.8.1.svn20050314-1sarge2_i386.deb 995f69c9cae4f5b2306a077a81e27f03 864 oldlibs optional vlc-gtk_0.8.1.svn20050314-1sarge2_i386.deb 1b6298ba6ca8f1c11005a89173162f7d 860 oldlibs optional vlc-qt_0.8.1.svn20050314-1sarge2_i386.deb 30b7ceece36c56301704a431bc6138f0 878 oldlibs optional vlc-sdl_0.8.1.svn20050314-1sarge2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFFq5h4fPP1rylJn2ERAjj3AJ9ZEMfV1maJ4uX57lnuQKB2iDAosgCfaeas X26xeXL5Ppvag+sSd02200U= =zvYo -----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 24 Jun 2007 23:29:03 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.
Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.
Vulmon