Debian Bug report logs -
#500683
CVE-2008-3827: integer overflows
Reported by: Steffen Joeris <steffen.joeris@skolelinux.de>
Date: Tue, 30 Sep 2008 11:57:02 UTC
Severity: grave
Tags: patch, security
Found in version mplayer/1.0~rc2-17
Fixed in versions mplayer/1.0~rc2-17+lenny1, mplayer/1.0~rc2-18
Done: A Mennucc1 <mennucc1@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, A Mennucc1 <mennucc1@debian.org>
:
Bug#500683
; Package mplayer
.
(Tue, 30 Sep 2008 11:57:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Steffen Joeris <steffen.joeris@skolelinux.de>
:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, A Mennucc1 <mennucc1@debian.org>
.
(Tue, 30 Sep 2008 11:57:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: mplayer
Version: 1.0~rc2-17
Severity: grave
Tags: security, patch
Justification: user security hole
Hi
mplayer is vulnerable to several integer overflows.
This issue is now public and can be fixed in unstable.
Testing is already fixed and stable will follow soon.
More information can be found here[0].
Cheers
Steffen
[0]: http://www.ocert.org/advisories/ocert-2008-013.html
Bug marked as fixed in version 1.0~rc2-17+lenny1.
Request was from Steffen Joeris <steffen.joeris@skolelinux.de>
to control@bugs.debian.org
.
(Tue, 30 Sep 2008 12:09:05 GMT) (full text, mbox, link).
Reply sent
to A Mennucc1 <mennucc1@debian.org>
:
You have taken responsibility.
(Tue, 30 Sep 2008 13:03:12 GMT) (full text, mbox, link).
Notification sent
to Steffen Joeris <steffen.joeris@skolelinux.de>
:
Bug acknowledged by developer.
(Tue, 30 Sep 2008 13:03:12 GMT) (full text, mbox, link).
Message #12 received at 500683-close@bugs.debian.org (full text, mbox, reply):
Source: mplayer
Source-Version: 1.0~rc2-18
We believe that the bug you reported is fixed in the latest version of
mplayer, which is due to be installed in the Debian FTP archive:
mplayer-dbg_1.0~rc2-18_amd64.deb
to pool/main/m/mplayer/mplayer-dbg_1.0~rc2-18_amd64.deb
mplayer-doc_1.0~rc2-18_all.deb
to pool/main/m/mplayer/mplayer-doc_1.0~rc2-18_all.deb
mplayer_1.0~rc2-18.diff.gz
to pool/main/m/mplayer/mplayer_1.0~rc2-18.diff.gz
mplayer_1.0~rc2-18.dsc
to pool/main/m/mplayer/mplayer_1.0~rc2-18.dsc
mplayer_1.0~rc2-18_amd64.deb
to pool/main/m/mplayer/mplayer_1.0~rc2-18_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 500683@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
A Mennucc1 <mennucc1@debian.org> (supplier of updated mplayer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 22 Sep 2008 11:01:26 +0200
Source: mplayer
Binary: mplayer mplayer-dbg mplayer-doc
Architecture: source all amd64
Version: 1.0~rc2-18
Distribution: unstable
Urgency: high
Maintainer: A Mennucc1 <mennucc1@debian.org>
Changed-By: A Mennucc1 <mennucc1@debian.org>
Description:
mplayer - movie player for Unix-like systems
mplayer-dbg - debugging symbols for MPlayer
mplayer-doc - documentation for MPlayer
Closes: 500683
Changes:
mplayer (1.0~rc2-18) unstable; urgency=high
.
* fix oCERT-2008-013 Mplayer real demuxer heap.
Thanks to Felipe Andres Manzano, Andrea Barisani,
Steffen Joeris, Reimar Döffinger. (Closes: #500683).
* Clean lintian warnings:
build-depend on libgif-dev instead of libungif4-dev
build-depend on x11proto-core-dev instead of x-dev
depends on debconf | debconf-2.0
* Up standard to 3.8.0.0
support DEB_BUILD_OPTIONS="parallel=n"
Checksums-Sha1:
ff5ee02a053fc1e79087d4b9df3f9760cd1d394e 2075 mplayer_1.0~rc2-18.dsc
19a847ad37b44d7f4450f747c781fa660179bf0f 358155 mplayer_1.0~rc2-18.diff.gz
9ffd27ac9348fbefbb05343208f2b152d3763edc 2463124 mplayer-doc_1.0~rc2-18_all.deb
2fbf0b252c94925eae5f6dd358ea1e1a94963cdf 3199394 mplayer_1.0~rc2-18_amd64.deb
aba50e24cfcb858b52a016b5563ee56e5a10d0da 2446420 mplayer-dbg_1.0~rc2-18_amd64.deb
Checksums-Sha256:
cb1e11ba5d361c960c372670b7be9e91731eddcb2a53573777db5b5a48591d8f 2075 mplayer_1.0~rc2-18.dsc
a5fa4767432491f75f731d22978c30dae1458dc70386f106773772a008f404f4 358155 mplayer_1.0~rc2-18.diff.gz
51cf34c2c27061ebb7e2ff450adbc48d1e34ce492437ea0611d48abffd983632 2463124 mplayer-doc_1.0~rc2-18_all.deb
021c5e4856636805eff288b40fbfb002244ad913637939ad4108b06e6caddcb3 3199394 mplayer_1.0~rc2-18_amd64.deb
5f336b34735ca4a65a1d60ceb8b9cd0c218fcd34370008a1129fbbce402268bf 2446420 mplayer-dbg_1.0~rc2-18_amd64.deb
Files:
0a458e620891103069d1fee2c3d367d5 2075 graphics optional mplayer_1.0~rc2-18.dsc
56bcee4ce711adc44c2c24a82777c237 358155 graphics optional mplayer_1.0~rc2-18.diff.gz
d8fa652433aa21e390a09241bb1d629d 2463124 doc optional mplayer-doc_1.0~rc2-18_all.deb
9509c500f0cafa68af162378e8429fed 3199394 graphics optional mplayer_1.0~rc2-18_amd64.deb
f0486dd7c793f5c844acd8932fd9f484 2446420 graphics extra mplayer-dbg_1.0~rc2-18_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkjiGcgACgkQ9B/tjjP8QKReIgCfYRVLtFAwoZCUQy1Q5Gx3I2rS
dcMAoIAYGWptrGIAsVuU08Q7zOVOHGs+
=LnEs
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Fri, 07 Nov 2008 07:29:02 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:13:28 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.