Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2008-3827: integer overflows

Related Vulnerabilities: CVE-2008-3827  

Source

Debian Bug report logs - #500683
CVE-2008-3827: integer overflows

version graph

Package: mplayer; Maintainer for mplayer is Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>; Source for mplayer is src:mplayer (PTS, buildd, popcon).

Reported by: Steffen Joeris <steffen.joeris@skolelinux.de>

Date: Tue, 30 Sep 2008 11:57:02 UTC

Severity: grave

Tags: patch, security

Found in version mplayer/1.0~rc2-17

Fixed in versions mplayer/1.0~rc2-17+lenny1, mplayer/1.0~rc2-18

Done: A Mennucc1 <mennucc1@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, A Mennucc1 <mennucc1@debian.org>:
Bug#500683; Package mplayer. (Tue, 30 Sep 2008 11:57:04 GMT) (full text, mbox, link).

Acknowledgement sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, A Mennucc1 <mennucc1@debian.org>. (Tue, 30 Sep 2008 11:57:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Steffen Joeris <steffen.joeris@skolelinux.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2008-3827: integer overflows
Date: Tue, 30 Sep 2008 21:51:51 +1000
Package: mplayer
Version: 1.0~rc2-17
Severity: grave
Tags: security, patch
Justification: user security hole

Hi

mplayer is vulnerable to several integer overflows.
This issue is now public and can be fixed in unstable.
Testing is already fixed and stable will follow soon.
More information can be found here[0].

Cheers
Steffen

[0]: http://www.ocert.org/advisories/ocert-2008-013.html

Bug marked as fixed in version 1.0~rc2-17+lenny1. Request was from Steffen Joeris <steffen.joeris@skolelinux.de> to control@bugs.debian.org. (Tue, 30 Sep 2008 12:09:05 GMT) (full text, mbox, link).

Reply sent to A Mennucc1 <mennucc1@debian.org>:
You have taken responsibility. (Tue, 30 Sep 2008 13:03:12 GMT) (full text, mbox, link).

Notification sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
Bug acknowledged by developer. (Tue, 30 Sep 2008 13:03:12 GMT) (full text, mbox, link).

Message #12 received at 500683-close@bugs.debian.org (full text, mbox, reply):

From: A Mennucc1 <mennucc1@debian.org>
To: 500683-close@bugs.debian.org
Subject: Bug#500683: fixed in mplayer 1.0~rc2-18
Date: Tue, 30 Sep 2008 12:32:15 +0000
Source: mplayer
Source-Version: 1.0~rc2-18

We believe that the bug you reported is fixed in the latest version of
mplayer, which is due to be installed in the Debian FTP archive:

mplayer-dbg_1.0~rc2-18_amd64.deb
  to pool/main/m/mplayer/mplayer-dbg_1.0~rc2-18_amd64.deb
mplayer-doc_1.0~rc2-18_all.deb
  to pool/main/m/mplayer/mplayer-doc_1.0~rc2-18_all.deb
mplayer_1.0~rc2-18.diff.gz
  to pool/main/m/mplayer/mplayer_1.0~rc2-18.diff.gz
mplayer_1.0~rc2-18.dsc
  to pool/main/m/mplayer/mplayer_1.0~rc2-18.dsc
mplayer_1.0~rc2-18_amd64.deb
  to pool/main/m/mplayer/mplayer_1.0~rc2-18_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 500683@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
A Mennucc1 <mennucc1@debian.org> (supplier of updated mplayer package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 22 Sep 2008 11:01:26 +0200
Source: mplayer
Binary: mplayer mplayer-dbg mplayer-doc
Architecture: source all amd64
Version: 1.0~rc2-18
Distribution: unstable
Urgency: high
Maintainer: A Mennucc1 <mennucc1@debian.org>
Changed-By: A Mennucc1 <mennucc1@debian.org>
Description: 
 mplayer    - movie player for Unix-like systems
 mplayer-dbg - debugging symbols for MPlayer
 mplayer-doc - documentation for MPlayer
Closes: 500683
Changes: 
 mplayer (1.0~rc2-18) unstable; urgency=high
 .
   * fix oCERT-2008-013 Mplayer real demuxer heap.
     Thanks to Felipe Andres Manzano, Andrea Barisani,
      Steffen Joeris, Reimar Döffinger. (Closes: #500683).
   * Clean lintian warnings:
      build-depend on libgif-dev instead of libungif4-dev
      build-depend on x11proto-core-dev instead of x-dev
      depends on  debconf | debconf-2.0
   * Up standard to 3.8.0.0
      support DEB_BUILD_OPTIONS="parallel=n"
Checksums-Sha1: 
 ff5ee02a053fc1e79087d4b9df3f9760cd1d394e 2075 mplayer_1.0~rc2-18.dsc
 19a847ad37b44d7f4450f747c781fa660179bf0f 358155 mplayer_1.0~rc2-18.diff.gz
 9ffd27ac9348fbefbb05343208f2b152d3763edc 2463124 mplayer-doc_1.0~rc2-18_all.deb
 2fbf0b252c94925eae5f6dd358ea1e1a94963cdf 3199394 mplayer_1.0~rc2-18_amd64.deb
 aba50e24cfcb858b52a016b5563ee56e5a10d0da 2446420 mplayer-dbg_1.0~rc2-18_amd64.deb
Checksums-Sha256: 
 cb1e11ba5d361c960c372670b7be9e91731eddcb2a53573777db5b5a48591d8f 2075 mplayer_1.0~rc2-18.dsc
 a5fa4767432491f75f731d22978c30dae1458dc70386f106773772a008f404f4 358155 mplayer_1.0~rc2-18.diff.gz
 51cf34c2c27061ebb7e2ff450adbc48d1e34ce492437ea0611d48abffd983632 2463124 mplayer-doc_1.0~rc2-18_all.deb
 021c5e4856636805eff288b40fbfb002244ad913637939ad4108b06e6caddcb3 3199394 mplayer_1.0~rc2-18_amd64.deb
 5f336b34735ca4a65a1d60ceb8b9cd0c218fcd34370008a1129fbbce402268bf 2446420 mplayer-dbg_1.0~rc2-18_amd64.deb
Files: 
 0a458e620891103069d1fee2c3d367d5 2075 graphics optional mplayer_1.0~rc2-18.dsc
 56bcee4ce711adc44c2c24a82777c237 358155 graphics optional mplayer_1.0~rc2-18.diff.gz
 d8fa652433aa21e390a09241bb1d629d 2463124 doc optional mplayer-doc_1.0~rc2-18_all.deb
 9509c500f0cafa68af162378e8429fed 3199394 graphics optional mplayer_1.0~rc2-18_amd64.deb
 f0486dd7c793f5c844acd8932fd9f484 2446420 graphics extra mplayer-dbg_1.0~rc2-18_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkjiGcgACgkQ9B/tjjP8QKReIgCfYRVLtFAwoZCUQy1Q5Gx3I2rS
dcMAoIAYGWptrGIAsVuU08Q7zOVOHGs+
=LnEs
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 07 Nov 2008 07:29:02 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:13:28 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started