Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2013-4388

Source

Debian Bug report logs - #726528
vlc: CVE-2013-4388

Package: vlc; Maintainer for vlc is Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>; Source for vlc is src:vlc (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Wed, 16 Oct 2013 13:18:01 UTC

Severity: grave

Tags: patch, security

Fixed in version vlc/2.1.0-1

Done: Edward Wang <edward.c.wang@compdigitec.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>:
Bug#726528; Package vlc. (Wed, 16 Oct 2013 13:18:05 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>. (Wed, 16 Oct 2013 13:18:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: vlc
Severity: grave
Tags: security patch
Justification: user security hole

This was assigned CVE-2013-4388:
http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e

Cheers,
        Moritz

Added tag(s) pending. Request was from Anibal Monsalve Salazar <anibal@debian.org> to control@bugs.debian.org. (Sat, 19 Oct 2013 19:06:22 GMT) (full text, mbox, link).

Reply sent to Edward Wang <edward.c.wang@compdigitec.com>:
You have taken responsibility. (Sun, 27 Oct 2013 06:05:46 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Sun, 27 Oct 2013 06:05:46 GMT) (full text, mbox, link).

Message #12 received at 726528-close@bugs.debian.org (full text, mbox, reply):

Source: vlc
Source-Version: 2.1.0-1

We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 726528@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Edward Wang <edward.c.wang@compdigitec.com> (supplier of updated vlc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 06 Oct 2013 11:12:25 -0400
Source: vlc
Binary: libvlc-dev libvlc5 libvlccore-dev libvlccore7 vlc vlc-data vlc-dbg vlc-nox vlc-plugin-fluidsynth vlc-plugin-jack vlc-plugin-notify vlc-plugin-pulse vlc-plugin-sdl vlc-plugin-svg vlc-plugin-zvbi
Architecture: source amd64 all
Version: 2.1.0-1
Distribution: unstable
Urgency: high
Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Edward Wang <edward.c.wang@compdigitec.com>
Description: 
 libvlc-dev - development files for libvlc
 libvlc5    - multimedia player and streamer library
 libvlccore-dev - development files for libvlccore
 libvlccore7 - base library for VLC and its modules
 vlc        - multimedia player and streamer
 vlc-data   - Common data for VLC
 vlc-dbg    - debugging symbols for vlc
 vlc-nox    - multimedia player and streamer (without X support)
 vlc-plugin-fluidsynth - FluidSynth plugin for VLC
 vlc-plugin-jack - Jack audio plugins for VLC
 vlc-plugin-notify - LibNotify plugin for VLC
 vlc-plugin-pulse - PulseAudio plugin for VLC
 vlc-plugin-sdl - SDL video and audio output plugin for VLC
 vlc-plugin-svg - SVG plugin for VLC
 vlc-plugin-zvbi - VBI teletext plugin for VLC
Closes: 398167 436339 593735 632965 642187 646200 654955 665732 679654 698023 700752 704941 708953 712935 724734 726528
Changes: 
 vlc (2.1.0-1) unstable; urgency=high
 .
   * New major upstream release. (Closes: #436339, #632965, #642187,
     #698023, #593735, #724734, #665732, #700752, #704941, #708953,
     #712935, #398167, #646200, #679654, #654955, LP: #982953, #301193,
     #986785, #1038303, #1109026, #530797, #667584, #938621, #671031,
     #1080847, #1157384, #1173943)
   * Security: Fix buffer overflow in the mp4a packetizer CVE-2013-4388
     (Closes: #726528)
   * Drop configure-m4-undefine.patch. (code in question doesn't exist)
   * Drop dvbpsi.patch. (no longer needed)
   * Drop v4l-kfreebsd.patch. (no longer needed)
   * pnap-grammar.patch: Fix spelling/grammar in 2.1's PNAP dialog.
   * Remove static dependency on libproxy and add runtime dependency for
     libproxy as per upstream changes.
   * Use -mtune instead of --with-tuning, as it was removed.
   * SONAME bump for libvlccore5 to libvlccore7.
   * Update symbols for libvlc5 and libvlccore7.
   * Update file lists to account for new/renamed/removed modules.
   * Add missing Breaks and Replaces for libavcodec_plugin.so move.
   * Disable the static library.
   * Bump to lua5.2.
   * Update debian/copyright to include LGPL where relevant, in response
     to the VLC 2.1 relicensing.
Checksums-Sha1: 
 070a126ff300d73a79d39e397ebf5e40a0f68d66 4233 vlc_2.1.0-1.dsc
 f6bdf3971f764a9a192f44e4b6363ac482919dc2 19571224 vlc_2.1.0.orig.tar.xz
 738a1d59cca73ecfb91c6c61a95f35034724acf8 64093 vlc_2.1.0-1.debian.tar.gz
 dc51745a47478fed91838af2e7f6a5b2851e16ed 25304 libvlc-dev_2.1.0-1_amd64.deb
 93eb200abd7682200f7fc1d2f30feb0d08eb3a8a 40020 libvlc5_2.1.0-1_amd64.deb
 6a4a37100d01bc60c6aad9d7dfe637306c5138e0 113886 libvlccore-dev_2.1.0-1_amd64.deb
 d9bb1ee18f2cb71b0a41737189de4a34d9258f31 343094 libvlccore7_2.1.0-1_amd64.deb
 12f5b9ee8080a8a37add9a8df4e96ffa3ca9bed9 1209822 vlc_2.1.0-1_amd64.deb
 ffd62950496fc651fd5ca30cb6cf58e9998ba3ce 5064096 vlc-data_2.1.0-1_all.deb
 c8925502edf4f9c9b5b0797f11edc93b96d07649 14315844 vlc-dbg_2.1.0-1_amd64.deb
 cfdc9aecbe03a37dbfa50ccd8ed0a194ae50fc41 2253328 vlc-nox_2.1.0-1_amd64.deb
 82d7327c042c7b8eb07b54e895f76272f8fbd20f 5410 vlc-plugin-fluidsynth_2.1.0-1_amd64.deb
 d6db6dfefa111b754b6f94a03a4c766960a2fdb0 10602 vlc-plugin-jack_2.1.0-1_amd64.deb
 5ae6f409e1b3e370651f79ce47fba81e481ad929 5294 vlc-plugin-notify_2.1.0-1_amd64.deb
 22ae15c32cf7fca0c2a280fc6af0fafb81ab2076 16724 vlc-plugin-pulse_2.1.0-1_amd64.deb
 cd0653a8af2a0f8b697cc43f636499ff901f94ad 7892 vlc-plugin-sdl_2.1.0-1_amd64.deb
 deab43f61a40f5c5e41b7cb9fc3503cea425830c 5982 vlc-plugin-svg_2.1.0-1_amd64.deb
 eb4bbab6d563ee02d93c09cb304b8172dccd228b 8348 vlc-plugin-zvbi_2.1.0-1_amd64.deb
Checksums-Sha256: 
 6b02e24a930f00fc3bf7fd4eb6a539514b4ec5d170c2d355e7d67eabcf55a527 4233 vlc_2.1.0-1.dsc
 d2177daa31786acf1e961b2f63429797a8c62c090e5359bcc7929a1ba5fe41f7 19571224 vlc_2.1.0.orig.tar.xz
 a9eab1d00472bb87d2ab99f323fc7a43b68a47a9df36556232911f68a15cc38a 64093 vlc_2.1.0-1.debian.tar.gz
 10c8fbf3f8f336394e6b63d733fd435ca70550865b0c00d6f4411efc6d0181fb 25304 libvlc-dev_2.1.0-1_amd64.deb
 e0f8d0e6f440369508da11bd987308b41dac1e1e207e5f777a3f7828d75eba52 40020 libvlc5_2.1.0-1_amd64.deb
 022f757f4cc4b6bf19b6ec8f8dc7d900cd29087cc6d0a1fde49d303090096519 113886 libvlccore-dev_2.1.0-1_amd64.deb
 f4315582b55c0cea38dcfb3fb8124293ede52b227585346f14f329f459896e38 343094 libvlccore7_2.1.0-1_amd64.deb
 3b1220a2872d72998266f5617173c58b5a4e770132abd5ba60f03614472b5264 1209822 vlc_2.1.0-1_amd64.deb
 c0a0dc8008fa75a43c1d49431b1c39dac3aa5bf35614a85353006bafcaf5f26e 5064096 vlc-data_2.1.0-1_all.deb
 5b95cd293298c3d6a755060008098bc6fa9009ba1fe360244526fa5eaf0e9a8c 14315844 vlc-dbg_2.1.0-1_amd64.deb
 92f2c2882f69a713d0a9066c261971fec62bc18a273eeb877b490287f362fd92 2253328 vlc-nox_2.1.0-1_amd64.deb
 eac36aa569f628b3bb1ad38096a42f9583f7b2782dcee201f2aada3e744e1a60 5410 vlc-plugin-fluidsynth_2.1.0-1_amd64.deb
 418476aaf08348d1a24dce2ed997bfd2a2bcf3ce5e2f18ca084af35498041532 10602 vlc-plugin-jack_2.1.0-1_amd64.deb
 1426052ccbac864ad144086de7f93557cec2a2879bbf5e2893e85b62ffc5d5d2 5294 vlc-plugin-notify_2.1.0-1_amd64.deb
 30250d187cfad8393b5f19bc149b0cb4a3ef3ff123e3c0ef1fbfe8d511129d0c 16724 vlc-plugin-pulse_2.1.0-1_amd64.deb
 26c895bdd3c6bbd715e84c87fa86394eb58e2652955b5eaf0bd98b7dbfd4812c 7892 vlc-plugin-sdl_2.1.0-1_amd64.deb
 621a24c9a8ea355c4984033ac4bedfb09660f680aa08b6d4588fdc4673619199 5982 vlc-plugin-svg_2.1.0-1_amd64.deb
 f8f476341ee750f50b9a96c3b0218f1ce88df87915feeb5efb82f557c2a102f5 8348 vlc-plugin-zvbi_2.1.0-1_amd64.deb
Files: 
 dedf98d98a3c3ee2cecae49bf5903650 4233 video optional vlc_2.1.0-1.dsc
 8c77bda671821f5b9ede96b6816e2ade 19571224 video optional vlc_2.1.0.orig.tar.xz
 53ceee3f7eab694f68c78d52c7826e0f 64093 video optional vlc_2.1.0-1.debian.tar.gz
 679d26ba618bed7c2371a17cfcbf5b09 25304 libdevel optional libvlc-dev_2.1.0-1_amd64.deb
 ad33f979d2af05b703767446fa441c42 40020 libs optional libvlc5_2.1.0-1_amd64.deb
 05ab3d6110ced156bef5c12921182a1e 113886 libdevel optional libvlccore-dev_2.1.0-1_amd64.deb
 467445ea6bced6b9b375a07a3ccfefd6 343094 libs optional libvlccore7_2.1.0-1_amd64.deb
 dbd46a191e6412312e8495ec9ade7d6c 1209822 video optional vlc_2.1.0-1_amd64.deb
 9dfb73000159dbaeaea2391abdc0403a 5064096 video optional vlc-data_2.1.0-1_all.deb
 fbeff316204d6d07b732e859a4a5afa6 14315844 debug extra vlc-dbg_2.1.0-1_amd64.deb
 1aa417e5963affc257208c590f4dea68 2253328 video optional vlc-nox_2.1.0-1_amd64.deb
 212f6a594c10c21cbeee852cefaf4078 5410 video optional vlc-plugin-fluidsynth_2.1.0-1_amd64.deb
 64894d2b8e7937a2c1e4cd59a033829f 10602 video optional vlc-plugin-jack_2.1.0-1_amd64.deb
 0ce276fa08ea4a2414634958cabe37bb 5294 video optional vlc-plugin-notify_2.1.0-1_amd64.deb
 b52de96ba91ec1f897ba2a337e35ac75 16724 video optional vlc-plugin-pulse_2.1.0-1_amd64.deb
 fb5ddecb58d0c90a27bbd1035e7fec4e 7892 video optional vlc-plugin-sdl_2.1.0-1_amd64.deb
 fb9e6eb8b44524d0984ae785e5bf9842 5982 video optional vlc-plugin-svg_2.1.0-1_amd64.deb
 e522ea0f9532f8d14660f24d58976134 8348 video optional vlc-plugin-zvbi_2.1.0-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Debian Powered!

iEYEARECAAYFAlJh6SoACgkQmAg1RJRTSKSDkgCfaPRqzgPageoOEPpZg42l5TSn
Oz4An2H6MwUul/HHmh4BWI7oN8/4BA7Y
=yAhG
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 25 Nov 2013 07:30:39 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 19:13:21 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

vlc: CVE-2013-4388

Debian Bug report logs - #726528
vlc: CVE-2013-4388

Vulmon Search

About

Products

Connect

vlc: CVE-2013-4388

Debian Bug report logs - #726528 vlc: CVE-2013-4388

Vulmon Search

About

Products

Connect

Debian Bug report logs - #726528
vlc: CVE-2013-4388