security problem within CDDB communication
Bug #24302 reported by
Debian Bug Importer
This bug report is a duplicate of:
Bug #23555: CAN-2005-2967: Format string vulnerability in xine-lib's CDDB response parsing.
Edit
Remove
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
xine-lib (Debian) |
Fix Released
|
Unknown
|
|||
xine-lib (Ubuntu) |
Invalid
|
High
|
Unassigned |
Bug Description
Automatically imported from Debian bug report #333682 http://
CVE References
To post a comment you must log in.
Message-Id: <email address hidden> b?TWljaGFsIMSMa WhhxZk= ?= <email address hidden>
Date: Thu, 13 Oct 2005 10:52:28 +0200
From: =?utf-8?
To: Debian Bug Tracking System <email address hidden>
Subject: security problem within CDDB communication
Package: libxine1
Version: 1.0.1-1.3
Severity: grave
Tags: security patch
Hi
xine announcement [1] is four day old, it says issue has been found by
Debian Security Audit Project, so I'd expect that Debian will have it
fixed also :-).
Patch is available in xine cvs [2].
Sorry if you're already working on this issue and I interrupt you from
work, but I wanted to make sure you know about this.
1. http:// xinehq. de/index. php/security/ XSA-2005- 1 cvs.sourceforge .net/viewcvs. py/xine/ xine-lib/ src/input/ input_cdda. c?r1=1. 77&r2=1. 78&diff_ format= u
2. http://
-- cihar.com
Michal Čihař | http://
-- System Information: en_US.UTF- 8 (charmap=UTF-8)
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/dash
Kernel: Linux 2.6.12
Locale: LANG=en_US.UTF-8, LC_CTYPE=
Versions of packages libxine1 depends on:
ii libasound2 1.0.9-3 ALSA library
ii libc6 2.3.5-6 GNU C Library: Shared libraries an
ii libfreetype6 2.1.10-1 FreeType 2 font engine, shared lib
ii libglu1-xorg [libglu1] 6.8.2.dfsg.1-8 Mesa OpenGL utility library [X.Org
ii libmodplug0c2 1:0.7-5 shared libraries for mod music bas
ii libogg0 1.1.2-1 Ogg Bitstream Library
ii libpng12-0 1.2.8rel-5 PNG library - runtime
ii libspeex1 1.1.6-2 The Speex Speech Codec
ii libtheora0 0.0.0.alpha4-1.1 The Theora Video Compression Codec
ii libvorbis0a 1.1.0-1 The Vorbis General Audio Compressi
ii libxext6 6.8.2.dfsg.1-8 X Window System miscellaneous exte
ii libxinerama1 6.8.2.dfsg.1-8 X Window System multi-head display
ii xlibmesa-gl [libgl1] 6.8.2.dfsg.1-8 Mesa 3D graphics library [X.Org]
ii xlibs 6.8.2.dfsg.1-8 X Window System client libraries m
ii zlib1g 1:1.2.3-4 compression library - runtime
Versions of packages libxine1 recommends:
ii libmng1 1.0.8-1 Multiple-image Network Graphics li
ii libxv1 6.8.2.dfsg.1-8 X Window System video extension li
-- no debconf information