On Tue, 2005-11-22 at 23:31 +0100, J=E9r=F4me Marant wrote:
> Hi,
>=20
> I've just noticed that this security bug has not been fixed:
>=20
> #332919: CAN-2005-2967: Format string vulnerability in xine-lib's CDDB =
response parsing
>=20
> Any action taken?
This bug has been addressed for stable in DSA-863, it's only etch/sid
which have to be fixed. The package has two maintainers, but I can't
trace recent activity for any of them.
I've prepared updated packages for xine-lib, which fix this security
issue and the FTBFS-bug. They thus fix 2 RC bugs (or 3 if you count
merged separately). The diff is attached, the updated packages can be
found here: http://www.a-eskwadraat.nl/~kink/xine-lib/
Since I can't upload them myself, maybe someone else can review and
upload?
Message-Id: <email address hidden> 8859-1? Q?J=E9r= F4me?= Marant <email address hidden>
Date: Wed, 23 Nov 2005 10:33:33 +0100
From: Thijs Kinkhorst <email address hidden>
To: <email address hidden>, <email address hidden>, <email address hidden>,
=?ISO-
Cc: <email address hidden>, <email address hidden>, <email address hidden>
Subject: Re: #332919 Still not fixed
--=-4kijn+ 3twrPUuoRosIth "=-QaeWL16TumS5 KjBRZHzH"
Content-Type: multipart/mixed; boundary=
--=-QaeWL16TumS 5KjBRZHzH Transfer- Encoding: quoted-printable
Content-Type: text/plain; charset=ISO-8859-1
Content-
On Tue, 2005-11-22 at 23:31 +0100, J=E9r=F4me Marant wrote:
> Hi,
>=20
> I've just noticed that this security bug has not been fixed:
>=20
> #332919: CAN-2005-2967: Format string vulnerability in xine-lib's CDDB =
response parsing
>=20
> Any action taken?
This bug has been addressed for stable in DSA-863, it's only etch/sid
which have to be fixed. The package has two maintainers, but I can't
trace recent activity for any of them.
I've prepared updated packages for xine-lib, which fix this security www.a-eskwadraa t.nl/~kink/ xine-lib/
issue and the FTBFS-bug. They thus fix 2 RC bugs (or 3 if you count
merged separately). The diff is attached, the updated packages can be
found here: http://
Since I can't upload them myself, maybe someone else can review and
upload?
regards,
Thijs
--=-QaeWL16TumS 5KjBRZHzH Disposition: attachment; filename= xine-lib_ CVE-2005- 2967.diff lib_CVE- 2005-2967. diff; charset= ANSI_X3. 4-1968 Transfer- Encoding: base64
Content-
Content-Type: text/x-patch; name=xine-
Content-
ZGlmZiAtdSB4aW5 lLWxpYi0xLjAuMS 9kZWJpYW4vcnVsZ XMgeGluZS1saWIt MS4wLjEvZGViaWF u geGluZS1saWItMS 4wLjEvZGViaWFuL 3J1bGVzDQorKysg eGluZS1saWItMS4 w 1bGVzDQpAQCAtOT csOCArOTcsMTAgQ EANCiAJZGhfaW5z dGFsbCAtLWF1dG9 k uc3RhbGxkb2NzDQ ogCSN1Z2x5IGhhY 2ssIGRvY3VtZW50 YXRpb24gc2hvdWx k gYmVlbiBpbiAvdS 9zL2QveGluZS8uL i4NCi0JbXYgZGVi aWFuL3RtcC91c3I v pbmUve2ZhcSxSRU FETUUqfSBcDQotI CAgICAgICAgICBk ZWJpYW4vbGlieGl u lL2RvYy9saWJ4aW 5lMQ0KKwltdiBkZ WJpYW4vdG1wL3Vz ci9zaGFyZS9kb2M v KKwkJZGViaWFuL2 xpYnhpbmUxL3Vzc i9zaGFyZS9kb2Mv bGlieGluZTENCis J tcC91c3Ivc2hhcm UvZG9jL3hpbmUvU kVBRE1FKiBcDQor CQlkZWJpYW4vbGl i oYXJlL2RvYy9saW J4aW5lMQ0KIAlka F9pbnN0YWxsY2hh bmdlbG9ncyAtayB D JZGhfbGluaw0KIA lkaF9zdHJpcA0KZ GlmZiAtdSB4aW5l LWxpYi0xLjAuMS9 k lbG9nIHhpbmUtbG liLTEuMC4xL2RlY mlhbi9jaGFuZ2Vs b2cNCi0tLSB4aW5 l kZWJpYW4vY2hhbm dlbG9nDQorKysge GluZS1saWItMS4w LjEvZGViaWFuL2N o gLTEsMyArMSwxMi BAQA0KK3hpbmUtb GliICgxLjAuMS0x LjQpIHVuc3RhYmx l pZ2gNCisNCisgIC ogTm9uLW1haW50Y WluZXIgdXBsb2Fk IGZvciBSQy0oc2V j uDQorICAqIEFwcG x5IHBhdGNoIGZyb 20gVWxmIEhhcm5o YW1tYXIgZml4aW5 n 0cmluZyB2dWxuZX JhYmlsaXR5DQorI CAgIGluIENEREIg cmVzcG9uc2UgcGF y wMDUtMjk2NywgQ2 xvc2VzOiAjMzMyO TE5LCAjMzMzNjgy KS4NCisgICogRml 4 gZGViaWFuL3J1bG VzIGNhdXNpbmcgY SBGVEJGUyAoQ2xv c2VzOiAjMzM3OTk 2 gVGhpanMgS2lua2 hvcnN0IDxraW5rQ HNxdWlycmVsbWFp bC5vcmc+ ICBXZWQs 1IDA5OjQyOjM5IC swMTAwDQorDQoge GluZS1saWIgKDEu MC4xLTEuMykgdW5 z uY3k9bG93DQogDQ ogICAqIE5vbi1tY WludGFpbmVyIHVw bG9hZC4NCm9ubHk g KdW5jaGFuZ2VkOg 0KLS0tIHhpbmUtb GliLTEuMC4xLm9y aWcvc3JjL2lucHV 0 uYw0KKysrIHhpbm UtbGliLTEuMC4xL 3NyYy9pbnB1dC9p bnB1dF9jZGRhLmM N gKzE0NzMsNyBAQA 0KICAgICByZXR1c m47DQogICB9DQog ICBlbHNlIHsNCi0 g mZCwgZmlsZWNvbn RlbnQpOw0KKyAgI CBmcHJpbnRmKGZk LCAiJXMiLCBmaWx l gICAgIGZjbG9zZS hmZCk7DQogICB9D QogICANCg= =
L3J1bGVzDQotLS0
LjEvZGViaWFuL3J
ZXN0DQogCWRoX2l
IG5ldmVyIGhhdmU
c2hhcmUvZG9jL3h
ZTEvdXNyL3NoYXJ
eGluZS9mYXEgXA0
bXYgZGViaWFuL3R
eGluZTEvdXNyL3N
aGFuZ2VMb2cNCiA
ZWJpYW4vY2hhbmd
LWxpYi0xLjAuMS9
YW5nZWxvZw0KQEA
OyB1cmdlbmN5PWh
dXJpdHktKWJ1Z3M
IGEgZm9ybWF0IHN
c2luZyAoQ1ZFLTI
IGJhc2hpc20gaW4
KS4NCisNCisgLS0
IDIzIE5vdiAyMDA
dGFibGU7IHVyZ2V
aW4gcGF0Y2gyOg0
L2lucHV0X2NkZGE
CkBAIC0xNDczLDc
ICAgZnByaW50Zih
Y29udGVudCk7DQo
--=-QaeWL16TumS 5KjBRZHzH- -
--=-4kijn+ 3twrPUuoRosIth pgp-signature; name=signature.asc Description: This is a digitally signed message part
Content-Type: application/
Content-
-----BEGIN PGP SIGNATURE-----
MxZV9WM8RAnAcAJ 4oCbWgB+ j4QBMjFcD3ETvix ofKgQCfW52y fBtL0kag=
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQBDhDdtJdK
24vOo1iAeCCbKMn
=Wp97
-----END PGP SIGNATURE-----
--=-4kijn+ 3twrPUuoRosIth- -