[xine-lib] [DSA-1536-1] several vulnerabilities

Bug #210163 reported by disabled.user
260
Affects Status Importance Assigned to Milestone
xine-lib (Debian)
Fix Released
Unknown
xine-lib (Ubuntu)
Fix Released
Undecided
Unassigned
Dapper
Fix Released
High
Jamie Strandboge
Feisty
Fix Released
High
Jamie Strandboge
Gutsy
Fix Released
High
Jamie Strandboge

Bug Description

References:
DSA-1536-1 (http://www.debian.org/security/2008/dsa-1536)

Quoting:
"Several local vulnerabilities have been discovered in Xine, a
media player library, allowed for a denial of service or arbitrary code
execution, which could be exploited through viewing malicious content.
The Common Vulnerabilities and Exposures project identifies the following
problems:

CVE-2007-1246 / CVE-2007-1387

    The DMO_VideoDecoder_Open function does not set the biSize before use in a
    memcpy, which allows user-assisted remote attackers to cause a buffer overflow
    and possibly execute arbitrary code (applies to sarge only).

CVE-2008-0073

    Array index error in the sdpplin_parse function allows remote RTSP servers
    to execute arbitrary code via a large streamid SDP parameter.

CVE-2008-0486

    Array index vulnerability in libmpdemux/demux_audio.c might allow remote
    attackers to execute arbitrary code via a crafted FLAC tag, which triggers
    a buffer overflow (applies to etch only).

CVE-2008-1161

    Buffer overflow in the Matroska demuxer allows remote attackers to cause a
    denial of service (crash) and possibly execute arbitrary code via a Matroska
    file with invalid frame sizes."

CVE-2008-0486 has already been reported as Bug#195700.
CVE-2008-1161 has already been reported as Bug#203474.

Revision history for this message
Reinhard Tartler (siretart) wrote :

we have the debian package already in the ubuntu hardy archives, so fixed for hardy. earlier versions of ubuntu might be affected, though.

Changed in xine-lib:
status: New → Fix Released
Revision history for this message
disabled.user (disabled.user-deactivatedaccount) wrote :

Could this be marked as "Confirmed" for the currently stable releases? I dont't know how to do it or won't have the required permissions. I fear that with all the work concentrating on Hardy and marking bug reports as "Fix Released" only because the current development branch has been upgraded completely fails in having sane (security) bug tracking for the stable releases. Dapper's xine-lib for example is more than a year old.

Changed in xine-lib:
status: Unknown → Fix Released
Changed in xine-lib:
assignee: nobody → jdstrand
status: New → Confirmed
assignee: nobody → jdstrand
importance: Undecided → High
status: New → Confirmed
importance: Undecided → High
assignee: nobody → jdstrand
importance: Undecided → High
status: New → Confirmed
Revision history for this message
disabled.user (disabled.user-deactivatedaccount) wrote :

Any news on those security updates for xine-lib?

Changed in xine-lib:
status: Confirmed → Fix Released
status: Confirmed → Fix Released
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.