Comment 2 for bug 23555

Message-Id: <email address hidden>
Date: Sun, 09 Oct 2005 15:58:36 +0200
From: Moritz Muehlenhoff <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: CAN-2005-2967: Format string vulnerability in xine-lib's CDDB response
 parsing

Package: xine-lib
Severity: grave
Tags: security
Justification: user security hole

A format string vulnerability in xine-lib's CDDB response parsing has been found.
Exploitation is quite unlikely, as it would require a rogue CDDB server, but it
should be fixed nevertheless, as the fix is trivial. Please see
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0196.html for
details and a patch.

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-rc1
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)