Ubuntu
xine-lib package

Bug #24302
Comment #1

Comment 1 for bug 24302

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-10-20:

Message-Id: <email address hidden>
Date: Thu, 13 Oct 2005 10:52:28 +0200
From: =?utf-8?b?TWljaGFsIMSMaWhhxZk=?= <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: security problem within CDDB communication

Package: libxine1
Version: 1.0.1-1.3
Severity: grave
Tags: security patch

xine announcement [1] is four day old, it says issue has been found by
Debian Security Audit Project, so I'd expect that Debian will have it
fixed also :-).

Patch is available in xine cvs [2].

Sorry if you're already working on this issue and I interrupt you from
work, but I wanted to make sure you know about this.

1. http://xinehq.de/index.php/security/XSA-2005-1
2. http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/input_cdda.c?r1=1.77&r2=1.78&diff_format=u

--
Michal Čihař | http://cihar.com

-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/dash
Kernel: Linux 2.6.12
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages libxine1 depends on:
ii libasound2 1.0.9-3 ALSA library
ii libc6 2.3.5-6 GNU C Library: Shared libraries an
ii libfreetype6 2.1.10-1 FreeType 2 font engine, shared lib
ii libglu1-xorg [libglu1] 6.8.2.dfsg.1-8 Mesa OpenGL utility library [X.Org
ii libmodplug0c2 1:0.7-5 shared libraries for mod music bas
ii libogg0 1.1.2-1 Ogg Bitstream Library
ii libpng12-0 1.2.8rel-5 PNG library - runtime
ii libspeex1 1.1.6-2 The Speex Speech Codec
ii libtheora0 0.0.0.alpha4-1.1 The Theora Video Compression Codec
ii libvorbis0a 1.1.0-1 The Vorbis General Audio Compressi
ii libxext6 6.8.2.dfsg.1-8 X Window System miscellaneous exte
ii libxinerama1 6.8.2.dfsg.1-8 X Window System multi-head display
ii xlibmesa-gl [libgl1] 6.8.2.dfsg.1-8 Mesa 3D graphics library [X.Org]
ii xlibs 6.8.2.dfsg.1-8 X Window System client libraries m
ii zlib1g 1:1.2.3-4 compression library - runtime

Versions of packages libxine1 recommends:
ii libmng1 1.0.8-1 Multiple-image Network Graphics li
ii libxv1 6.8.2.dfsg.1-8 X Window System video extension li

-- no debconf information

Message-Id: <E1EPypA-0004Cp-Q9@cihar.com>
Date: Thu, 13 Oct 2005 10:52:28 +0200
From: =?utf-8?b?TWljaGFsIMSMaWhhxZk=?= <michal@cihar.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: security problem within CDDB communication

Package: libxine1
Version: 1.0.1-1.3
Severity: grave
Tags: security patch

xine announcement [1] is four day old, it says issue has been found by
Debian Security Audit Project, so I'd expect that Debian will have it
fixed also :-).

Patch is available in xine cvs [2].

Sorry if you're already working on this issue and I interrupt you from
work, but I wanted to make sure you know about this.

1. http://xinehq.de/index.php/security/XSA-2005-1
2. http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/input_cdda.c?r1=1.77&r2=1.78&diff_format=u

-- 
    Michal Čihař | http://cihar.com

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/dash
Kernel: Linux 2.6.12
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages libxine1 depends on:
ii  libasound2              1.0.9-3          ALSA library
ii  libc6                   2.3.5-6          GNU C Library: Shared libraries an
ii  libfreetype6            2.1.10-1         FreeType 2 font engine, shared lib
ii  libglu1-xorg [libglu1]  6.8.2.dfsg.1-8   Mesa OpenGL utility library [X.Org
ii  libmodplug0c2           1:0.7-5          shared libraries for mod music bas
ii  libogg0                 1.1.2-1          Ogg Bitstream Library
ii  libpng12-0              1.2.8rel-5       PNG library - runtime
ii  libspeex1               1.1.6-2          The Speex Speech Codec
ii  libtheora0              0.0.0.alpha4-1.1 The Theora Video Compression Codec
ii  libvorbis0a             1.1.0-1          The Vorbis General Audio Compressi
ii  libxext6                6.8.2.dfsg.1-8   X Window System miscellaneous exte
ii  libxinerama1            6.8.2.dfsg.1-8   X Window System multi-head display
ii  xlibmesa-gl [libgl1]    6.8.2.dfsg.1-8   Mesa 3D graphics library [X.Org]
ii  xlibs                   6.8.2.dfsg.1-8   X Window System client libraries m
ii  zlib1g                  1:1.2.3-4        compression library - runtime

Versions of packages libxine1 recommends:
ii  libmng1                   1.0.8-1        Multiple-image Network Graphics li
ii  libxv1                    6.8.2.dfsg.1-8 X Window System video extension li

-- no debconf information

Ubuntuxine-lib package

Comment 1 for bug 24302

Ubuntu
xine-lib package