First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 234777
Alias:
Product:
Component:
Status: ASSIGNED
Resolution:
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Hanno Boeck <hanno@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
xine-lib-vis.patch fix for use=-vis on sparc patch Friedrich Oslage 2008-08-15 19:34 0000 1.35 KB Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 234777 depends on: 234926 Show dependency tree
Show dependency graph
Bug 234777 blocks:

Additional Comments: (this is where you put emerge --info)








View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-08-14 23:56 0000 
From xine webpage:

A new xine-lib version is now available. This release contains some security
fixes, notably a DoS via corrupted Ogg files (CVE-2008-3231), some related
fixes, and fixes for a few possible buffer overflows.
The other changes include recognition of AMR audio and Snow video.

------- Comment #1 From Alexis Ballier 2008-08-15 06:52:27 0000 ------- 
bumped

------- Comment #2 From Robert Buchholz 2008-08-15 08:18:03 0000 ------- 
Arches, please test and mark stable:
=media-libs/xine-lib-1.1.15
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"

------- Comment #3 From Robert Buchholz 2008-08-15 10:48:20 0000 ------- 
CVE-2008-3231 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3231):
  xine allows user-assisted attackers to cause a denial of service (application
  crash) via a crafted OGG file, as demonstrated by lol-ffplay.ogg.

------- Comment #4 From Raúl Porcel 2008-08-15 14:52:52 0000 ------- 
ia64/x86 stable

------- Comment #5 From Jeroen Roovers 2008-08-15 16:02:17 0000 ------- 
Stable for HPPA.

------- Comment #6 From Markus Meier 2008-08-15 19:06:02 0000 ------- 
amd64 stable

------- Comment #7 From Friedrich Oslage 2008-08-15 19:34:03 0000 ------- 
Created an attachment (id=162994) [edit]
fix for use=-vis on sparc

On sparc it failes to compiled with USE="-vis":
/tmp/portage/media-libs/xine-lib-1.1.15/work/xine-lib-1.1.15/src/libmpeg2/motion_comp.c:76:
undefined reference to `mpeg2_mc_vis'

because src/libmpeg2/motion_comp_vis.c has
#if defined(ARCH_SPARC) && defined(ENABLE_VIS)
and src/libmpeg2/motion_comp.c has
#ifdef ARCH_SPARC

can you apply this patch to fix it, please?

------- Comment #8 From Tobias Klausmann 2008-08-15 20:20:34 0000 ------- 
Stable on alpha.

------- Comment #9 From Markus Rothe 2008-08-16 07:46:37 0000 ------- 
ppc64 stable

------- Comment #10 From Alexis Ballier 2008-08-16 11:38:10 0000 ------- 
(In reply to comment #7)

> can you apply this patch to fix it, please?


Applied thanks (you could aswell have done it yourself as that's sparc specific
code)

Please don't forget to send it upstream so that it's fixed for good.

------- Comment #11 From Friedrich Oslage 2008-08-16 12:14:24 0000 ------- 
Thanks, sparc stable

(In reply to comment #10)
> Please don't forget to send it upstream so that it's fixed for good.

done

------- Comment #12 From Tobias Scherbaum 2008-08-19 21:09:17 0000 ------- 
ppc stable

------- Comment #13 From Robert Buchholz 2008-08-19 22:34:53 0000 ------- 
request filed

------- Comment #14 From Robert Buchholz 2008-08-27 15:02:05 0000 ------- 
1.1.15 has caused a regression with KDE players, see blocked bug.

Arches, please test and mark stable:
=media-libs/xine-lib-1.1.15-r1
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"

------- Comment #15 From Jeroen Roovers 2008-08-28 03:57:04 0000 ------- 
Stable for HPPA.

------- Comment #16 From Friedrich Oslage 2008-08-28 17:08:27 0000 ------- 
sparc stable

------- Comment #17 From Markus Rothe 2008-08-29 07:18:13 0000 ------- 
ppc64 stable

------- Comment #18 From Raúl Porcel 2008-08-29 15:15:44 0000 ------- 
ia64/x86 stable

------- Comment #19 From Dawid Węgliński 2008-08-29 15:46:09 0000 ------- 
amd64 stable as well

------- Comment #20 From Tobias Scherbaum 2008-08-30 11:31:43 0000 ------- 
ppc stable

------- Comment #21 From Tobias Klausmann 2008-08-31 15:53:37 0000 ------- 
Stable on alpha, sorry for taking so long.

------- Comment #22 From Tobias Heinlein 2008-09-03 18:16:11 0000 ------- 
GLSA request filed.

------- Comment #23 From Pierre-Yves Rofes 2008-09-22 20:29:46 0000 ------- 
What about http://www.ocert.org/advisories/ocert-2008-008.html ? It says not
all vulns are fixed in 1.1.15 :/

------- Comment #24 From Raúl Porcel 2008-09-28 15:12:56 0000 ------- 
arm stable
First Last Prev Next    No search results available      Search page      Enter new bug