Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
Not eligible to see or edit group visibility for this bug.
View Bug Activity | Format For Printing | XML | Clone This Bug
Luigi Auriemma writes: The old buffer-overflow in the subtitles handled by VLC has not been fully patched in version 0.8.6e, in fact buffer_text2 in ParseSSA is still unchecked: if( sscanf( s, "Dialogue: %[^,],%d:%d:%d.%d,%d:%d:%d.%d,%81920[^\r\n]", buffer_text2, The funny thing is that my old proof-of-concept was built just to test this specific buffer-overflow and in fact it works on the new VLC version too without modifications 8-) Instead the SVN version was and is patched from 10 months as I wrote in my old advisory: http://aluigi.org/adv/vlcboffs-adv.txt
We handled this issue back in bug 203345, but I could reproduce a segfault with the 0.8.6e release.
yep I've had the patches for a few days; basically it is: http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=94baded6eff88e39c98b6e3572826f16f21ceec3 and: http://git.videolan.org/gitweb.cgi?p=vlc.git;a=commit;h=f351efa7d22645625d20204f86a44b194fde8352 I suppose I could just add them to the patchset and make a -r1 instead of waiting for 0.8.6f that has been tagged at the same time but for which I dont know when it'll be released.
Those 2 patches are now in -r1 There is the subtitles stuff plus xine's CVE-2008-0073
Alexis, thanks for the fast fix. I hope you are also following bug 214270 for new xine vulnerabilities :-/ Arches, please test and mark stable: =media-video/vlc-0.8.6e-r1 Target keywords : "alpha amd64 ppc release sparc x86"
second try
x86 stable
Tested media-video/vlc-0.8.6e-r1 sparc Installs fine and works without segfaults :) # emerge --info Portage 2.1.4.4 (default-linux/sparc/sparc64/2007.0, gcc-4.1.2, glibc-2.6.1-r0, 2.6.24-gentoo-r3 sparc64) ================================================================= System uname: 2.6.24-gentoo-r3 sparc64 sun4u Timestamp of tree: Sat, 22 Mar 2008 20:00:01 +0000 ccache version 2.4 [enabled] app-shells/bash: 3.2_p17-r1 dev-lang/python: 2.4.4-r9 dev-python/pycrypto: 2.0.1-r6 dev-util/ccache: 2.4-r7 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.23-r3 ACCEPT_KEYWORDS="sparc" CBUILD="sparc-unknown-linux-gnu" CFLAGS="-mcpu=ultrasparc3 -mvis -Wa,-Av8plusa -O2 -pipe -frename-registers -ggdb" CHOST="sparc-unknown-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d" CPPFLAGS="-mcpu=ultrasparc3 -mvis -Wa,-Av8plusa -O2 -pipe -frename-registers -ggdb" CXXFLAGS="-mcpu=ultrasparc3 -mvis -Wa,-Av8plusa -O2 -pipe -frename-registers -ggdb" DISTDIR="/usr/portage/distfiles" FEATURES="ccache collision-protect distlocks installsources metadata-transfer parallel-fetch sandbox splitdebug strict test userfetch userpriv usersandbox" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LANG="de_DE.UTF-8" LDFLAGS="-Wl,-O1" LINGUAS="en de" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_EXTRA_OPTS="--exclude=/ccache" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/layman/sunrise /usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="64bit 7zip X a52 aac aalib ace agg alsa artworkextra audacious avahi blender-game bluetooth bzip2 c++ caps ccache clock-screen cups curl custom-cflags cvs cxx dbus devhelp dga disk-partition divx dri dts dv dvd dvdread encode evo exif fastcgi fat ffmpeg flac ftp fuse gd gif gimp gimpprint glade gmedia gnome gnome-print gnomecanvas gpm grammar gtk hal hpn ieee1394 imap ithreads javascript jpeg jpeg2k key-screen libsexy lyrics lzo mad memcache midi mikmod mjpeg mouse mp2 mp3 mpeg mpeg2 mplayer musepack musicbrainz nautilus ncurses network networking nls nptl nptlonly nsplugin offensive ogg openal opengl opera pam pcre pdf png pnm ppds quicktime raw realmedia regex ruby samba sasl sdl sdl-image search-screen slang smartcard smp sms sound soundex source sourceview sparc speex spell sqlite3 ssl subversion svg symlink taglib tagwriting theora threads tiff timidity truetype tta unicode usb userlocales utils vcd vidix vim vim-syntax vim-with-x vorbis wma wmf wmp x264 xanim xcb xfce xine xinerama xorg xulrunner xv xvid zlib" ALSA_PCM_PLUGINS="adpcm alaw copy dshare dsnoop extplug file hooks ladspa lfloat linear meter mulaw multi null rate route share shm" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LINGUAS="en de" USERLAND="GNU" VIDEO_CARDS="mach64 fbdev mga" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS
ppc stable
sparc stable, thanks Friedrich
amd64 stable
alpha stable.
GLSA request filed. Please note that we will not send it right away, because of the unfixed new xine issues.
vlc seems to have another issue: CVE-2008-1489
(In reply to comment #13) > vlc seems to have another issue: CVE-2008-1489 We're handling that one and other issues in bug 214627, which is currently restricted.
Fixed in release snapshot.
CVE-2008-1881 has been assigned to the incorrect fix for CVE-2007-6681.
GLSA 200804-25
