Bug 234777 (CVE-2008-3231)

Comment 1 Alexis Ballier 2008-08-15 06:52:27 UTC

bumped

Comment 2 Robert Buchholz (RETIRED) 2008-08-15 08:18:03 UTC

Arches, please test and mark stable:
=media-libs/xine-lib-1.1.15
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"

Comment 3 Robert Buchholz (RETIRED) 2008-08-15 10:48:20 UTC

CVE-2008-3231 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3231):
  xine allows user-assisted attackers to cause a denial of service (application
  crash) via a crafted OGG file, as demonstrated by lol-ffplay.ogg.

Comment 4 Raúl Porcel (RETIRED) 2008-08-15 14:52:52 UTC

ia64/x86 stable

Comment 5 Jeroen Roovers (RETIRED) 2008-08-15 16:02:17 UTC

Stable for HPPA.

Comment 6 Markus Meier 2008-08-15 19:06:02 UTC

amd64 stable

Comment 7 Friedrich Oslage (RETIRED) 2008-08-15 19:34:03 UTC

Created attachment 162994 [details, diff]
fix for use=-vis on sparc

On sparc it failes to compiled with USE="-vis":
/tmp/portage/media-libs/xine-lib-1.1.15/work/xine-lib-1.1.15/src/libmpeg2/motion_comp.c:76: undefined reference to `mpeg2_mc_vis'

because src/libmpeg2/motion_comp_vis.c has
#if defined(ARCH_SPARC) && defined(ENABLE_VIS)
and src/libmpeg2/motion_comp.c has
#ifdef ARCH_SPARC

can you apply this patch to fix it, please?

Comment 8 Tobias Klausmann (RETIRED) 2008-08-15 20:20:34 UTC

Stable on alpha.

Comment 9 Markus Rothe (RETIRED) 2008-08-16 07:46:37 UTC

ppc64 stable

Comment 10 Alexis Ballier 2008-08-16 11:38:10 UTC

(In reply to comment #7)

> can you apply this patch to fix it, please?


Applied thanks (you could aswell have done it yourself as that's sparc specific code)

Please don't forget to send it upstream so that it's fixed for good.

Comment 11 Friedrich Oslage (RETIRED) 2008-08-16 12:14:24 UTC

Thanks, sparc stable

(In reply to comment #10)
> Please don't forget to send it upstream so that it's fixed for good.

done

Comment 12 Tobias Scherbaum (RETIRED) 2008-08-19 21:09:17 UTC

ppc stable

Comment 13 Robert Buchholz (RETIRED) 2008-08-19 22:34:53 UTC

request filed

Comment 14 Robert Buchholz (RETIRED) 2008-08-27 15:02:05 UTC

1.1.15 has caused a regression with KDE players, see blocked bug.

Arches, please test and mark stable:
=media-libs/xine-lib-1.1.15-r1
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"

Comment 15 Jeroen Roovers (RETIRED) 2008-08-28 03:57:04 UTC

Stable for HPPA.

Comment 16 Friedrich Oslage (RETIRED) 2008-08-28 17:08:27 UTC

sparc stable

Comment 17 Markus Rothe (RETIRED) 2008-08-29 07:18:13 UTC

ppc64 stable

Comment 18 Raúl Porcel (RETIRED) 2008-08-29 15:15:44 UTC

ia64/x86 stable

Comment 19 Dawid Węgliński (RETIRED) 2008-08-29 15:46:09 UTC

amd64 stable as well

Comment 20 Tobias Scherbaum (RETIRED) 2008-08-30 11:31:43 UTC

ppc stable

Comment 21 Tobias Klausmann (RETIRED) 2008-08-31 15:53:37 UTC

Stable on alpha, sorry for taking so long.

Comment 22 Tobias Heinlein (RETIRED) 2008-09-03 18:16:11 UTC

GLSA request filed.

Comment 23 Pierre-Yves Rofes (RETIRED) 2008-09-22 20:29:46 UTC

What about http://www.ocert.org/advisories/ocert-2008-008.html ? It says not all vulns are fixed in 1.1.15 :/

Comment 24 Raúl Porcel (RETIRED) 2008-09-28 15:12:56 UTC

arm stable

Comment 25 Alex Legler (RETIRED) 2010-05-30 10:35:10 UTC

GLSA filed including bug 234777, bug 249041, bug 260069, and bug 265250.

Comment 26 Alex Legler (RETIRED) 2010-06-01 15:45:21 UTC

GLSA 201006-04