Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 70055

Summary: media-video/gxine: http buffer overflow
Product: Gentoo Security Reporter: Chris White (RETIRED) <chriswhite>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: media-video
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
URL: http://sourceforge.net/tracker/index.php?func=detail&aid=1060299&group_id=9655&atid=109655
Whiteboard: B2 [glsa] jaervosz
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 69663    

Description Chris White (RETIRED) gentoo-dev 2004-11-04 08:01:19 UTC 
Details are in the upstream bug report.  I'm waiting until upstream confirms this patch before going anywhere with it.  Once they have confirmed it, then I'll apply (or apply their modified version).  I decided the best way of contacting upstream was through their tracker system, which sends emails to various lists about xine bugs.  Therefore this bug is open instead of fightclub (as originally intended).  I pretty much felt that the kaffiene FD mail (it uses the EXACT same http code as gxine) sort of put it out in the open.  More information to come soon :).
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-11-05 04:30:04 UTC 
video/Chris White please provide a fixed ebuild.
Comment 2 Chris White (RETIRED) gentoo-dev 2004-11-06 07:44:23 UTC 
Patch applied in r1.  Don't think this needs a glsa as it's ~arch'ed across
the board.  You're call though :P.  I'll get rid of the non-r1 version after
work.
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-11-06 07:50:52 UTC 
Arches please mark stable and disregard Chris' ~arch rambling in comment #2
Comment 4 Olivier Crete (RETIRED) gentoo-dev 2004-11-06 08:21:27 UTC 
x86 stable
Comment 5 Jason Wever (RETIRED) gentoo-dev 2004-11-06 10:30:16 UTC 
Stable on sparc.
Comment 6 Luke Macken (RETIRED) gentoo-dev 2004-11-06 17:55:05 UTC 
Merged gxine and Kaffeine into a single GLSA.

Security, please review.
Comment 7 Luke Macken (RETIRED) gentoo-dev 2004-11-07 11:36:13 UTC 
GLSA 200411-14