Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 316709 - <media-video/vlc-1.0.6: Multiple vulnerabilities (CVE-2010-{1441,1442,1443,1444,1445})
Summary: <media-video/vlc-1.0.6: Multiple vulnerabilities (CVE-2010-{1441,1442,1443,14...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.videolan.org/security/sa10...
Whiteboard: B2 [glsa]
Keywords:
: 314011 (view as bug list)
Depends on: 316805
Blocks:
  Show dependency tree
 
Reported: 2010-04-22 17:56 UTC by Alexis Ballier
Modified: 2014-11-05 22:07 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexis Ballier gentoo-dev 2010-04-22 17:56:22 UTC 
Security Advisory 1003

Summary           : Heap buffer overflow vulnerability in A/52, DTS
                     and MPEG Audio decoders
                    Invalid memory access in AVI, ASF, Matroska (MKV) demuxers
                    Invalid memory access in XSPF playlist parser
                    Invalid memory access in ZIP archive decompressor
                    Heap buffer overflow in RTMP access
Date              : 19 April 2010
Affected versions : VLC media player 1.0.5 down to 0.5.0
ID                : VideoLAN-SA-1003
CVE references    : N/A (at the time of writing)
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-04-22 18:01:41 UTC 
Arches, please test and mark stable:
=media-video/vlc-1.0.6
Target keywords : "alpha amd64 ppc ppc64 sparc x86"
Comment 2 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-04-22 18:33:11 UTC 
*** Bug 314011 has been marked as a duplicate of this bug. ***
Comment 3 Andreas Schürch gentoo-dev 2010-04-23 09:29:55 UTC 
I Tested on x86. It seems to be ok and works, but it spits out a compile error with USE="qt4 -X" and with the skins useflag it complains about not finding freetype, but i've got media-libs/freetype-2.3.11 installed!?

configure: error: Could not find freetype (required for skins2)      

[ebuild   R   ] media-libs/freetype-2.3.11  USE="X -bindist -debug -doc -fontforge -utils" 0 kB
Comment 4 Alexis Ballier gentoo-dev 2010-04-23 12:19:13 UTC 
(In reply to comment #3)
> I Tested on x86. It seems to be ok and works, but it spits out a compile error
> with USE="qt4 -X" and with the skins useflag it complains about not finding
> freetype, but i've got media-libs/freetype-2.3.11 installed!?
> 
> configure: error: Could not find freetype (required for skins2)      
> 
> [ebuild   R   ] media-libs/freetype-2.3.11  USE="X -bindist -debug -doc
> -fontforge -utils" 0 kB

please open a new bug blocking this one with the full build log and config.log attached
Comment 5 Andreas Schürch gentoo-dev 2010-04-23 20:35:14 UTC 
Well done! :-)
No failures left over here on x86!
Comment 6 Christian Faulhammer (RETIRED) gentoo-dev 2010-04-26 09:06:08 UTC 
stable x86, thanks Andreas
Comment 7 Markus Meier gentoo-dev 2010-04-26 19:18:27 UTC 
amd64 stable
Comment 8 Brent Baude (RETIRED) gentoo-dev 2010-04-30 14:16:54 UTC 
ppc done
Comment 9 Brent Baude (RETIRED) gentoo-dev 2010-04-30 14:20:24 UTC 
ppc64 done
Comment 10 Raúl Porcel (RETIRED) gentoo-dev 2010-05-04 18:56:22 UTC 
alpha/sparc stable
Comment 11 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-08-11 20:43:19 UTC 
GLSA together with bug 279340.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2014-11-05 22:07:47 UTC 
This issue was resolved and addressed in
 GLSA 201411-01 at http://security.gentoo.org/glsa/glsa-201411-01.xml
by GLSA coordinator Sean Amoss (ackle).