http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061539.html (will attach sample)
Created attachment 150019 [details] file crashing xine
Any news here? we already have a pending GLSA for xine-lib (bug #213039 and bug #214270), but with a vulnerability remaining, it's pointless.
These are patches for CVE-2008-1878: http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=d0ced21e0cf2;style=gitweb http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=2d5efbbeb882;style=gitweb It should make sense to include these patches: http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=fa5398bfd312521bea5cb8097d864da578943325;style=gitweb http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=b22d0d37f9f0096c40f2047d01c21f3a96067d8b;style=gitweb Diego, are you rolling a new release soon? Otherwise, media-video: please create an ebuild with the patches included.
Hi Diego and media-video team, our GLSA draft about xine-lib has been ready for several days now, and we are still waiting for this bug being solved. Please tell us if you plan to include the patches for CVE-2008-1878 very shortly, or if not.
Hi, I tried to fix this issue, but it seems the upstream commit doesn't fix it (xine-lib 1.1 branch still crashes). I'm in contact with diego to resolv this.
xine-lib-1.1.12-r1 should fix the buffer overflow. There's another crash-bug, so testing the evil.mp3 will still crash xine, but there's no overflow any more.
(In reply to comment #2) > Any news here? we already have a pending GLSA for xine-lib (bug #213039 and bug > #214270), but with a vulnerability remaining, it's pointless. > pong wasn't -r1 good enough ? anyway, 1.1.13 is in the tree now. Changes: * Security fixes: - Buffer overflow in the NSF demuxer which may allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via an NSF file with a long title or copyright message. (CVE-2008-1878) - For extra safety against possible Integer overflows like the ones found in CVE-2008-1482, backport more calloc usage from 1.2 branch. * Added MIME types and .mpp for musepack. * Fixed display of some MJPEG streams (YUVJ420P). * Deprecate xine_xmalloc() function, see src/xine-utils/utils.c for more information about the reason. * Provide a useful implementation of xine_register_log_cb(). * New version of the JACK output plugin.
thanks Alexis.
Arches, please test and mark stable: =media-libs/xine-lib-1.1.13 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
Stable for HPPA.
ppc64 and ppc done
amd64/x86 stable
ia64/sparc stable
Stable on alpha.
GLSA 200808-01