-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 27 Apr 2008 16:32:34 +0200 Source: vlc Binary: vlc vlc-nox libvlc0 libvlc0-dev vlc-plugin-esd vlc-plugin-alsa vlc-plugin-sdl vlc-plugin-ggi vlc-plugin-glide vlc-plugin-arts mozilla-plugin-vlc vlc-plugin-svgalib wxvlc vlc-plugin-jack Architecture: source all amd64 Version: 0.8.6.c-6+lenny4 Distribution: testing-security Urgency: high Maintainer: Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org> Changed-By: Nico Golde <nion@debian.org> Description: libvlc0 - multimedia player and streamer library libvlc0-dev - development files for VLC mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC vlc - multimedia player and streamer vlc-nox - multimedia player and streamer (without X support) vlc-plugin-alsa - dummy transitional package vlc-plugin-arts - aRts audio output plugin for VLC vlc-plugin-esd - Esound audio output plugin for VLC vlc-plugin-ggi - GGI video output plugin for VLC vlc-plugin-glide - Glide video output plugin for VLC vlc-plugin-jack - Jack audio plugins for VLC vlc-plugin-sdl - SDL video and audio output plugin for VLC vlc-plugin-svgalib - SVGAlib video output plugin for VLC wxvlc - dummy transitional package Closes: 477805 478140 478140 Changes: vlc (0.8.6.c-6+lenny4) testing-security; urgency=high . * Non-maintainer upload by the Security Team. * This update addresses the following security issues: - CVE-2008-1769: out-of-bounds array access and memory corruption via a crafted cinepak file (Closes: #478140). - CVE-2008-1768: multiple integer overflow triggering buffer overflows in the mp4 and real demuxer and the cinepak codec (Closes: #478140). - CVE-2008-1881: stack-based buffer overflow in subtitle parsing leading to arbitrary code execution via crafted subtitle file (Closes: #477805). Checksums-Sha1: 969ed605acacc8f86d2c8504cfaa3e2a9a738bb1 3101 vlc_0.8.6.c-6+lenny4.dsc 73127c27a3545e10efb5c7c79d191249572d40a5 41394 vlc_0.8.6.c-6+lenny4.diff.gz 5478e21d2d171b92da7620086bbd2d9d8c937fae 800 vlc-plugin-alsa_0.8.6.c-6+lenny4_all.deb 1f353f0b33cdfb9f0368eb58d815f713f75fb56d 794 wxvlc_0.8.6.c-6+lenny4_all.deb 04ffdd06f748f6be3ba797c81fe13bf0dc48c8b3 1160532 vlc_0.8.6.c-6+lenny4_amd64.deb 9251783bffb13313b893d63990dccf6fe182ec1c 4661230 vlc-nox_0.8.6.c-6+lenny4_amd64.deb cf5587de66bd750e59b2e7cdcb245bc0373d10b2 457322 libvlc0_0.8.6.c-6+lenny4_amd64.deb 10ec97be81ff42f949a79e96cf4a4dc2d309bd38 504464 libvlc0-dev_0.8.6.c-6+lenny4_amd64.deb 9ca20ff0a320b501d0d2747f3b1a3b2017ea51fb 4538 vlc-plugin-esd_0.8.6.c-6+lenny4_amd64.deb 98ce369b70dc74ca272ad037b549afceedfb633e 11646 vlc-plugin-sdl_0.8.6.c-6+lenny4_amd64.deb 74f76bd552bf23f8ddb0f30c15c1127fb72b4229 6216 vlc-plugin-ggi_0.8.6.c-6+lenny4_amd64.deb 728c259fbd882268002e4b36e514b94f1237df54 4186 vlc-plugin-arts_0.8.6.c-6+lenny4_amd64.deb 07043015d39766662e49a8032a48f7018b3d02b2 38578 mozilla-plugin-vlc_0.8.6.c-6+lenny4_amd64.deb 456480da0ce73f296a3d89be3dd84239463f44fb 4812 vlc-plugin-svgalib_0.8.6.c-6+lenny4_amd64.deb 7e4f3e20c8fa1ec1d8ea29cb8c75f09fa45a0507 4878 vlc-plugin-jack_0.8.6.c-6+lenny4_amd64.deb Checksums-Sha256: 47350d6be9493ea34787d0c6293cb502329dc3d9d58793797a87197b277dfda8 3101 vlc_0.8.6.c-6+lenny4.dsc cd4fec0381bc86094267330d173edab05e2226746553293efaec3a37ed6b1036 41394 vlc_0.8.6.c-6+lenny4.diff.gz e0bf645dfe5832b24984de6c0d1fa35b94e6e87c6d4a16310cea02ca3562d8d7 800 vlc-plugin-alsa_0.8.6.c-6+lenny4_all.deb addc5597469fa238c80ef3a5b3c7d615fff4b303e1573e5fbfb225fa39cb7c81 794 wxvlc_0.8.6.c-6+lenny4_all.deb fb72c37e59648adfca7b6cf63ce100b47079adf26a81525a419f8b2bc329c7f9 1160532 vlc_0.8.6.c-6+lenny4_amd64.deb 940d349d3c8bb77db84bc8d49e46a1b3c61ad5b4644b50c1a5c7cbeb1439bd02 4661230 vlc-nox_0.8.6.c-6+lenny4_amd64.deb d9cee4e988ca8b1a74fb94d98031878b4f17ccb162b427af61afad610f2a73a1 457322 libvlc0_0.8.6.c-6+lenny4_amd64.deb 1462f362bf563a5e20409eb59ad008afb098f5ac17bdf75827dcdfaf3eea5ad7 504464 libvlc0-dev_0.8.6.c-6+lenny4_amd64.deb e0b79920f2d0eb91fa9173e02f6009d0e1ac28d9c9e1409b2a4eaee72bdcae47 4538 vlc-plugin-esd_0.8.6.c-6+lenny4_amd64.deb d1eb788c55c9e2010bf8a3736fb4551081ae064c78b0565f60ca43087596953f 11646 vlc-plugin-sdl_0.8.6.c-6+lenny4_amd64.deb fec451d13e9f519d932323518b08a9f52f90e7c2c86839c5d8ac3cab68d9cbb2 6216 vlc-plugin-ggi_0.8.6.c-6+lenny4_amd64.deb 8e8241dc0b551a6583f47e58e767adf0b3567da9bc50e5a2184b0846bce9265e 4186 vlc-plugin-arts_0.8.6.c-6+lenny4_amd64.deb db878241d53e3cc0378c2809e031229f018e1cf93e2323319b577956c37bffbc 38578 mozilla-plugin-vlc_0.8.6.c-6+lenny4_amd64.deb 58461944b49270710e342a15983dc8b7c39cc64b2420098e18289e3a32334906 4812 vlc-plugin-svgalib_0.8.6.c-6+lenny4_amd64.deb 7e8320280fb281a576158c673efa8b8a9c0f0606c57738a089cefd78c86c5ae1 4878 vlc-plugin-jack_0.8.6.c-6+lenny4_amd64.deb Files: 760dcb306b60d1e826fad333b8da2982 3101 graphics optional vlc_0.8.6.c-6+lenny4.dsc 7ab0694b1d9198e0806fd51033155308 41394 graphics optional vlc_0.8.6.c-6+lenny4.diff.gz 756fb29b95e9bbc347da7f8c11d6ff85 800 graphics optional vlc-plugin-alsa_0.8.6.c-6+lenny4_all.deb 2b65c262cb536fe33085d663e41a8be4 794 graphics optional wxvlc_0.8.6.c-6+lenny4_all.deb 9a0b2314c253fccb5f6840efae5bc22b 1160532 graphics optional vlc_0.8.6.c-6+lenny4_amd64.deb 23f183dfcf7bf8086d7f725c2211fa79 4661230 net optional vlc-nox_0.8.6.c-6+lenny4_amd64.deb 49f62bc2ebe5663368b4f55fda91d4b6 457322 libs optional libvlc0_0.8.6.c-6+lenny4_amd64.deb c12059707bc2ecca7f3cce9e885d66fa 504464 libdevel optional libvlc0-dev_0.8.6.c-6+lenny4_amd64.deb db67c923d92fa51a01ecb29ffc7f17f1 4538 graphics optional vlc-plugin-esd_0.8.6.c-6+lenny4_amd64.deb a05b9b7f38a38c244880f4ea6c709edd 11646 graphics optional vlc-plugin-sdl_0.8.6.c-6+lenny4_amd64.deb 44e412de1ab131b9d1276b96fbf2d458 6216 graphics optional vlc-plugin-ggi_0.8.6.c-6+lenny4_amd64.deb 40ac7cbb99c89d139d71feaa5bc11e09 4186 graphics optional vlc-plugin-arts_0.8.6.c-6+lenny4_amd64.deb e552c4aba44601d5c4012553fb69f843 38578 graphics optional mozilla-plugin-vlc_0.8.6.c-6+lenny4_amd64.deb a06c95fdf43be40a1d1007702fb2710b 4812 graphics optional vlc-plugin-svgalib_0.8.6.c-6+lenny4_amd64.deb 1897129b07ed5629d88b4c90b51a3332 4878 graphics optional vlc-plugin-jack_0.8.6.c-6+lenny4_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIFJOxHYflSXNkfP8RAnJhAJsGYLH67PacaZziAeDfjeWNJy1QUwCgqbqc Hrxv6oSCCJllXnvrtBLhiac= =X+jm -----END PGP SIGNATURE----- Accepted: libvlc0-dev_0.8.6.c-6+lenny4_amd64.deb to pool/main/v/vlc/libvlc0-dev_0.8.6.c-6+lenny4_amd64.deb libvlc0_0.8.6.c-6+lenny4_amd64.deb to pool/main/v/vlc/libvlc0_0.8.6.c-6+lenny4_amd64.deb mozilla-plugin-vlc_0.8.6.c-6+lenny4_amd64.deb to pool/main/v/vlc/mozilla-plugin-vlc_0.8.6.c-6+lenny4_amd64.deb vlc-nox_0.8.6.c-6+lenny4_amd64.deb to pool/main/v/vlc/vlc-nox_0.8.6.c-6+lenny4_amd64.deb vlc-plugin-alsa_0.8.6.c-6+lenny4_all.deb to pool/main/v/vlc/vlc-plugin-alsa_0.8.6.c-6+lenny4_all.deb vlc-plugin-arts_0.8.6.c-6+lenny4_amd64.deb to pool/main/v/vlc/vlc-plugin-arts_0.8.6.c-6+lenny4_amd64.deb vlc-plugin-esd_0.8.6.c-6+lenny4_amd64.deb to pool/main/v/vlc/vlc-plugin-esd_0.8.6.c-6+lenny4_amd64.deb vlc-plugin-ggi_0.8.6.c-6+lenny4_amd64.deb to pool/main/v/vlc/vlc-plugin-ggi_0.8.6.c-6+lenny4_amd64.deb vlc-plugin-jack_0.8.6.c-6+lenny4_amd64.deb to pool/main/v/vlc/vlc-plugin-jack_0.8.6.c-6+lenny4_amd64.deb vlc-plugin-sdl_0.8.6.c-6+lenny4_amd64.deb to pool/main/v/vlc/vlc-plugin-sdl_0.8.6.c-6+lenny4_amd64.deb vlc-plugin-svgalib_0.8.6.c-6+lenny4_amd64.deb to pool/main/v/vlc/vlc-plugin-svgalib_0.8.6.c-6+lenny4_amd64.deb vlc_0.8.6.c-6+lenny4.diff.gz to pool/main/v/vlc/vlc_0.8.6.c-6+lenny4.diff.gz vlc_0.8.6.c-6+lenny4.dsc to pool/main/v/vlc/vlc_0.8.6.c-6+lenny4.dsc vlc_0.8.6.c-6+lenny4_amd64.deb to pool/main/v/vlc/vlc_0.8.6.c-6+lenny4_amd64.deb wxvlc_0.8.6.c-6+lenny4_all.deb to pool/main/v/vlc/wxvlc_0.8.6.c-6+lenny4_all.deb
