ports/129282: [vuxml] multimedia/vlc-devel: document CVE-2008-4654 and CVE-2008-4686

Eygene Ryabinkin rea-fbsd at codelabs.ru
Mon Dec 1 12:32:46 UTC 2008 

Joseph, good day.

According to Joseph Atkinson:
> This is generally correct. The affected version is NOT 0.9.5
> though.  0.9.5 was the release that addressed the issues. So the
> affected versions are effectively 0.9.0 through 0.9.4. I mentioned
> both of these CVEs in a follow up to ports/128359, which was the
> 0.9.5 submission.

Sure, 0.9.5. is clean from this issue as the VuXML entry suggests:
'>=0.9.0.20080223<0.9.5'.

> FreeBSD moved from 0.9.0-test1 directly to 0.9.5, so it is possible that
> FreeBSD never included an affected version.

As I wrote in the original PR, I had traced this down to 0.9.0.20080223
through the vlc-devel port history.

> I can't confirm this at this
> time because of being busy (holidays) and that there is no -test1 marked
> in their git for easy reference. However, I have no objections to
> documenting them to be complete/precise/safe.

-test1 can be downloaded from
  ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/vlc-0.9.0-test1.tar.bz2
Is has the code in question: look at modules/demux/ty.c for the following
entries:
-----
  int             i_seq_table_size;   /* number of entries in SEQ table */
  int             i_bits_per_seq_entry; /* # of bits in SEQ table bitmask */
--
    for (i=0; i<p_sys->i_seq_table_size; i++) {
        stream_Read(p_demux->s, mst_buf, 8 + i_map_size);
-----

> It is also worth noting that 0.9.5 is vulnerable to other issues that
> have already been documented in vulnxml. I mention this to avoid any
> confusion. 0.9.5 is not "clean", it's just not affected by these CVEs
> specifically.

Yes, it is correct.  No one claimed that 0.9.5 is vulnerable: this VuXML
entry meant to document old vulnerabilities that are still valid for the
older port versions.
-- 
Eygene
 _                ___       _.--.   #
 \`.|\..----...-'`   `-._.-'_.-'`   #  Remember that it is hard
 /  ' `         ,       __.--'      #  to read the on-line manual   
 )/' _/     \   `-_,   /            #  while single-stepping the kernel.
 `-'" `"\_  ,_.-;_.-\_ ',  fsc/as   #
     _.-'_./   {_.'   ; /           #    -- FreeBSD Developers handbook 
    {_.-``-'         {_/            #
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs/attachments/20081201/78452964/attachment.sig>

More information about the freebsd-ports-bugs mailing list