ports/129282: [vuxml] multimedia/vlc-devel: document CVE-2008-4654 and CVE-2008-4686
Eygene Ryabinkin
rea-fbsd at codelabs.ru
Mon Dec 1 12:32:46 UTC 2008
Joseph, good day.
According to Joseph Atkinson:
> This is generally correct. The affected version is NOT 0.9.5
> though. 0.9.5 was the release that addressed the issues. So the
> affected versions are effectively 0.9.0 through 0.9.4. I mentioned
> both of these CVEs in a follow up to ports/128359, which was the
> 0.9.5 submission.
Sure, 0.9.5. is clean from this issue as the VuXML entry suggests:
'>=0.9.0.20080223<0.9.5'.
> FreeBSD moved from 0.9.0-test1 directly to 0.9.5, so it is possible that
> FreeBSD never included an affected version.
As I wrote in the original PR, I had traced this down to 0.9.0.20080223
through the vlc-devel port history.
> I can't confirm this at this
> time because of being busy (holidays) and that there is no -test1 marked
> in their git for easy reference. However, I have no objections to
> documenting them to be complete/precise/safe.
-test1 can be downloaded from
ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/vlc-0.9.0-test1.tar.bz2
Is has the code in question: look at modules/demux/ty.c for the following
entries:
-----
int i_seq_table_size; /* number of entries in SEQ table */
int i_bits_per_seq_entry; /* # of bits in SEQ table bitmask */
--
for (i=0; i<p_sys->i_seq_table_size; i++) {
stream_Read(p_demux->s, mst_buf, 8 + i_map_size);
-----
> It is also worth noting that 0.9.5 is vulnerable to other issues that
> have already been documented in vulnxml. I mention this to avoid any
> confusion. 0.9.5 is not "clean", it's just not affected by these CVEs
> specifically.
Yes, it is correct. No one claimed that 0.9.5 is vulnerable: this VuXML
entry meant to document old vulnerabilities that are still valid for the
older port versions.
--
Eygene
_ ___ _.--. #
\`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard
/ ' ` , __.--' # to read the on-line manual
)/' _/ \ `-_, / # while single-stepping the kernel.
`-'" `"\_ ,_.-;_.-\_ ', fsc/as #
_.-'_./ {_.' ; / # -- FreeBSD Developers handbook
{_.-``-' {_/ #
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs/attachments/20081201/78452964/attachment.sig>
More information about the freebsd-ports-bugs
mailing list