[SCM] vlc/maverick: Import Debian patch for 1.1.4-1ubuntu1.5

bdrung at users.alioth.debian.org bdrung at users.alioth.debian.org
Sat Jun 11 19:22:07 UTC 2011 

The following commit has been merged in the maverick branch:
commit bc190fd7dd423b0f1862dbda7e62251fd7feea48
Author: Benjamin Drung <bdrung at debian.org>
Date:   Sat Jun 11 21:16:17 2011 +0200

    Import Debian patch for 1.1.4-1ubuntu1.5

diff --git a/debian/changelog b/debian/changelog
index 198cfa2..7aed1f7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,17 @@
+vlc (1.1.4-1ubuntu1.5) maverick-security; urgency=low
+
+  * SECURITY UPDATE: arbitrary code execution via crafted width
+    - debian/patches/CVE-2010-327x.patch: limit video size to 8192x8192 in
+      src/video_output/video_output.c.
+    - CVE-2010-3275
+    - CVE-2010-3276
+  * SECURITY UPDATE: arbitrary code execution via mp4 file (LP: #756368)
+    - debian/patches/CVE-2011-1684.patch: fix buffer overflow in
+      modules/demux/mp4/libmp4.c.
+    - CVE-2011-1684
+
+ -- Marc Deslauriers <marc.deslauriers at ubuntu.com>  Wed, 13 Apr 2011 23:21:01 -0400
+
 vlc (1.1.4-1ubuntu1.4) maverick-security; urgency=low
 
   * SECURITY UPDATE: memory corruption, code execution (LP: #714089)
diff --git a/debian/patches/CVE-2010-327x.patch b/debian/patches/CVE-2010-327x.patch
new file mode 100644
index 0000000..1cfe2b8
--- /dev/null
+++ b/debian/patches/CVE-2010-327x.patch
@@ -0,0 +1,16 @@
+Description: fix arbitrary code execution via crafted width
+Origin: upstream, http://git.videolan.org/?p=vlc/vlc-1.1.git;a=commitdiff;h=fe44129dc6509b3347113ab0e1a0524af1e0dd11
+
+Index: vlc-1.1.4/src/video_output/video_output.c
+===================================================================
+--- vlc-1.1.4.orig/src/video_output/video_output.c	2011-04-13 23:20:08.249417332 -0400
++++ vlc-1.1.4/src/video_output/video_output.c	2011-04-13 23:20:20.359417336 -0400
+@@ -297,7 +297,7 @@
+     char *psz_parser;
+     char *psz_name;
+ 
+-    if( i_width <= 0 || i_height <= 0 )
++    if( i_width <= 0 || i_height <= 0 || i_width > 8192 || i_height > 8192 )
+         return NULL;
+ 
+     vlc_ureduce( &p_fmt->i_sar_num, &p_fmt->i_sar_den,
diff --git a/debian/patches/CVE-2011-1684.patch b/debian/patches/CVE-2011-1684.patch
new file mode 100644
index 0000000..c0d4e20
--- /dev/null
+++ b/debian/patches/CVE-2011-1684.patch
@@ -0,0 +1,17 @@
+Description: fix arbitrary code execution via mp4 file
+Origin: upstream, http://git.videolan.org/?p=vlc.git;a=commit;h=5637ca8141bf39f263ecdb62035d2cb45c740821
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/756368
+
+Index: vlc-1.1.4/modules/demux/mp4/libmp4.c
+===================================================================
+--- vlc-1.1.4.orig/modules/demux/mp4/libmp4.c	2011-04-13 23:20:47.869417347 -0400
++++ vlc-1.1.4/modules/demux/mp4/libmp4.c	2011-04-13 23:20:53.699417350 -0400
+@@ -2247,7 +2247,7 @@
+ 
+ static int MP4_ReadBox_skcr( stream_t *p_stream, MP4_Box_t *p_box )
+ {
+-    MP4_READBOX_ENTER( MP4_Box_data_frma_t );
++    MP4_READBOX_ENTER( MP4_Box_data_skcr_t );
+ 
+     MP4_GET4BYTES( p_box->data.p_skcr->i_init );
+     MP4_GET4BYTES( p_box->data.p_skcr->i_encr );
diff --git a/debian/patches/series b/debian/patches/series
index 23967dc..fc72ac4 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,3 +5,5 @@ CVE-2010-3907.diff
 cdg-heap-overflow.diff
 xml-heap-corruption.diff
 mkv-input-validation.diff
+CVE-2010-327x.patch
+CVE-2011-1684.patch

-- 
VLC media player packaging

More information about the pkg-multimedia-commits mailing list