From owner-freebsd-ports-bugs@FreeBSD.ORG Tue Apr 27 22:10:03 2010 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 850661065673 for ; Tue, 27 Apr 2010 22:10:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 490C98FC13 for ; Tue, 27 Apr 2010 22:10:03 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o3RMA2sZ093192 for ; Tue, 27 Apr 2010 22:10:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o3RMA2Bt093191; Tue, 27 Apr 2010 22:10:02 GMT (envelope-from gnats) Resent-Date: Tue, 27 Apr 2010 22:10:02 GMT Resent-Message-Id: <201004272210.o3RMA2Bt093191@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "Joseph S. Atkinson" Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1F3F610656DF for ; Tue, 27 Apr 2010 22:00:16 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 2C1C38FC08 for ; Tue, 27 Apr 2010 22:00:15 +0000 (UTC) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o3RM0Efa002096 for ; Tue, 27 Apr 2010 22:00:14 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id o3RM0E4f002095; Tue, 27 Apr 2010 22:00:14 GMT (envelope-from nobody) Message-Id: <201004272200.o3RM0E4f002095@www.freebsd.org> Date: Tue, 27 Apr 2010 22:00:14 GMT From: "Joseph S. Atkinson" To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: ports/146099: update VLC to 1.0.6, document internally discovered exploit X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Apr 2010 22:10:03 -0000 >Number: 146099 >Category: ports >Synopsis: update VLC to 1.0.6, document internally discovered exploit >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Tue Apr 27 22:10:02 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Joseph S. Atkinson >Release: >Organization: >Environment: >Description: VideoLAN has released 1.0.6 to address several vulnerabilities they discovered while working towards the 1.1.0 release. These vulnerabilities could potentially allow for a specially crafted file to execute code. >How-To-Repeat: >Fix: This shar file contains two patches. The first is the update patch for vlc, the second is the vuln.xml entry, sans this PR number. Patch attached with submission follows: # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # vlc_1.0.6.diff # vlc_1.0.6_vuxml.diff # echo x - vlc_1.0.6.diff sed 's/^X//' >vlc_1.0.6.diff << '5220982b7aa97889d2795eed788c4a85' Xdiff -ru /usr/ports/multimedia/vlc/Makefile vlc/Makefile X--- /usr/ports/multimedia/vlc/Makefile 2010-04-26 13:30:06.000000000 -0400 X+++ vlc/Makefile 2010-04-27 17:02:31.000000000 -0400 X@@ -9,8 +9,7 @@ X # X X PORTNAME= vlc X-DISTVERSION= 1.0.5 X-PORTREVISION= 5 X+DISTVERSION= 1.0.6 X PORTEPOCH= 3 X CATEGORIES= multimedia audio ipv6 net www X MASTER_SITES= http://download.videolan.org/pub/videolan/${PORTNAME}/${DISTVERSION}/ \ Xdiff -ru /usr/ports/multimedia/vlc/distinfo vlc/distinfo X--- /usr/ports/multimedia/vlc/distinfo 2010-02-01 13:20:30.000000000 -0500 X+++ vlc/distinfo 2010-04-27 17:02:42.000000000 -0400 X@@ -1,3 +1,3 @@ X-MD5 (vlc-1.0.5.tar.bz2) = d3d99e489ba1ae996af7e1065c0ef313 X-SHA256 (vlc-1.0.5.tar.bz2) = f7f1994c936fbb8c392481a13abfd6a6b76c5aac4406fa7a78d4786dfc206dcd X-SIZE (vlc-1.0.5.tar.bz2) = 21887131 X+MD5 (vlc-1.0.6.tar.bz2) = 246a3865ec037f8f5757ef6b973a80fc X+SHA256 (vlc-1.0.6.tar.bz2) = f521933e7a1021746d8ecde6caa2f9d1b43187ab2e13df6abc07540e415e1842 X+SIZE (vlc-1.0.6.tar.bz2) = 22149704 5220982b7aa97889d2795eed788c4a85 echo x - vlc_1.0.6_vuxml.diff sed 's/^X//' >vlc_1.0.6_vuxml.diff << 'e1fc4f5a43a3297a895e7fdb5b69ec11' X--- /usr/ports/security/vuxml/vuln.xml 2010-04-25 20:26:47.000000000 -0400 X+++ vuxml/vuln.xml 2010-04-27 17:47:41.000000000 -0400 X@@ -34,6 +34,33 @@ X X --> X X+ X+ Unintended code execution with specially crafted data in VLC X+ X+ X+ vlc X+ 1.0.6 X+ X+ X+ X+ X+

VideoLAN project reports:

X+
X+

VLC media player suffers from various vulnerabilities when X+ attempting to parse malformatted or overly long byte streams.

X+
X+ X+ X+ X+ 39629 X+ http://www.videolan.org/security/sa1003.html X+ X+ X+ 2010-04-19 X+ 2010-04-27 X+ X+ X+ X X cacti -- SQL injection and command execution vulnerabilities X e1fc4f5a43a3297a895e7fdb5b69ec11 exit >Release-Note: >Audit-Trail: >Unformatted: