From nobody@FreeBSD.org  Tue Dec  2 01:35:18 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5625F1065670
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  2 Dec 2008 01:35:18 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 4E7978FC13
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  2 Dec 2008 01:35:18 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id mB21ZIxs093505
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 2 Dec 2008 01:35:18 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id mB21ZH0h093496;
	Tue, 2 Dec 2008 01:35:17 GMT
	(envelope-from nobody)
Message-Id: <200812020135.mB21ZH0h093496@www.freebsd.org>
Date: Tue, 2 Dec 2008 01:35:17 GMT
From: "Joseph S. Atkinson" <jsa@wickedmachine.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Document CVE-2008-5276 for multimedia/vlc-devel
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         129356
>Category:       ports
>Synopsis:       Document CVE-2008-5276 for multimedia/vlc-devel
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    miwi
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 02 01:40:00 UTC 2008
>Closed-Date:    Sat Dec 06 23:47:41 UTC 2008
>Last-Modified:  Sat Dec 06 23:47:41 UTC 2008
>Originator:     Joseph S. Atkinson
>Release:        
>Organization:
>Environment:
>Description:
This is an attempt to document CVE-2008-5276 for multimedia/vlc-devel in which a specially crafted Real Media (.rm) file can potentially be used to create a heap overflow.

This is my first attempt at a vulnxml entry, so be gentle. Constructive criticism welcomed.
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

<vuln vid="1972d685-c010-11dd-a69e-000d8825e644">
	<topic>Real Media integer overflow might trigger heap-based buffer overflow in vlc-devel</topic>
		<affects>
			<package>
				<name>vlc-devel</name>
				<range><gt>0.9.*,2</gt><lt>0.9.8,3</lt></range>
			</package>
		</affects>
		<description>
			<body xmlns="http://www.w3.org/1999/xhtml">
				<p>Tobias Klein (tk@trapkit.de) identified:</p>
				<blockquote cite="http://www.trapkit.de/advisories/TKADV2008-013.txt">
					<p>The VLC media player contains an integer overflow vulnerability while parsing malformed RealMedia (.rm) files. The vulnerability leads to a heap overflow that can be exploited by a (remote) attacker to execute arbitrary code in the context of VLC media player.</p>
				</blockquote>
				<p>The VideoLAN Security Advisory 0811 entry states:</p>
				<blockquote cite="http://www.videolan.org/security/sa0811.html">
					<p>When parsing the header of an invalid Real Media file an integer overflow might occur then trigger a heap-based buffer overflows.</p>
 				</blockquote>
			</body>
		</description>
	<references>
	    	<freebsdpr>ports/129355</freebsdpr>
	    	<cvename>CVE-2008-5276</cvename>
		<url>http://www.trapkit.de/advisories/TKADV2008-013.txt</url>
		<url>http://www.videolan.org/security/sa0811.html</url>
	</references>
	<dates>
		<discovery>2008-11-14</discovery>
		<entry>2008-12-01</entry>
	</dates>
 </vuln>


>Release-Note:
>Audit-Trail:
Class-Changed-From-To: sw-bug->maintainer-update 
Class-Changed-By: edwin 
Class-Changed-When: Tue Dec 2 01:40:12 UTC 2008 
Class-Changed-Why:  
Fix category (submitter is maintainer) (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=129356 
Responsible-Changed-From-To: freebsd-ports-bugs->miwi 
Responsible-Changed-By: miwi 
Responsible-Changed-When: Tue Dec 2 05:32:56 UTC 2008 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=129356 

From: "Joseph S. Atkinson" <jsatkinson@embarqmail.com>
To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-ports-bugs@FreeBSD.org
Cc:  
Subject: Re: ports/129356: Document CVE-2008-5276 for multimedia/vlc-devel
Date: Wed, 03 Dec 2008 16:46:51 -0500

 Affected versions are now prior to:
 
 0.9.8.a,3
 
State-Changed-From-To: open->closed 
State-Changed-By: miwi 
State-Changed-When: Sat Dec 6 23:47:41 UTC 2008 
State-Changed-Why:  
documented. Thanks for your submission. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=129356 
>Unformatted:
