Bug#811519: vlc: avio plugin leaks file content
Rémi Denis-Courmont
courmisch at gmail.com
Tue Jan 19 16:11:01 UTC 2016
Package: vlc
Version: 2.2.1-5+b1
Severity: grave
Tags: security patch
Justification: user security hole
Dear Maintainer,
With a carefully crafted URL, the VLC avio plugin can be made to leak
content of local files to remote parties.
The root cause is the same as CVE-2016-1897.
See also:
https://mailman.videolan.org/pipermail/vlc-devel/2016-January/105718.html
Best regards,
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.1.15-basile (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fi_FI.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages vlc depends on:
ii fonts-freefont-ttf 20120503-4
ii libaa1 1.4p5-44
ii libavcodec-ffmpeg56 7:2.8.5-1
ii libavutil-ffmpeg54 7:2.8.5-1
ii libc6 2.21-6
ii libcaca0 0.99.beta19-2+b1
ii libcairo2 1.14.6-1
ii libegl1-mesa [libegl1-x11] 11.1.1-2
ii libfreerdp-client1.1 1.1.0~git20140921.1.440916e+dfsg1-5+b1
ii libfreerdp-core1.1 1.1.0~git20140921.1.440916e+dfsg1-5+b1
ii libfreerdp-gdi1.1 1.1.0~git20140921.1.440916e+dfsg1-5+b1
ii libfreetype6 2.6.1-0.1
ii libfribidi0 0.19.7-1
ii libgcc1 1:5.3.1-6
ii libgl1-mesa-glx [libgl1] 11.1.1-2
ii libgles1-mesa [libgles1] 11.1.1-2
ii libgles2-mesa [libgles2] 11.1.1-2
ii libglib2.0-0 2.46.2-3
ii libpulse0 7.1-2
ii libqt5core5a 5.5.1+dfsg-12
ii libqt5gui5 5.5.1+dfsg-12
ii libqt5widgets5 5.5.1+dfsg-12
ii libqt5x11extras5 5.5.1-3
ii librsvg2-2 2.40.13-1
ii libsdl-image1.2 1.2.12-5+b5
ii libsdl1.2debian 1.2.15-12
ii libstdc++6 5.3.1-6
ii libva-drm1 1.6.2-1
ii libva-x11-1 1.6.2-1
ii libva1 1.6.2-1
ii libvlccore8 2.2.1-5+b1
ii libvncclient1 0.9.10+dfsg-3
ii libx11-6 2:1.6.3-1
ii libxcb-composite0 1.11.1-1
ii libxcb-keysyms1 0.4.0-1
ii libxcb-randr0 1.11.1-1
ii libxcb-shm0 1.11.1-1
ii libxcb-xv0 1.11.1-1
ii libxcb1 1.11.1-1
ii libxext6 2:1.3.3-1
ii libxi6 2:1.7.5-1
ii libxinerama1 2:1.1.3-1+b1
ii libxpm4 1:3.5.11-1+b1
ii vlc-nox 2.2.1-5+b1
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages vlc recommends:
pn vlc-plugin-notify <none>
pn vlc-plugin-samba <none>
ii xdg-utils 1.1.1-1
vlc suggests no packages.
Versions of packages vlc-nox depends on:
ii liba52-0.7.4 0.7.4-18
ii libasound2 1.0.29-1
ii libass5 0.13.1-1
ii libavahi-client3 0.6.32~rc+dfsg-1
ii libavahi-common3 0.6.32~rc+dfsg-1
ii libavc1394-0 0.5.4-2
ii libavcodec-ffmpeg56 7:2.8.5-1
ii libavformat-ffmpeg56 7:2.8.5-1
ii libavutil-ffmpeg54 7:2.8.5-1
ii libbasicusageenvironment0 2014.01.13-1
ii libbluray1 1:0.9.2-2
ii libc6 2.21-6
ii libcddb2 1.3.2-5
ii libcdio13 0.83-4.2+b1
ii libchromaprint0 1.2-1+b1
ii libcrystalhd3 1:0.0~git20110715.fdd2f19-11+b1
ii libdbus-1-3 1.10.6-1
ii libdc1394-22 2.2.3-1
ii libdca0 0.0.5-7
ii libdirectfb-1.2-9 1.2.10.0-5.1
ii libdvbpsi10 1.3.0-4
ii libdvdnav4 5.0.3-1
ii libdvdread4 5.0.3-1
ii libebml4v5 1.3.3-1
ii libfaad2 2.8.0~cvs20150510-1
ii libflac8 1.3.1-4
ii libfontconfig1 2.11.0-6.3
ii libfreetype6 2.6.1-0.1
ii libfribidi0 0.19.7-1
ii libgcc1 1:5.3.1-6
ii libgcrypt20 1.6.4-4
ii libgnutls-deb0-28 3.3.20-1
ii libgpg-error0 1.21-1
ii libgroupsock1 2014.01.13-1
ii libjpeg62-turbo 1:1.4.1-2
ii libkate1 0.4.1-5
ii liblircclient0 0.9.0~pre1-1.2
ii liblivemedia23 2014.01.13-1
ii liblua5.2-0 5.2.4-1
ii libmad0 0.15.1b-8
ii libmatroska6v5 1.4.4-1
ii libmodplug1 1:0.8.8.5-2
ii libmpcdec6 2:0.1~r475-1
ii libmpeg2-4 0.5.1-7
ii libmtp9 1.1.10-2
ii libncursesw5 6.0+20151024-2
ii libogg0 1.3.2-1
ii libopus0 1.1.2-1
ii libpng12-0 1.2.54-1
ii libpostproc-ffmpeg53 7:2.8.5-1
ii libraw1394-11 2.1.1-2
ii libresid-builder0c2a 2.1.1-14
ii libsamplerate0 0.1.8-8
ii libschroedinger-1.0-0 1.0.11-2.1
ii libshine3 3.1.0-3
ii libshout3 2.3.1-3
ii libsidplay2 2.1.1-14
ii libspeex1 1.2~rc1.2-1
ii libspeexdsp1 1.2~rc1.2-1
ii libssh2-1 1.5.0-2+b1
ii libstdc++6 5.3.1-6
ii libswscale-ffmpeg3 7:2.8.5-1
ii libtag1v5 1.9.1-2.4
ii libtheora0 1.1.1+dfsg.1-7
ii libtinfo5 6.0+20151024-2
ii libtwolame0 0.3.13-1.2
ii libudev1 228-4
ii libupnp6 1:1.6.19+git20141001-1
ii libusageenvironment1 2014.01.13-1
ii libvcdinfo0 0.7.24+dfsg-0.2
ii libvlc5 2.2.1-5+b1
ii libvlccore8 2.2.1-5+b1
ii libvorbis0a 1.3.4-3
ii libvorbisenc2 1.3.4-3
ii libx264-148 2:0.148.2601+gita0cd7d3-3
ii libx265-68 1.8-6
ii libxml2 2.9.3+dfsg1-1
ii libzvbi0 0.2.35-10
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages vlc-nox suggests:
ii libdvdcss2 1.2.13-0
Versions of packages libvlc5 depends on:
ii libc6 2.21-6
ii libvlccore8 2.2.1-5+b1
Versions of packages libvlccore8 depends on:
ii libc6 2.21-6
ii libdbus-1-3 1.10.6-1
ii libidn11 1.32-3
ii libproxy-tools 0.4.11-4.2
ii vlc-data 2.2.1-5
Versions of packages vlc is related to:
ii libavutil-ffmpeg54 7:2.8.5-1
-- no debconf information
More information about the pkg-multimedia-maintainers
mailing list