Bug#1083029: marked as done (mplayer: security issue: Unchecked Return Value to NULL Pointer Dereference)

To: Lorenzo Puliti <plorenzo@disroot.org>
Subject: Bug#1083029: marked as done (mplayer: security issue: Unchecked Return Value to NULL Pointer Dereference)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Fri, 04 Oct 2024 21:27:02 +0000
Message-id: <[🔎] handler.1083029.D1083029.17280770502043772.ackdone@bugs.debian.org>
Reply-to: 1083029@bugs.debian.org
References: <E1swpmQ-002Lmc-O6@fasolo.debian.org> <172769196057.23497.10402428636093004334.reportbug@lorenz.fritz.box>

Your message dated Fri, 04 Oct 2024 21:24:06 +0000
with message-id <E1swpmQ-002Lmc-O6@fasolo.debian.org>
and subject line Bug#1083029: fixed in mplayer 2:1.5+svn38638-1
has caused the Debian Bug report #1083029,
regarding mplayer: security issue: Unchecked Return Value to NULL Pointer Dereference
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1083029: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1083029
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: mplayer: security issue: Unchecked Return Value to NULL Pointer Dereference
From: Lorenzo Puliti <plorenzo@disroot.org>
Date: Mon, 30 Sep 2024 12:26:00 +0200
Message-id: <172769196057.23497.10402428636093004334.reportbug@lorenz.fritz.box>

Package: mplayer
Version: 2:1.5+svn38542-1
Severity: important
Tags: security upstream patch
X-Debbugs-Cc: team@security.debian.org, plorenzo@disroot.org, Debian Security Team <team@security.debian.org>

Hi,
A new security issue for mplayer was reported upstream:

https://trac.mplayerhq.hu/ticket/2426

a patch is available (see the link above), I don't think a CVE is
assigned yet.

Regards,
Lorenzo



-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.8.12-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: runit (via /run/runit.stopit)
LSM: AppArmor: enabled

Versions of packages mplayer depends on:
ii  liba52-0.7.4                      0.7.4-20+b1
ii  libaa1                            1.4p5-51.1
ii  libasound2t64                     1.2.12-1
ii  libass9                           1:0.17.3-1
ii  libaudio2                         1.9.4-9
ii  libavcodec61                      7:7.0.2-3
ii  libavformat61                     7:7.0.2-3
ii  libavutil59                       7:7.0.2-3
ii  libbluray2                        1:1.3.4-1+b1
ii  libbs2b0                          3.1.0+dfsg-8
ii  libc6                             2.40-2
ii  libcaca0                          0.99.beta20-5
ii  libcdio-cdda2t64                  10.2+2.0.2-1
ii  libcdio-paranoia2t64              10.2+2.0.2-1
ii  libcdio19t64                      2.1.0-4.2
ii  libdca0                           0.0.7-2+b1
ii  libdv4t64                         1.0.0-17.1
ii  libdvdnav4                        6.1.1-3
ii  libdvdread8t64                    6.1.3-1.1
ii  libegl1                           1.7.0-1+b1
ii  libenca0                          1.19-1.1+b2
ii  libfaad2                          2.11.1-1+b1
ii  libfontconfig1                    2.15.0-1.1
ii  libfreetype6                      2.13.3+dfsg-1
ii  libfribidi0                       1.0.15-1
ii  libgif7                           5.2.2-1
ii  libgl1                            1.7.0-1+b1
ii  libjack-jackd2-0 [libjack-0.125]  1.9.22~dfsg-3
ii  libjpeg62-turbo                   1:2.1.5-3
ii  liblirc-client0t64                0.10.2-0.9
ii  libmad0                           0.15.1b-10.2
ii  libmng1                           1.0.10+dfsg-3.1+b5
ii  libmpeg2-4                        0.5.1-9+b1
ii  libmpg123-0t64                    1.32.7-1
ii  libogg0                           1.3.5-3+b1
ii  libopenal1                        1:1.23.1-4+b1
ii  libpng16-16t64                    1.6.43-5
ii  libpostproc58                     7:7.0.2-3
ii  libpulse0                         16.1+dfsg1-5.1
ii  libsdl1.2debian                   1.2.68-2
ii  libsmbclient0                     2:4.21.0+dfsg-1
ii  libsndio7.0                       1.10.0-0.1
ii  libspeex1                         1.2.1-2+b1
ii  libswresample5                    7:7.0.2-3
ii  libswscale8                       7:7.0.2-3
ii  libtheora0                        1.1.1+dfsg.1-17
ii  libtinfo6                         6.5-2
ii  libvdpau1                         1.5-3
ii  libvorbisidec1                    1.2.1+git20180316-7+b1
ii  libx11-6                          2:1.8.7-1+b1
ii  libxext6                          2:1.3.4-1+b1
ii  libxinerama1                      2:1.1.4-3+b1
ii  libxss1                           1:1.2.3-1+b1
ii  libxv1                            2:1.0.11-1.1+b1
ii  libxvidcore4                      2:1.3.7-1+b1
ii  libxxf86dga1                      2:1.1.5-1+b1
ii  libxxf86vm1                       1:1.1.4-1+b2
ii  zlib1g                            1:1.3.dfsg+really1.3.1-1

mplayer recommends no packages.

Versions of packages mplayer suggests:
ii  bzip2               1.0.8-6
ii  fontconfig          2.15.0-1.1
ii  fonts-freefont-ttf  20211204+svn4273-2
pn  mplayer-doc         <none>
pn  netselect | fping   <none>

-- Configuration Files:
/etc/mplayer/mplayer.conf changed [not included]

-- no debconf information

--- End Message ---

--- Begin Message ---

To: 1083029-close@bugs.debian.org
Subject: Bug#1083029: fixed in mplayer 2:1.5+svn38638-1
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Fri, 04 Oct 2024 21:24:06 +0000
Message-id: <E1swpmQ-002Lmc-O6@fasolo.debian.org>
Reply-to: Lorenzo Puliti <plorenzo@disroot.org>

Source: mplayer
Source-Version: 2:1.5+svn38638-1
Done: Lorenzo Puliti <plorenzo@disroot.org>

We believe that the bug you reported is fixed in the latest version of
mplayer, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1083029@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Lorenzo Puliti <plorenzo@disroot.org> (supplier of updated mplayer package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 30 Sep 2024 22:29:54 +0200
Source: mplayer
Architecture: source
Version: 2:1.5+svn38638-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Lorenzo Puliti <plorenzo@disroot.org>
Closes: 1075294 1083029
Changes:
 mplayer (2:1.5+svn38638-1) experimental; urgency=medium
 .
   * New upstream version 1.5+svn38638
   * refresh quilt patches
   * quilt:
       - test upstream patch for FTBFS with gcc-14 (Closes: #1075294)
       - upstream fix for security issue #2426 (Closes: #1083029)
       - more patches to fix gcc-14 failures on i386
   * update d/copyright
   * bump Standards-Version to 4.7.0
   * gitignore: ignore quilt's .pc
Checksums-Sha1:
 a236f85caefc09a5543250b7091510af2010498f 3111 mplayer_1.5+svn38638-1.dsc
 107a78c9bfabf09eacc6b7b95a38cd6fe7ee81ef 5278480 mplayer_1.5+svn38638.orig.tar.xz
 5d1778e38fefb124a42adbfbbeb6181f76d8ad86 45184 mplayer_1.5+svn38638-1.debian.tar.xz
 23e8f96cce84f11f206456975dc01d4790b92d59 18848 mplayer_1.5+svn38638-1_source.buildinfo
Checksums-Sha256:
 2e5633600ccee97a4cacbe11fc2c9128e82c68a9c83adcc2f43a332b27870329 3111 mplayer_1.5+svn38638-1.dsc
 28f297e2bda95d6f4f7f81ff87fac2057f5db2c68c30c697c881b2c786a9fceb 5278480 mplayer_1.5+svn38638.orig.tar.xz
 e0502bceeca334953af35f76ad4156154ce62048a88fcbbd5ee4c1f832d67332 45184 mplayer_1.5+svn38638-1.debian.tar.xz
 cfbbf34effc2651e1e545679ca9fb56742b8e46925579df60ee6ec94476262e9 18848 mplayer_1.5+svn38638-1_source.buildinfo
Files:
 ba642cc50c845f1d8dc482dbf28d9af9 3111 video optional mplayer_1.5+svn38638-1.dsc
 3edc7db8723f3b05d8a0aeea67aec6a4 5278480 video optional mplayer_1.5+svn38638.orig.tar.xz
 bfe92dec4fc1e80006a7b76667425f8f 45184 video optional mplayer_1.5+svn38638-1.debian.tar.xz
 defdbc7b8f8395602a11f4b921ba5099 18848 video optional mplayer_1.5+svn38638-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmcAV0oQHGJhZ2VAZGVi
aWFuLm9yZwAKCRAfXHqLRVZDFDS/DACHTMOWIHiI+yYl3eXtNmXBc3YJitBIGk9d
ZFUxz9Hpuy+SY0yVCGA0O9Gd3orbvEbLHT+2iFrdwqIDR5Co1m7wGqMRJAQ9wiL/
GYLDD9Z0Dov/TY+hhvPHexbLEKWW9pnKVMeyY9dwY8Ip8FhlL+r0BDdjvuqxL/YF
v0xGFH/D72udNnHgdSuYBaf04S3XtroDLIRYT4b8MiWn+/1QvcIsLp/tjreAsiP9
GzG6E0UO6bQJIow9lkk7cr2WjTqpOxcDNOe7UQIBGRDmgbywAqrs+oN4AGYFJEkF
K/APwRUGjI7A94ZQiy39QbsIcTG7YsXJa1xPL1S7XhMZ9TA6+XLdoCm1FiDWU/1D
1dPqHk/oauKPKlZF9/8a+PxpB5E8ma6ry7S6eshduc9oPhRFubDPp61HIv/eG5Q0
8TiGVQBgXjZr5cVKqA8wcRqGWoszO14FxcqI1nQKkI6az6IAzlArpfiSatBonuKO
1xXQphJEMlPxzy+7NlpCup6485HKm3Q=
=se8g
-----END PGP SIGNATURE-----

Attachment: pgpev99e0bTQr.pgp
Description: PGP signature

--- End Message ---

Reply to:

Prev by Date: Bug#1075294: marked as done (mplayer: ftbfs with GCC-14)
Next by Date: Processing of mplayer_1.5+svn38638-1_source.changes
Previous by thread: Bug#1075294: marked as done (mplayer: ftbfs with GCC-14)
Next by thread: Processing of mplayer_1.5+svn38638-1_source.changes
Index(es):
- Date
- Thread