[helix-maintainers] Bug#340270: marked as done (helix-player: CVE-2005-2629, CVE-2005-2630: Do these vulnerabilities affect Helix as well?)

Debian Bug Tracking System owner at bugs.debian.org
Sun Nov 27 22:18:49 UTC 2005 

Your message dated Sun, 27 Nov 2005 17:15:59 -0500
with message-id <438A301F.2040800 at vif.com>
and subject line Version tracking
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 22 Nov 2005 09:44:05 +0000
>From jmm at inutil.org Tue Nov 22 01:44:05 2005
Return-path: <jmm at inutil.org>
Received: from inutil.org ([193.22.164.111] helo=vserver151.vserver151.serverflex.de)
	by spohr.debian.org with esmtp (Exim 4.50)
	id 1EeUh3-0001KQ-Dy
	for submit at bugs.debian.org; Tue, 22 Nov 2005 01:44:05 -0800
Received: from wlan-client-031.informatik.uni-bremen.de ([134.102.116.32] helo=localhost.localdomain)
	by vserver151.vserver151.serverflex.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32)
	(Exim 4.50)
	id 1EeUh1-0003QO-1c
	for submit at bugs.debian.org; Tue, 22 Nov 2005 10:44:03 +0100
Received: from jmm by localhost.localdomain with local (Exim 4.54)
	id 1EeUgr-0001fQ-2s; Tue, 22 Nov 2005 10:43:53 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <jmm at inutil.org>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: helix-player: CVE-2005-2629,
 CVE-2005-2630: Do these vulnerabilities affect Helix as well?
X-Mailer: reportbug 3.17
Date: Tue, 22 Nov 2005 10:43:53 +0100
X-Debbugs-Cc: Debian Security Team <team at security.debian.org>
Message-Id: <E1EeUgr-0001fQ-2s at localhost.localdomain>
X-SA-Exim-Connect-IP: 134.102.116.32
X-SA-Exim-Mail-From: jmm at inutil.org
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
	X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02

Package: helix-player
Severity: grave
Tags: security
Justification: user security hole

There's been an eeye advisory about several serious security problems in
Real Player: http://www.eeye.com/html/research/advisories/AD20051110b.html

According to some other security web sites Helix player might be affected
as well: http://www.frsirt.com/english/advisories/2005/2385

As some Real Player vulnerabilities in the past affected Helix as well
this could be correct, can you confirm it?

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)

---------------------------------------
Received: (at 340270-close) by bugs.debian.org; 27 Nov 2005 22:15:48 +0000
>From ido at vif.com Sun Nov 27 14:15:48 2005
Return-path: <ido at vif.com>
Received: from mail.vif.com ([216.239.64.153] helo=buddha.vif.com)
	by spohr.debian.org with esmtp (Exim 4.50)
	id 1EgUoG-0008JS-Fu
	for 340270-close at bugs.debian.org; Sun, 27 Nov 2005 14:15:48 -0800
Received: from [216.239.82.34] (ip216-239-82-34.vif.net [216.239.82.34])
	by buddha.vif.com (8.13.1/8.13.1) with ESMTP id jARMFlgL028609
	for <340270-close at bugs.debian.org>; Sun, 27 Nov 2005 17:15:47 -0500 (EST)
	(envelope-from ido at vif.com)
Message-ID: <438A301F.2040800 at vif.com>
Date: Sun, 27 Nov 2005 17:15:59 -0500
From: Filipus Klutiero <ido at vif.com>
User-Agent: Mozilla Thunderbird 1.0.2 (X11/20051002)
X-Accept-Language: fr, en
MIME-Version: 1.0
To: 340270-close at bugs.debian.org
Subject: Version tracking
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-vif-MailScanner-Information: Please contact the ISP for more information
X-vif-MailScanner: Found to be clean
X-vif-MailScanner-From: ido at vif.com
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-1.5 required=4.0 tests=BAYES_10 autolearn=no 
	version=2.60-bugs.debian.org_2005_01_02

Version: 1.0.6-2

More information about the helix-maintainers mailing list