Your message dated Mon, 14 Jun 2010 15:36:05 +0000
with message-id <[email protected]>
and subject line Bug#575742: fixed in libmikmod 3.1.11-6.2
has caused the Debian Bug report #575742,
regarding CVE-2009-3995 CVE-2009-3996: Multiple heap-based buffer overflows
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
575742: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575742
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libmikmod
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for libmikmod.

CVE-2009-3995[0]:
| Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module
| Decoder Plug-in) in Winamp before 5.57 might allow remote attackers to
| execute arbitrary code via (1) crafted samples or (2) crafted
| instrument definitions in an Impulse Tracker file.

CVE-2009-3996[1]:
| Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder
| Plug-in) in Winamp before 5.57 might allow remote attackers to execute
| arbitrary code via an Ultratracker file.

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3995
    http://security-tracker.debian.org/tracker/CVE-2009-3995
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3996
    http://security-tracker.debian.org/tracker/CVE-2009-3996


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkuvxeoACgkQNxpp46476aqYowCZAYzx91cv2k7Ewj5LdSDx75vE
0hkAni+D8rRq+jIw0gDD9ro1gGz3gl38
=fwh7
-----END PGP SIGNATURE-----



--- End Message ---
--- Begin Message ---
Source: libmikmod
Source-Version: 3.1.11-6.2

We believe that the bug you reported is fixed in the latest version of
libmikmod, which is due to be installed in the Debian FTP archive:

libmikmod2-dev_3.1.11-a-6.2_amd64.deb
  to main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6.2_amd64.deb
libmikmod2_3.1.11-a-6.2_amd64.deb
  to main/libm/libmikmod/libmikmod2_3.1.11-a-6.2_amd64.deb
libmikmod_3.1.11-6.2.diff.gz
  to main/libm/libmikmod/libmikmod_3.1.11-6.2.diff.gz
libmikmod_3.1.11-6.2.dsc
  to main/libm/libmikmod/libmikmod_3.1.11-6.2.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Arne Wichmann <[email protected]> (supplier of updated libmikmod package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 12 Jun 2010 16:14:44 +0200
Source: libmikmod
Binary: libmikmod2-dev libmikmod2
Architecture: source amd64
Version: 3.1.11-6.2
Distribution: unstable
Urgency: high
Maintainer: Ingo Saitz <[email protected]>
Changed-By: Arne Wichmann <[email protected]>
Description: 
 libmikmod2 - A portable sound library
 libmikmod2-dev - A portable sound library - development files
Closes: 575742
Changes: 
 libmikmod (3.1.11-6.2) unstable; urgency=high
 .
   * Non-maintainer upload.
   * debian/patches/CVE-2009-3995f.patch: fixes buffer overflows in the
     loaders for Impulse Tracker and Ultratracker files. (Closes: #575742)
Checksums-Sha1: 
 b1c8cf156e80289dccbbf3517c8fd0694ca89635 1018 libmikmod_3.1.11-6.2.dsc
 85fd0eacc333bbd51c03695f59399043d96647f8 337602 libmikmod_3.1.11-6.2.diff.gz
 b3819cdf41483d726f972f3cd8205b7528ac95e8 268582 
libmikmod2-dev_3.1.11-a-6.2_amd64.deb
 fd59d72a2ea8bfb9c2758f15a1490c45f612f673 157610 
libmikmod2_3.1.11-a-6.2_amd64.deb
Checksums-Sha256: 
 8e6f10c0f0b1100cb05efc0adbd1555c5067afff7146c05e88bcedf71d80518a 1018 
libmikmod_3.1.11-6.2.dsc
 c71a8b58c09ada7e986686c3b145ad471d2513256898227bd18ef5f29f3497d9 337602 
libmikmod_3.1.11-6.2.diff.gz
 0de1528fa8f7c76617ab1a665b0ec09aff68b5f16658aeace4d6a3e787c934df 268582 
libmikmod2-dev_3.1.11-a-6.2_amd64.deb
 bf9fe681d8b7b08f0197a3b281e81fb2d6a76da829db3ab6ea1f528b2fc2c29e 157610 
libmikmod2_3.1.11-a-6.2_amd64.deb
Files: 
 90971dbd14eef845da8093b78d1f2bf9 1018 libs optional libmikmod_3.1.11-6.2.dsc
 d43d83aa88fa377de193a4b982aaff0f 337602 libs optional 
libmikmod_3.1.11-6.2.diff.gz
 150e0cf9147aeff0455be9b501baa892 268582 libdevel optional 
libmikmod2-dev_3.1.11-a-6.2_amd64.deb
 a45d6b3f17ca0bd06b45c4a8b3810a30 157610 libs optional 
libmikmod2_3.1.11-a-6.2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkwTnfAACgkQwJ4diZWTDt6gqgCfQCoXXIasoPBtfRglGT05BU8e
i1YAnjdqmU/eG66r/FI41oKItHvaJOwe
=AoUh
-----END PGP SIGNATURE-----



--- End Message ---

Reply via email to