Your message dated Mon, 05 Sep 2011 23:47:29 +0000 with message-id <e1r0isz-00077q...@franck.debian.org> and subject line Bug#625966: fixed in libmodplug 1:0.8.8.4-1 has caused the Debian Bug report #625966, regarding libmodplug1: libmodplug <= 0.8.8.2 .abc Stack-Based Buffer Overflow to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 625966: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625966 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libmodplug1 Version: 1:0.8.8.1-2 Severity: grave Tags: security upstream Justification: user security hole Hello, As the security contact for VLC media player, this was brought to my attention: http://www.exploit-db.com/exploits/17222/ I can confirm the bug happens, but I have no further informations at this point. Best regards, -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (100, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.38-2-686 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libmodplug1 depends on: ii libc6 2.13-2 Embedded GNU C Library: Shared lib ii libgcc1 1:4.6.0-6 GCC support library ii libstdc++6 4.6.0-6 The GNU Standard C++ Library v3 libmodplug1 recommends no packages. libmodplug1 suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: libmodplug Source-Version: 1:0.8.8.4-1 We believe that the bug you reported is fixed in the latest version of libmodplug, which is due to be installed in the Debian FTP archive: libmodplug-dev_0.8.8.4-1_all.deb to main/libm/libmodplug/libmodplug-dev_0.8.8.4-1_all.deb libmodplug1_0.8.8.4-1_amd64.deb to main/libm/libmodplug/libmodplug1_0.8.8.4-1_amd64.deb libmodplug_0.8.8.4-1.diff.gz to main/libm/libmodplug/libmodplug_0.8.8.4-1.diff.gz libmodplug_0.8.8.4-1.dsc to main/libm/libmodplug/libmodplug_0.8.8.4-1.dsc libmodplug_0.8.8.4.orig.tar.gz to main/libm/libmodplug/libmodplug_0.8.8.4.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 625...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Zed Pobre <z...@debian.org> (supplier of updated libmodplug package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 05 Sep 2011 19:21:47 -0400 Source: libmodplug Binary: libmodplug1 libmodplug-dev Architecture: source all amd64 Version: 1:0.8.8.4-1 Distribution: unstable Urgency: high Maintainer: Zed Pobre <z...@debian.org> Changed-By: Zed Pobre <z...@debian.org> Description: libmodplug-dev - development files for mod music based on ModPlug libmodplug1 - shared libraries for mod music based on ModPlug Closes: 625966 636863 637854 Changes: libmodplug (1:0.8.8.4-1) unstable; urgency=high . * New upstream version * Fixes buffer overflow in load_abc (CVE-2011-1761, closes: #625966) * Fixes integer overflow in load_wav (SA45131.1) * Fixes stack overflow in load_s3m (SA45131.2) * Fixes off-by-one errors in load_ams and load_dms that can cause stack and memory corruption (SA45131.3-5) * Added a few lines to the package description describing what mod music is. (closes: #637854) * Allow CC and CXX to contain spaces in debian/rules (closes: #636863) * Standards-Version: 3.9.2 Checksums-Sha1: 91dd0ec9432ce2e88fc4fab3937cac5ff155b15e 1648 libmodplug_0.8.8.4-1.dsc df4deffe542b501070ccb0aee37d875ebb0c9e22 546319 libmodplug_0.8.8.4.orig.tar.gz 33b6257e777ceb87585ec1c488c6cead279caa81 9045 libmodplug_0.8.8.4-1.diff.gz caf9354a5a64bb4d94e953ab3da9b8a153711a44 27530 libmodplug-dev_0.8.8.4-1_all.deb bc8d393b0239d26616c9bda9b7072b39938a5651 181468 libmodplug1_0.8.8.4-1_amd64.deb Checksums-Sha256: 55979fd87bdfc4002948ac9fd89c0f26bb94aa4e4d8660ed470aaf62bb98c6cf 1648 libmodplug_0.8.8.4-1.dsc 5c5ee13dddbed144be26276e5f102da17ff5b1c992f3100389983082da2264f7 546319 libmodplug_0.8.8.4.orig.tar.gz ee106faaebd285a57b19af63603d279ecb3b9b1b479f5e58339531448ebc7a4e 9045 libmodplug_0.8.8.4-1.diff.gz 1ad51797f710415bcc0802b5c0c8189a392dfc5d3066553edf36b176b29c3de1 27530 libmodplug-dev_0.8.8.4-1_all.deb 1baf5bfb8509510307ff40c3314c0c62cf66f0a7d89cc436eb235f127c011ce6 181468 libmodplug1_0.8.8.4-1_amd64.deb Files: 337aea4c0c135ddb1155b36abf0d0af0 1648 libs optional libmodplug_0.8.8.4-1.dsc fddc3c704c5489de2a3cf0fedfec59db 546319 libs optional libmodplug_0.8.8.4.orig.tar.gz 589d49e54221bca3187e0cb679dd62ff 9045 libs optional libmodplug_0.8.8.4-1.diff.gz c1f45f7b1efa44d47aeb6f9bd605e44b 27530 libdevel optional libmodplug-dev_0.8.8.4-1_all.deb 038b1bb141cbdf47bf043404c07edf4d 181468 libs optional libmodplug1_0.8.8.4-1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJOZVzTAAoJEEj0fFjWHGKDimEP+wXhPOEhzOxqGLN0NnvWZNOp nIpzAgdhvYqYt12nOQx4jCEoJP0xu2ix5Y2O5ysrfrg0B8Knu3EtJCTvP5N3pxVU WKGEfsRmqhRBxCr78k6EkdOY0Hrqg0uM8juib+RZETk0UnYgWgWY5xy3o6XsKnGp hi3HEKcu6bdJLB5TTK2yYDXOGzApHOE+8gdDR1ByCygcJqAZNZlrnNP8Ff9Xb0XD vgI2eQkK0WcYCg7PjaU5rJDfD+oUAg76judd1Iw4wDEFck95hYaOsicCTzFQOVKu XExi9jqEJAbZidiRkjCLCUOf0JvhqSMjYd//lGDQePwliHmegeqzWlMSv7AQytMA 8WfI2bC6x/0+WoWu1KNwtU3/G/oRMhPv/wEVPGRb2KwmXmKW13jhFN0covGPElnP XotUtoCjnWD4Ax/u4IkPTUjSGM98qP9vs245rjnw5JVtJVcGjQIWgu/iffA/tF24 mTxAUmaOeleOK5lbCNdsExuZxG5WEehP6NJMMxappFEbH3XkmqpMIZtGiIlCPF41 RgmfZCoAhjrHE7azzquJvC/R45JpU1niT45m34hdtrb1h3g+5uriQO5VlMeWo9U1 6k/DSaIPNT5BODJzpCQtDm1lvo17ZAOKsk7pMCkzdzJ4+L71vWqxbfLoEH4tMb2E nJtM2ZzXSGVwaN2LLGHg =G24p -----END PGP SIGNATURE-----
--- End Message ---
