Your message dated Tue, 20 Mar 2012 21:32:16 +0000
with message-id <e1sa6fa-0008jr...@franck.debian.org>
and subject line Bug#664023: fixed in gnash 0.8.8-5+squeeze1
has caused the Debian Bug report #664023,
regarding [CVE-2012-1175] gnash integer overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
664023: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664023
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gnash
Severity: grave
Tags: security patch
The following vulnerability had been reported against gnash:
http://www.openwall.com/lists/oss-security/2012/03/14/5
The patch can be found in the report.
Please use CVE-2012-1175 for this issue and check if the stable version
(0.8.8-5) is affected. If it's the case, can you prepare and patch for it? I
can
take care of the DSA.
Cheers,
luciano
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Source: gnash
Source-Version: 0.8.8-5+squeeze1
We believe that the bug you reported is fixed in the latest version of
gnash, which is due to be installed in the Debian FTP archive:
browser-plugin-gnash_0.8.8-5+squeeze1_amd64.deb
to main/g/gnash/browser-plugin-gnash_0.8.8-5+squeeze1_amd64.deb
gnash-common-opengl_0.8.8-5+squeeze1_amd64.deb
to main/g/gnash/gnash-common-opengl_0.8.8-5+squeeze1_amd64.deb
gnash-common_0.8.8-5+squeeze1_amd64.deb
to main/g/gnash/gnash-common_0.8.8-5+squeeze1_amd64.deb
gnash-cygnal_0.8.8-5+squeeze1_amd64.deb
to main/g/gnash/gnash-cygnal_0.8.8-5+squeeze1_amd64.deb
gnash-dbg_0.8.8-5+squeeze1_amd64.deb
to main/g/gnash/gnash-dbg_0.8.8-5+squeeze1_amd64.deb
gnash-doc_0.8.8-5+squeeze1_all.deb
to main/g/gnash/gnash-doc_0.8.8-5+squeeze1_all.deb
gnash-opengl_0.8.8-5+squeeze1_amd64.deb
to main/g/gnash/gnash-opengl_0.8.8-5+squeeze1_amd64.deb
gnash-tools_0.8.8-5+squeeze1_amd64.deb
to main/g/gnash/gnash-tools_0.8.8-5+squeeze1_amd64.deb
gnash_0.8.8-5+squeeze1.debian.tar.gz
to main/g/gnash/gnash_0.8.8-5+squeeze1.debian.tar.gz
gnash_0.8.8-5+squeeze1.dsc
to main/g/gnash/gnash_0.8.8-5+squeeze1.dsc
gnash_0.8.8-5+squeeze1_amd64.deb
to main/g/gnash/gnash_0.8.8-5+squeeze1_amd64.deb
klash-opengl_0.8.8-5+squeeze1_amd64.deb
to main/g/gnash/klash-opengl_0.8.8-5+squeeze1_amd64.deb
klash_0.8.8-5+squeeze1_amd64.deb
to main/g/gnash/klash_0.8.8-5+squeeze1_amd64.deb
konqueror-plugin-gnash_0.8.8-5+squeeze1_amd64.deb
to main/g/gnash/konqueror-plugin-gnash_0.8.8-5+squeeze1_amd64.deb
mozilla-plugin-gnash_0.8.8-5+squeeze1_amd64.deb
to main/g/gnash/mozilla-plugin-gnash_0.8.8-5+squeeze1_amd64.deb
swfdec-gnome_0.8.8-5+squeeze1_amd64.deb
to main/g/gnash/swfdec-gnome_0.8.8-5+squeeze1_amd64.deb
swfdec-mozilla_0.8.8-5+squeeze1_amd64.deb
to main/g/gnash/swfdec-mozilla_0.8.8-5+squeeze1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 664...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gabriele Giacone <1o5g4...@gmail.com> (supplier of updated gnash package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 15 Mar 2012 08:51:14 +0000
Source: gnash
Binary: gnash-common gnash klash gnash-tools gnash-cygnal browser-plugin-gnash
konqueror-plugin-gnash gnash-dbg gnash-doc gnash-common-opengl gnash-opengl
klash-opengl swfdec-mozilla swfdec-gnome mozilla-plugin-gnash
Architecture: source all amd64
Version: 0.8.8-5+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Debian Flash Team <pkg-flash-de...@lists.alioth.debian.org>
Changed-By: Gabriele Giacone <1o5g4...@gmail.com>
Description:
browser-plugin-gnash - GNU Shockwave Flash (SWF) player - Plugin for Mozilla
and derivat
gnash - GNU Shockwave Flash (SWF) player
gnash-common - GNU Shockwave Flash (SWF) player - Common files/libraries
gnash-common-opengl - dummy package for gnash-common-opengl removal
gnash-cygnal - GNU Shockwave Flash (SWF) player - Media server
gnash-dbg - GNU Shockwave Flash (SWF) player - Debug symbols
gnash-doc - GNU Shockwave Flash (SWF) player - API documentation
gnash-opengl - dummy package for gnash-opengl removal
gnash-tools - GNU Shockwave Flash (SWF) player - Command-line Tools
klash - GNU Shockwave Flash (SWF) player - Standalone player for KDE
klash-opengl - dummy package for klash-opengl removal
konqueror-plugin-gnash - GNU Shockwave Flash (SWF) player - Plugin for
Konqueror
mozilla-plugin-gnash - dummy package for renaming to browser-plugin-gnash
swfdec-gnome - dummy package for transition to gnash
swfdec-mozilla - dummy package for transition to browser-plugin-gnash
Closes: 605419 649384 664023
Changes:
gnash (0.8.8-5+squeeze1) stable-security; urgency=high
.
* Fix CVE-2012-1175 (Closes: #664023).
* Fix CVE-2010-4337 (Closes: #605419).
* Fix CVE-2011-4328 (Closes: #649384).
+ Add libboost-iostreams-dev as B-D.
Checksums-Sha1:
7632e517de3029053742978aaf32fcbd89a2d3ff 2362 gnash_0.8.8-5+squeeze1.dsc
0643f95693022b9fe6c574799f3e90e0d0eb6655 5074764 gnash_0.8.8.orig.tar.gz
845a615c75fd8d4f9763f91a68bf99ddbb4cd3cc 42342
gnash_0.8.8-5+squeeze1.debian.tar.gz
3cd6a9d4343c7e1cb8c977c4e2339bd0c86b5d2c 5703642
gnash-doc_0.8.8-5+squeeze1_all.deb
3dd9e93d7af693ddf352bdf4f6a59578b8a6ca9a 2786880
gnash-common_0.8.8-5+squeeze1_amd64.deb
7060922685a1486857f55771fafb2a53b294f88d 181534
gnash_0.8.8-5+squeeze1_amd64.deb
f81360534b88c47fd9a8b039df2c0047db5b6adb 181526
klash_0.8.8-5+squeeze1_amd64.deb
5cbc962f8800b7ff8d54f4951e4ae835e9e9511d 160236
gnash-tools_0.8.8-5+squeeze1_amd64.deb
d6cabd5f875a2b117129b36e8defa73dbd45adfb 160074
gnash-cygnal_0.8.8-5+squeeze1_amd64.deb
9df288276f81db44be5882e18a037f3eddb51b2e 142164
browser-plugin-gnash_0.8.8-5+squeeze1_amd64.deb
752068ba6f7db7d3807c697376d0f766ce8cf0ce 55170
konqueror-plugin-gnash_0.8.8-5+squeeze1_amd64.deb
af757e874ff14a69bcc1cb059696c86fdf562c7b 31481204
gnash-dbg_0.8.8-5+squeeze1_amd64.deb
0022280e26df929a74791d076c3abce0d9269911 24834
gnash-common-opengl_0.8.8-5+squeeze1_amd64.deb
764e5981fbd4e32fdde743c80253faa2abc0409b 24832
gnash-opengl_0.8.8-5+squeeze1_amd64.deb
69c4d5342fc91c279e5273cc5bc4cd427e5a4be3 24830
klash-opengl_0.8.8-5+squeeze1_amd64.deb
3e01507acac0803415d86cfa57102dd0519ee0b9 24856
swfdec-mozilla_0.8.8-5+squeeze1_amd64.deb
e4a10616fc961b2ce8f4bcf26fd924e219f2f812 24832
mozilla-plugin-gnash_0.8.8-5+squeeze1_amd64.deb
530d5d8e248904144374891a1232b6dafdce1aed 24838
swfdec-gnome_0.8.8-5+squeeze1_amd64.deb
Checksums-Sha256:
d7a1088e9c613f186620f8b9f88621f7f5ace70d01e841a7d9e90486acf1afb7 2362
gnash_0.8.8-5+squeeze1.dsc
3f19ddf1d18ba28ad949fb4eb3468786cd28abb59154a68a002551ee4e67f5e4 5074764
gnash_0.8.8.orig.tar.gz
bb1cfa4e3ddfe1a4a92becc2f890d2c827d82746e86045b556ea9bbfab8d0786 42342
gnash_0.8.8-5+squeeze1.debian.tar.gz
6c62bb20211d01179bab18864632c88d6e370ca2f39707ad3c08cf7f3df162f3 5703642
gnash-doc_0.8.8-5+squeeze1_all.deb
560170aa8b2a18bf99fe8fa6b864d82b47665c9b36536e6c75f441742155273f 2786880
gnash-common_0.8.8-5+squeeze1_amd64.deb
4fc56fc9c4e0e2088df6e50d041326be8d9b265dc684a007ee4a404fff55019a 181534
gnash_0.8.8-5+squeeze1_amd64.deb
e3bccb5ca0b6ff5ea32ab6c8f52f0658407130d856e0db3a443b633671bbf3af 181526
klash_0.8.8-5+squeeze1_amd64.deb
88bdc5b566c53a5ba0426bf3fa6c0773403f3401914384e12e53a555556dcb1b 160236
gnash-tools_0.8.8-5+squeeze1_amd64.deb
f6983c60058f8913a9e9a4df38ef94dadc147ef8dd19822ced8991c305b87cea 160074
gnash-cygnal_0.8.8-5+squeeze1_amd64.deb
39f11742108c91788a1abcbdcb6fa8927b62bda5a3c2b098a842a4ed2f4738f6 142164
browser-plugin-gnash_0.8.8-5+squeeze1_amd64.deb
0a659b3160c690f65c9e146a8734d323145f5999b30c501b39c63e33c2de0ca3 55170
konqueror-plugin-gnash_0.8.8-5+squeeze1_amd64.deb
d797615e36ff9195f3b0b16d3428dbda731f242d7f7e13e1e7a3937bbb28ea6a 31481204
gnash-dbg_0.8.8-5+squeeze1_amd64.deb
6edb169d809dbbe25d6f43a43fdc88ee06528a642112202d38b0f380af9b5407 24834
gnash-common-opengl_0.8.8-5+squeeze1_amd64.deb
e824821631f26ef94e826bcb7e747d77699ca943fdaa1cbabbe65e2ced0f372e 24832
gnash-opengl_0.8.8-5+squeeze1_amd64.deb
8873fb764f36544e5f5508c9233d3bc4d811b225d483f2892a579c6609d1737b 24830
klash-opengl_0.8.8-5+squeeze1_amd64.deb
b654fe44e6d900a7fe1e9ec65fecfcfc019c234d8f9903d1742f039191aae206 24856
swfdec-mozilla_0.8.8-5+squeeze1_amd64.deb
44c20d18c335400e3066e10c9a188a474bea5594ae768c9faeef309946b5d336 24832
mozilla-plugin-gnash_0.8.8-5+squeeze1_amd64.deb
6c8b9cb38a3616168cbd0af67e6ac81eed57f02a9b7a1a13e1ccf1d1289d8b5b 24838
swfdec-gnome_0.8.8-5+squeeze1_amd64.deb
Files:
845b72a3bea29e2934d476dc5a593aae 2362 video optional gnash_0.8.8-5+squeeze1.dsc
aec414ee3bebb8901054818fae735214 5074764 video optional gnash_0.8.8.orig.tar.gz
e83e0b5314a9413c52bd08074e9683f9 42342 video optional
gnash_0.8.8-5+squeeze1.debian.tar.gz
559e08de360962df5eb8a327084a07e4 5703642 doc optional
gnash-doc_0.8.8-5+squeeze1_all.deb
7e1cf9562d9c41b9b7a89f3186a5aeb5 2786880 video optional
gnash-common_0.8.8-5+squeeze1_amd64.deb
1e2a82a1e0aa3a0adaf543e4cfeb2747 181534 video optional
gnash_0.8.8-5+squeeze1_amd64.deb
234296bc660f4f80627c84c517b6d6a9 181526 video optional
klash_0.8.8-5+squeeze1_amd64.deb
a8fb1ecf800e51cd67ea0336b60be2a8 160236 video optional
gnash-tools_0.8.8-5+squeeze1_amd64.deb
9f0a57441a7164753585982e4641c90a 160074 video optional
gnash-cygnal_0.8.8-5+squeeze1_amd64.deb
632169dc99fb41df4970d5809bed6762 142164 video optional
browser-plugin-gnash_0.8.8-5+squeeze1_amd64.deb
df7f15d9988bee8009713e5c9fa709e0 55170 video optional
konqueror-plugin-gnash_0.8.8-5+squeeze1_amd64.deb
e511523aaa90cc04cfac51224cec109e 31481204 debug extra
gnash-dbg_0.8.8-5+squeeze1_amd64.deb
2ab519de203ded364fddc41ce60c58c2 24834 video extra
gnash-common-opengl_0.8.8-5+squeeze1_amd64.deb
ae632b63ac4f44bc8214a3a22c2ca804 24832 video extra
gnash-opengl_0.8.8-5+squeeze1_amd64.deb
811101dd859f0af75e76f79d735a8ec9 24830 video extra
klash-opengl_0.8.8-5+squeeze1_amd64.deb
1839d66d664fb84f54dc8e79f2922cec 24856 video extra
swfdec-mozilla_0.8.8-5+squeeze1_amd64.deb
d78e0ffd2a90a060b72905e0f2b3e7bd 24832 video extra
mozilla-plugin-gnash_0.8.8-5+squeeze1_amd64.deb
6e931c9e6c256cb30f2bf1e3356acee2 24838 video extra
swfdec-gnome_0.8.8-5+squeeze1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk9j968ACgkQQWTRs4lLtHk8qQCdHRyv5Jga7RMa7ZbDddIBqwBl
2vUAnjv0pxfLwHLGs1baNUuJ1uBT9gde
=rLpn
-----END PGP SIGNATURE-----
--- End Message ---
