Your message dated Sun, 08 Mar 2015 16:21:03 +0000 with message-id <e1yudwt-0005bu...@franck.debian.org> and subject line Bug#775913: fixed in vala-0.26 0.26.1-1.1 has caused the Debian Bug report #775913, regarding vala-0.26: CVE-2014-8154: Heap-buffer overflow in vala-gstreamer bindings at Gst.MapInfo() to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 775913: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775913 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: vala-0.26 Version: 0.26.1-1 Severity: grave Tags: security upstream patch fixed-upstream Control: fixed -1 0.26.2-1 Hi, the following vulnerability was published for vala-0.26. CVE-2014-8154[0]: Heap-buffer overflow in vala-gstreamer bindings at Gst.MapInfo() If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-8154 [1] https://git.gnome.org/browse/vala/commit/?id=3092537db65887e24a3d3e87a27caf9c5295e4f7 [2] https://bugzilla.gnome.org/show_bug.cgi?id=678663 [3] https://bugzilla.novell.com/show_bug.cgi?id=913071 [4] https://bugzilla.redhat.com/show_bug.cgi?id=1181404 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: vala-0.26 Source-Version: 0.26.1-1.1 We believe that the bug you reported is fixed in the latest version of vala-0.26, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 775...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. gregor herrmann <gre...@debian.org> (supplier of updated vala-0.26 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 06 Mar 2015 16:58:06 +0100 Source: vala-0.26 Binary: valac valac-0.26 valac-0.26-vapi vala-0.26-doc libvala-0.26-0 libvala-0.26-dev valac-0.26-dbg libvala-0.26-0-dbg Architecture: source all amd64 Version: 0.26.1-1.1 Distribution: unstable Urgency: medium Maintainer: Maintainers of Vala packages <pkg-vala-maintain...@lists.alioth.debian.org> Changed-By: gregor herrmann <gre...@debian.org> Description: libvala-0.26-0 - C# like language for the GObject system - library libvala-0.26-0-dbg - C# like language for the GObject system - library symbols libvala-0.26-dev - C# like language for the GObject system - development headers vala-0.26-doc - C# like language for the GObject system - documentation valac - C# like language for the GObject system valac-0.26 - C# like language for the GObject system valac-0.26-dbg - C# like language for the GObject system - debug symbols valac-0.26-vapi - C# like language for the GObject system - vapi files Closes: 775913 Changes: vala-0.26 (0.26.1-1.1) unstable; urgency=medium . * Non-maintainer upload. * Fix "CVE-2014-8154: Heap-buffer overflow in vala-gstreamer bindings at Gst.MapInfo()": add patch mapinfo.date-array-length.patch, taken from upstream git: https://git.gnome.org/browse/vala/commit/?id=22126ebad3b2133db39bcf301c29c8b78b440f1a (Closes: #775913) Checksums-Sha1: 5c2107b70f8a3974e39d75bc5e32b9465669f649 2825 vala-0.26_0.26.1-1.1.dsc 8ae9e0649dc27eab3d64e80addc7e8f57afbe09d 24056 vala-0.26_0.26.1-1.1.debian.tar.xz afda298215c3cdd19f11d746f8cf67bcd4011f4d 146332 valac_0.26.1-1.1_all.deb 2f863efb72b2759fa1bd1a93936fc6d84ed8c9b6 813914 valac-0.26-vapi_0.26.1-1.1_all.deb 5e29ea2683d64f6bacaec9aaadf3bc177588bdc4 153472 vala-0.26-doc_0.26.1-1.1_all.deb Checksums-Sha256: c731322e9ce269444b49e961742e9d8f8e00fac7a6892bce1d33fcd8890012b1 2825 vala-0.26_0.26.1-1.1.dsc ece03d323b4613b2aff0e6e0c3957f036e1c31aa66961ece32aff054897b72f5 24056 vala-0.26_0.26.1-1.1.debian.tar.xz 5dcbd338d101776e9082ca6c0adf30b5f0e3e7207d4b0102aaa80a97b6d2436e 146332 valac_0.26.1-1.1_all.deb 9d1b98e3c16e0e7e0bbc520fbc105f51c59de3776b80b71aa55f2b0183960d92 813914 valac-0.26-vapi_0.26.1-1.1_all.deb af14f1dc04e56f6ac007e11517ac5adee801fbdcba088dd565b77c487676ea5e 153472 vala-0.26-doc_0.26.1-1.1_all.deb Files: 9acdc177e6e7e8c2638bfebda3aa6d15 2825 devel optional vala-0.26_0.26.1-1.1.dsc ff528ec6223f24122db03f0ec574a451 24056 devel optional vala-0.26_0.26.1-1.1.debian.tar.xz dbb6807250d7cec856ca1bb5ab11f7ac 146332 devel optional valac_0.26.1-1.1_all.deb 34c56ab7b84515a76275f1ffd11f74fc 813914 devel optional valac-0.26-vapi_0.26.1-1.1_all.deb 35915749ed4468c54b2c17ac6ad9421c 153472 doc optional vala-0.26-doc_0.26.1-1.1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJU+c+GXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXREMUUxMzE2RTkzQTc2MEE4MTA0RDg1RkFC QjNBNjgwMTg2NDlBQTA2AAoJELs6aAGGSaoGLf0QAJ8P311mtaekbAOWUmX6sVSN q1z4MNaJi0cGZ+IeywxuPA+3KXgpbxKTApqZH7JaUJEP8L+aTvtQbAty3oS72/cu ++J5UnQYxBJmMdgJ84M2E3O7rTORfM7ptPgdtzFPtmjyX9C8U4Mee3AhgisguoeY Qbd5BP+6Q7Z1xctsPLTN8+071weAprS/wwD4/Iir/xHU41aLtVBy5eAiTIynFJQt 0BEsARVPHumlnk+9dE5WUXhNhbtXJd2gFXgZJWerY50cD2AXh3v6+WrpdiR13TJ/ jqA6zELN+RCgGfNeDQpha/eFoiAr0p7th+FgmLXD6YmFsqFCAV6rdxF3rF/gTfOY 4FEoeNrz1FfCOCGIzEDymhFqjUyJjGdp8uhlxUIJTXUVcr07+bHtAzpfL5Tw/lot ycPextGoJcUUfOST9Y/fRr5fNDv0cF+Fs1F6Mj9R9KnoQmFCxPiIFU5L7QxESy7M niKHp3NXoxxspM0Q/6jJoWUlp9zk/tUpPwpMbwB5SJ1/MtIkjuTxlCy7zCHQXtcz eT4DaXUZawIorvNyokvUqgVOkEE7pnbd1aqT/AZndGTyGnY3i1TkDTXuXPNsA5+y EJ4a9I5o9uiPDGOaxQVOukE2rOUnaFKKyUQ1C8oXveQFQ2bUYnwVld2ldpj7zgYP xEfDu7hfGg/X2zRLh/bN =tDRX -----END PGP SIGNATURE-----
--- End Message ---
