Your message dated Sun, 04 Feb 2018 23:21:35 +0000 with message-id <e1eitbl-000avr...@fasolo.debian.org> and subject line Bug#889545: fixed in libopenmpt 0.3.6-1 has caused the Debian Bug report #889545, regarding libopenmpt0: CVE-2018-6611 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 889545: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889545 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libopenmpt0 Version: 0.3.1-1 Severity: grave Tags: security This security update was published for libopenmpt: https://lib.openmpt.org/libopenmpt/2018/02/03/security-update-0.3.6/ > The OpenMPT/libopenmpt project released the latest stable libopenmpt version: > > libopenmpt 0.3.6 (2018-02-03) > [Sec] Possible out-of-bounds memory read with malformed STP files. (r9576) The bug only affects 0.3.x so it will not require any updates to stable. I have requested a CVE for this bug. Thanks, James
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---Source: libopenmpt Source-Version: 0.3.6-1 We believe that the bug you reported is fixed in the latest version of libopenmpt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 889...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. James Cowgill <jcowg...@debian.org> (supplier of updated libopenmpt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 04 Feb 2018 23:09:22 +0000 Source: libopenmpt Binary: openmpt123 libopenmpt0 libopenmpt-dev libopenmpt-doc libopenmpt-modplug1 libopenmpt-modplug-dev Architecture: source Version: 0.3.6-1 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers <debian-multime...@lists.debian.org> Changed-By: James Cowgill <jcowg...@debian.org> Description: libopenmpt-dev - module music library based on OpenMPT -- development files libopenmpt-doc - module music library based on OpenMPT -- documentation libopenmpt-modplug-dev - module music library based on OpenMPT -- modplug compat developme libopenmpt-modplug1 - module music library based on OpenMPT -- modplug compat library libopenmpt0 - module music library based on OpenMPT -- shared library openmpt123 - module music library based on OpenMPT -- music player Closes: 889545 Changes: libopenmpt (0.3.6-1) unstable; urgency=medium . * New upstream release. - Fixes CVE-2018-6611 (Closes: #889545). . * debian/copyright: - Update dates. * debian/compat: - Use debhelper 11. * debian/control: - Set Maintainer to debian-multimedia@lists.d.o. - Switch Vcs URLs to salsa.debian.org. - Bump standards version to 4.1.3. * debian/rules: - Revert workaround implementing build targets manually now that debhelper has been fixed. Checksums-Sha1: 68605b76b113269e8fed7af312497e83ca43527e 2589 libopenmpt_0.3.6-1.dsc 00041fe8ee777399316b09541fd2c713c920df05 1409983 libopenmpt_0.3.6.orig.tar.gz 9fe2f103619cf614735525a479b56d4ab9970248 12336 libopenmpt_0.3.6-1.debian.tar.xz ce073b32776655b0337b2fc8889ae072a28e89f2 5767 libopenmpt_0.3.6-1_source.buildinfo Checksums-Sha256: 3e9131101540793a44323aef4bc146dccd608ace202245b0032552c098f64da6 2589 libopenmpt_0.3.6-1.dsc 0a49e4770c9c7778cd6544ad559bff873ec905c4a3ba6521f6bf192b1c0b34d2 1409983 libopenmpt_0.3.6.orig.tar.gz 74d9634433a10c335be3ce612657dc4bc0bf26647e1f521edd0c0e7dde27821c 12336 libopenmpt_0.3.6-1.debian.tar.xz 6567d654392112b261cdadf93658ce8ffb5aee91fea421a199fb923662c6cbe5 5767 libopenmpt_0.3.6-1_source.buildinfo Files: e89ebf3226d8d7e6bb443df8bef08c29 2589 libs optional libopenmpt_0.3.6-1.dsc f8159da38cbbecdae3792ec4d3a535e6 1409983 libs optional libopenmpt_0.3.6.orig.tar.gz 1a9bf4b251466a1dbf4c06cc1fc9d467 12336 libs optional libopenmpt_0.3.6-1.debian.tar.xz c40de97af42275fcfdeda578dc61fbc1 5767 libs optional libopenmpt_0.3.6-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAlp3k9IUHGpjb3dnaWxs QGRlYmlhbi5vcmcACgkQx/FnbeotAe9d/g/8C7T90UdGfOtTJo6qyT7+zwQRKOBt bjfCg51K6GywX3CKh9aDmdsuySI/fyFTSl47g1+JXkcJMko0O7QA9/8uD98BXXQw kedyVAvYvoYRWFOd1z7eRmOu0YD0J6qCvlBReHG8Nk3dw0lrPSxHSdFTyzttHp6S hgkTi2E9WETfoogaZWX2IUFzlx9YXqJQnDCEATiU3nrdvdQhm+NzBs41dHnsm48I 31Bc0TKVyHb/6c4ImCi8OEKKp6RIx3IcAk+ITJjROWKrNvZ3kvwizap/hle4e/PQ y1EEZfihaxTAhjdf1YM4b90FAoLj/TmpDik8xGyUeCagsLZf7FEIfPH1H/Ub+wyO cJyHI0YqRNtZWStMGM9sZQL00hYKbqE/k+wpfM8qnHQ3BWO0N/FgXbsIR+3GLHK1 sKmC0IteKreKm4WQvQ1xeKbM1Zb36C+ZDp4qY8JiC+GgqYspz7HOAmtmuj4iMSq6 Koymo11i4LD1uXSEo9ifpPhdRcJkRbyoayL+z8O86CgQArYe4Nzvshqlv7ds14Jm TDc2V7VBgUU4xGtqJpUvMteNuYSkRZ6N8o/uPNJpg43qrWHZTUkZqZWNQjcF7E05 GeJYeki4XzhSMlVUDwZAXf8MKf5d3SKGPaorjbQ7jXuo5stqhjRUxvW3WLlcFjgN DMEkoD2xrTa7ZK8= =ll03 -----END PGP SIGNATURE-----
--- End Message ---
