Your message dated Mon, 18 Jun 2018 19:35:01 +0000 with message-id <e1fuzvz-000ek4...@fasolo.debian.org> and subject line Bug#898943: fixed in smplayer 18.5.0~ds1-1 has caused the Debian Bug report #898943, regarding Multiple vulnerabiliities in Mongoose to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 898943: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898943 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: smplayer Severity: grave Tags: security smplayer seems to embed Cesenta Mongoose: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2892 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2893 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2894 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2895 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2909 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2921 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2922 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: smplayer Source-Version: 18.5.0~ds1-1 We believe that the bug you reported is fixed in the latest version of smplayer, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 898...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Reinhard Tartler <siret...@tauware.de> (supplier of updated smplayer package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 18 Jun 2018 14:58:36 -0400 Source: smplayer Binary: smplayer smplayer-l10n Architecture: source Version: 18.5.0~ds1-1 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers <debian-multime...@lists.debian.org> Changed-By: Reinhard Tartler <siret...@tauware.de> Description: smplayer - Complete front-end for MPlayer and mpv smplayer-l10n - Complete front-end for MPlayer and mpv - translation files Closes: 897863 898943 Changes: smplayer (18.5.0~ds1-1) unstable; urgency=medium . [ Reinhard Tartler ] * New upstream release. * Disable chromecast support to workaround security issues in the "simple web server" mongoose (Closes: #898943) . [ Mateusz Ĺukasik ] * Add debian/patches/07-fix-ftbfs-gcc8.patch: - Fix FTBFS with gcc-8. (Closes: #897863) Checksums-Sha1: cb7e0a81df0ad9355044a885551ba27ef6ae68cd 2317 smplayer_18.5.0~ds1-1.dsc d43065cd07c66e8b354be1d929a98e25a9805fd1 4585206 smplayer_18.5.0~ds1.orig.tar.bz2 05f419da4c67210cb33009d7a1be53dd411b97fc 15160 smplayer_18.5.0~ds1-1.debian.tar.xz Checksums-Sha256: c0af90e30fbcd0016be28cacddd772b25777ee4d90322f037cb1cba352100c3a 2317 smplayer_18.5.0~ds1-1.dsc 1e0f17b34527157c33a397b3e2cc8472a9e01c6786f62494771fea81afd8fbee 4585206 smplayer_18.5.0~ds1.orig.tar.bz2 e87120186934b3dfadb0179b6751720bfe52d45eec8c4b05f67742b4ddde9daa 15160 smplayer_18.5.0~ds1-1.debian.tar.xz Files: a16ce37494288323d44f09ce3e163a8d 2317 video optional smplayer_18.5.0~ds1-1.dsc 09c5fab8d18acde34991c71d922fcc2a 4585206 video optional smplayer_18.5.0~ds1.orig.tar.bz2 3dcfdaca497a397eb832a38e063d8497 15160 video optional smplayer_18.5.0~ds1-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEE6n5rckvJ+/LRcetya3IL6cXPbZ4FAlsoBHQUHHNpcmV0YXJ0 QHRhdXdhcmUuZGUACgkQa3IL6cXPbZ6O6BAAhPPvYGxXhIrQuJ+o/WdG+HHxRNz0 Z7uIbpvBOdJ99sTBvkmg9mGj/T2jGk/t4skn7Dl+GEnZqtAx+IlesbyRAButxTIO Ygr7NJGGstpSaqrmix2XRcW9oTAxkBZgZAy6TFmc/asBwZsdWyzyh1Hd2wsCRgNr P7Ophfe1e9oj7WuxcY0Z4+D5LbJogaPXEu01ul/3Co5oV3tRLvPHRg6hJpNPiOiM kSm83rKDh1QqAZKKio3T4jB0I+xGWiNormFuDPP08Fj2bNujEnR3Pg7kbfWrfHUt mn6B5Ei5paX/LHUwxblLlwy2MJ2UHqqvcfvIug799+FtlEMMxJTHjks0lLMhHHeS qoAQTRcrnOdxCRY0xg7XjFt6NJF/meFI2wcih9yM4/BQNVS77Ak6FAYWWN31Llqn znJbKMANG23KoC8Pb0gKpVTXTjZHG1Th+ZlfaBlfwzWmz92zOU2iL6KTnOv8H00H Stq+P9vIvTF5IzXD73TwTjr/O1ZsWydMXJxZ8TJoFifknsJdFfjrC7SDV+wKGxCX yuOXCO/VDx22ZELJqc4GtZluN8Y0oASfCX3fshO5uJr3/O6tIneSRiw08KL3ZxaG CvvRjRWk6miekz3cri2zYbBk9TsgY8k1OCnA4nafSC9o2cHWu2j7PfUDOvNSatkO +UC721ZPK+3jQDc= =lGUZ -----END PGP SIGNATURE-----
--- End Message ---
