Your message dated Thu, 23 May 2019 21:33:28 +0000 with message-id <e1htvl6-000hv2...@fasolo.debian.org> and subject line Bug#928729: fixed in advancecomp 2.1-2.1 has caused the Debian Bug report #928729, regarding advancecomp: CVE-2019-8379 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 928729: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928729 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: advancecomp Version: 2.1-2 Severity: important Tags: security upstream Forwarded: https://sourceforge.net/p/advancemame/bugs/271/ Hi, The following vulnerability was published for advancecomp. CVE-2019-8379[0]: | An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer | dereference exists in the function be_uint32_read() located in | endianrw.h. It can be triggered by sending a crafted file to a binary. | It allows an attacker to cause a Denial of Service (Segmentation | fault) or possibly have unspecified other impact when a victim opens a | specially crafted file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-8379 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8379 [1] https://sourceforge.net/p/advancemame/bugs/271/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: advancecomp Source-Version: 2.1-2.1 We believe that the bug you reported is fixed in the latest version of advancecomp, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 928...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated advancecomp package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 18 May 2019 22:50:20 +0200 Source: advancecomp Architecture: source Version: 2.1-2.1 Distribution: unstable Urgency: medium Maintainer: Piotr Ożarowski <pi...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 928729 928730 Changes: advancecomp (2.1-2.1) unstable; urgency=medium . * Non-maintainer upload. * Fix a buffer overflow caused by invalid images (CVE-2019-8383) (Closes: #928730) * Fix a buffer overflow caused by invalid chunks (CVE-2019-8379) (Closes: #928729) Checksums-Sha1: acd0f3fecb497059d30639edf38addf1d9d922d3 1918 advancecomp_2.1-2.1.dsc 1b5faf5f9ddc4d5e0b18d9fa39dbbd846315b53e 4876 advancecomp_2.1-2.1.debian.tar.xz Checksums-Sha256: 52a1d5e226e633b58a7bf7db07a7b55945c71ec42b5f7e38121257feebf57c2b 1918 advancecomp_2.1-2.1.dsc 1869ffc65a603769873fff8672e17d91a2ff8daf721d4b0403e05fc1ba37741a 4876 advancecomp_2.1-2.1.debian.tar.xz Files: c11ff44db2c09aa9f1d94e0a4262449a 1918 utils optional advancecomp_2.1-2.1.dsc 21d6c052e2e4ad6c98f4e60cd8ab20b6 4876 utils optional advancecomp_2.1-2.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlzgcLBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EA/IP/RDSF/K3x40FNHVikY+Ciu44usG+UymO ZrLgAGIRJsLYfRv9c9bZcau+aX+AVMFR0W0qVOaX7GB8W/E//KlZqDf3i8JPgBuU /VGdtORJuOLCCCMqxCgEPvJdVy1l6Js0NdQeHHAzCYARyj+G0ecjd8qlKCyllS8q BKK4N4fN3hROjAH0FRmTQ38HteSDivIYLnbYakNEBfRpm2ZgjndNbpaU9lfNuiAb J5X84rvJydyyL6zx2QYZ7BmjUG/xdl5WmO4Mqfxh1KKN7BVdBP00Hc3z+MuQypBF SJbwVKzRjDrPzyf7tvPxvpK6zniP167y9yMb4wkfBFdgGOSTa0cV8UND+EsdyTZ+ 9q0XbvzsP/tjpCKjPvedP7pSzv2gR+FOisrfrGWSiNhnd6CXg+ISdc1q0BSZJagj 99PP+WDFqm44hPMTHHUc3wY/Se8m1k3PDsF6OzBSlN1lX23kGhiha3GOnc9yhkTw qupZCruK28IKteNmrHcREE/eAvIONe4Q3jfTEiVTWrCvjmlXFIxQbXiQ12B//YXi QpZRf6KshD8FpWMuV6MLENb4UjRbOu+VvfqcQ/q1I9ZrJFcDuPR7HQSgb5tT38TK HT2xBDksKVU2EpiU+6FmFVFxVD/y8IZXdkHrWmrLIJJ29s9do4kGukpbmkl5UJVF koZlZax0elpc =lCAb -----END PGP SIGNATURE-----
--- End Message ---
