Your message dated Tue, 17 Sep 2019 15:00:30 +0000
with message-id <e1iaexy-0000ic...@fasolo.debian.org>
and subject line Bug#939040: fixed in srt 1.4.0-1
has caused the Debian Bug report #939040,
regarding srt: CVE-2019-15784
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
939040: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939040
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: srt
Version: 1.3.2-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/Haivision/srt/pull/811
Hi,
The following vulnerability was published for srt.
CVE-2019-15784[0]:
| Secure Reliable Transport (SRT) through 1.3.4 has a CSndUList array
| overflow if there are many SRT connections.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-15784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15784
[1] https://github.com/Haivision/srt/pull/811
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: srt
Source-Version: 1.4.0-1
We believe that the bug you reported is fixed in the latest version of
srt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 939...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Federico Ceratto <feder...@debian.org> (supplier of updated srt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 17 Sep 2019 10:38:25 +0100
Source: srt
Architecture: source
Version: 1.4.0-1
Distribution: unstable
Urgency: medium
Maintainer: Federico Ceratto <feder...@debian.org>
Changed-By: Federico Ceratto <feder...@debian.org>
Closes: 939040
Changes:
srt (1.4.0-1) unstable; urgency=medium
.
* New upstream release (Closes: #939040)
Checksums-Sha1:
d6e40a16e6ae075e95c072342ab3ff2023c8f2bc 2018 srt_1.4.0-1.dsc
0ea29d7bbd8616a98dcea9d8ee3fa1d1e04ff81d 1293647 srt_1.4.0.orig.tar.gz
85397dc5e871dbcf42c9c6133e6f556cf91d229d 7836 srt_1.4.0-1.debian.tar.xz
36d5716b08c4fe486067dc5e5c19ff0293a4dc1c 9078 srt_1.4.0-1_amd64.buildinfo
Checksums-Sha256:
5aee971bd0b8d25a8af24d084a1d35830911f1ab48596fdf255513e2a20c5a92 2018
srt_1.4.0-1.dsc
c2ba0bb9382ab42f9eebac831dc021e7da26b2971aaeb30a891dd24297bd929c 1293647
srt_1.4.0.orig.tar.gz
ce63d08285d44466fefbd71d795252af21b88599bdc264e41a0383aebfce7646 7836
srt_1.4.0-1.debian.tar.xz
4384a1732ac10c4eda4ef764358894d1ef737173ed57424928e4d717bb5e653c 9078
srt_1.4.0-1_amd64.buildinfo
Files:
d702cb47e7ee29d492cb1848a6834577 2018 libs optional srt_1.4.0-1.dsc
f4a578206288cd7a2237938f3fcb8305 1293647 libs optional srt_1.4.0.orig.tar.gz
19f02f4effd1c4416e248b5cedf6420c 7836 libs optional srt_1.4.0-1.debian.tar.xz
b80fe583c17570989a3bf12bcf8ebae1 9078 libs optional srt_1.4.0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfKfd+zM5IUCMbyuWbzG8RPUXfaoFAl2A5GAACgkQbzG8RPUX
farCAA//WTjbWwTPWBo7dn56GjNhdSkIcdglgKjZUSEnIIYyRd727xVOpeWnK4UN
QI5eGuUdW49KtPhmJ+CiiEIu6/WWX7XYpy2VuhdMDohulR49flMwQTsX7jT6jSUy
xjTtbAqPyp/g1lCbMj/iDTcR4xbEeNJ0k32nslmPQLHGVgI4UvVONcCTbFtXzR16
CTGmj9xHaKz+3WNnrQSREm8VVwHEs4aF8UiaUXas8oxjdHZpNhVTnT7Cgj1Zn/Eu
9jiHDdr3kUglljrXLxgqiIVkFpzXMDwGDIH/J0qHchDX9wSxBbkoRQR0Ca9VBoYE
z3Sxna9gi2wWo2AUUFIe1ZsKFJtbXv36KQlvoGd2tiadiLGKIxvKe9WytRy5mQOz
AxdKXDmBD+QB7rFaNwVGdFB4gvOHer6XWPkTI1+icX+baitIb7JwAkQk+2GrcVR9
Uri5Ru3wqxzWMSE/ytx/blb4f5uXFlmXHbuyDX6hbjD34b9lLu4/UvB7mei2+hHZ
TV40hL5ZPNvU6hWQEHZu2Vvz7hf0IDPWYR7ybVjvf6g7fE1S0ac+qoN+MqVKvvJT
AahUUqtQ33a2dEcs3CpSENk+9FjMc0yBQsj9iS2NQ18CD9lP9AsToB6e5gD5ZZi9
z2kKNCgNLWVGvPc1ZFcZY9/LKZl1rpGLnKvB5Dh/xHC7eYWMnDQ=
=jkdb
-----END PGP SIGNATURE-----
--- End Message ---
