Your message dated Tue, 12 Feb 2019 15:37:41 +0000
with message-id <[email protected]>
and subject line Bug#917416: fixed in libsndfile 1.0.28-5
has caused the Debian Bug report #917416,
regarding libsndfile: CVE-2018-19758: heap-buffer-overflow in wav_write_header
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
917416: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917416
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libsndfile
Version: 1.0.28-4
Severity: important
Tags: security upstream
Forwarded: https://github.com/erikd/libsndfile/issues/435
Hi,
The following vulnerability was published for libsndfile, opening
downstream bug report for tracking the issue.
CVE-2018-19758[0]:
| There is a heap-based buffer over-read at wav.c in wav_write_header in
| libsndfile 1.0.28 that will cause a denial of service.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-19758
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19758
[1] https://github.com/erikd/libsndfile/issues/435
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libsndfile
Source-Version: 1.0.28-5
We believe that the bug you reported is fixed in the latest version of
libsndfile, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
IOhannes m zmölnig (Debian/GNU) <[email protected]> (supplier of updated
libsndfile package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 12 Feb 2019 15:59:58 +0100
Source: libsndfile
Architecture: source
Version: 1.0.28-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <[email protected]>
Changed-By: IOhannes m zmölnig (Debian/GNU) <[email protected]>
Closes: 876783 884735 917416
Changes:
libsndfile (1.0.28-5) unstable; urgency=medium
.
[ Ondřej Nový ]
* d/control: Set Vcs-* to salsa.debian.org
* d/changelog: Remove trailing whitespaces
.
[ Felipe Sateler ]
* Change maintainer address to [email protected]
.
[ IOhannes m zmölnig (Debian/GNU) ]
* Normalize patches with 'gbp pq'
* Add patch to fix buffer overflows in alaw/ulaw code
(CVE-2018-19661, CVE-2018-19662, CVE-2017-17456 and CVE-2017-17457).
Thanks to Hugo Lefeuvre <[email protected]> (Closes: #884735)
* Patch to fix division by zero (CVE-2017-14634)
Thanks to Fabian Greffrath <[email protected]> (Closes: #876783)
* Patch to fix heap read overflow (CVE-2018-19758)
Thanks to Erik de Castro Lopo <[email protected]> (Closes: #917416)
* Patch to ensure that maxnum channels is not exceeded.
Thanks to Brett T. Warden <[email protected]>
* Declare that "root" is not required to build this package
* Removed whitespace at end of d/changelog
* Bumped dh compat to 12
* Bump standards version to 4.3.0
Checksums-Sha1:
4d5f1c81b5d55d14520c2945093d94eacff22bae 2195 libsndfile_1.0.28-5.dsc
caf1b1b16264c42efc00043c6e24d88772a658d3 16088
libsndfile_1.0.28-5.debian.tar.xz
c6631b5c8685da32e78da60cd4b6b28fab477b68 6704
libsndfile_1.0.28-5_amd64.buildinfo
Checksums-Sha256:
0065a33489ef2bc79e94c805a150369c096163776f567724918bf89da2916eda 2195
libsndfile_1.0.28-5.dsc
d58f7448e1d45457c8593b72c550a4c48d4aa094f930c2a5149c7bb82bc93291 16088
libsndfile_1.0.28-5.debian.tar.xz
db0fdf23a8db0a2e8651669881e864d0c6e67160edac0c05bddca845be161f5e 6704
libsndfile_1.0.28-5_amd64.buildinfo
Files:
09028a82ce0166635d3bc780ca4be327 2195 devel optional libsndfile_1.0.28-5.dsc
b0e2293bad7a72173d19ac5f9dffb051 16088 devel optional
libsndfile_1.0.28-5.debian.tar.xz
76f1f665f8362236e2043755c565926c 6704 devel optional
libsndfile_1.0.28-5_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEdAXnRVdICXNIABVttlAZxH96NvgFAlxi4JcACgkQtlAZxH96
NvghiQ//b52qFtYrEGNSvTi00imiqY6XTCqBR6GBZN6Sto7jWtY/RJEE+xJOhBhU
EnJo+xiG0fbda9iEV5EMy1pvZGr2YUfkGBcr4xTNCf+F4rQRgSuVNvKwzuxEfM1M
Tixp/sVH9DW4pOy6BPOmdbAjtf6ALOog5Hh6DdSdKNWD6vJqM0q6jHJmOQZHgE5O
2AqvFbYxLjNPMjX9C173DRZ9OvKzI6C5Df7R9RbAFiSWk/hv2yk76Y2U0QyN/43G
7gckO947zAjwf+lRjOu8IQ5s3U/Q91K1ghYuPn/Lpat57z7xl2JMZ1PHLYApHMt+
f3RvX9Lnye2QsZf+Huz7GN6jgxsBUiJicQyzVm0jkGbnPqKjbuaogRlefAt9oJ87
lms77grSTrjgRFH4s9lXN0FCfMmw5pMCJ64fQAnPI6Cct8W279INTVC2jFm48d8X
KXpY8yfMwjEi4VJnd8ApnacER7buXOyFHvQj82iYmSvNzQcekRPs/JdkDjoyNmNi
1j78Jv8LyQIzse6VkPSh8bfgQe2z+l6QV3x9opir0y1x45IvC8xr/ga23MZD0R0c
xpeclKxeau1zadLkqFc1+piNPDIu4YMULOE77BTe+Uqzc/XCDPvIsB724+nS/X5t
MTi18jHamdikrTnJ7KTuVK0Yd3r4cwI7/19cUPcSnlFOsry7cvQ=
=OMcG
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
pkg-multimedia-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
