Your message dated Thu, 08 Aug 2019 16:39:51 +0000
with message-id <[email protected]>
and subject line Bug#933807: fixed in schism 2:20190805-1
has caused the Debian Bug report #933807,
regarding schism: CVE-2019-14465
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
933807: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933807
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: schism
Version: 2:20190722-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/schismtracker/schismtracker/issues/198
Hi,
The following vulnerability was published for schism.
CVE-2019-14465[0]:
| fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-
| based buffer overflow.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-14465
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14465
[1] https://github.com/schismtracker/schismtracker/issues/198
[2]
https://github.com/schismtracker/schismtracker/commit/b78e8d32883f8a865035436af4fa6d541b6ebb42
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: schism
Source-Version: 2:20190805-1
We believe that the bug you reported is fixed in the latest version of
schism, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gürkan Myczko <[email protected]> (supplier of updated schism package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 06 Aug 2019 11:33:06 +0200
Source: schism
Architecture: source
Version: 2:20190805-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers
<[email protected]>
Changed-By: Gürkan Myczko <[email protected]>
Closes: 933807 933808 933809
Changes:
schism (2:20190805-1) unstable; urgency=medium
.
* New upstream version. (Closes: #933807, #933808, #933809)
- fmt_mtm_load_song in fmt/mtm.c (CVE-2019-14465)
- heap-based buffer overflow via a large number of song patterns
in fmt_mtm_load_song in fmt/mtm.c (CVE-2019-14524)
- integer underflow via a large plen in fmt_okt_load_song in the
Amiga Oktalyzer parser in fmt/okt.c (CVE-2019-14523)
Checksums-Sha1:
6e09e8ea11f4fd5f41b196f08ea27ec0659aa2e6 2023 schism_20190805-1.dsc
87133ebe20689be67284ffb574fc5d845caa1b15 1315705 schism_20190805.orig.tar.gz
e4d59a6df2f0b02a15edf38f2e2abc7d51bc7690 4076 schism_20190805-1.debian.tar.xz
ddf093acd30715c3028777ab3192866d59d16103 6436
schism_20190805-1_source.buildinfo
Checksums-Sha256:
fdb651b2217d95f16dd7c3aa5d55df00e134d2ffb05f28d0f779a69075a37878 2023
schism_20190805-1.dsc
3f80919c01e35ee55a749e7a1ebc5d510896a3322e0fc8b249ac34def5e69ec6 1315705
schism_20190805.orig.tar.gz
36c65e05d65442eb6d16ecd4f18d17502b02fe330a1cc740b274e940f74c0a72 4076
schism_20190805-1.debian.tar.xz
1b2d432cedb9947bf4efc59f3810b12e296348d922c357040d2b8aaa6585880f 6436
schism_20190805-1_source.buildinfo
Files:
64b8ce073bd41fb3a4af8cceaeede1fb 2023 sound optional schism_20190805-1.dsc
f8c1b188c7ebf2f9fdd3179ab7ecc2cc 1315705 sound optional
schism_20190805.orig.tar.gz
bc8bdf7a8565b7c84ee8a6911f732a47 4076 sound optional
schism_20190805-1.debian.tar.xz
3a2dac2b034b8f1345a25e7079365b61 6436 sound optional
schism_20190805-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEkjZVexcMh/iCHArDweDZLphvfH4FAl1MSToACgkQweDZLphv
fH4tHBAA4UzOWZ3iYMj2Kr7o4zNU86Jcn/CAmYZ0VO2Zo4jojHqeiuw5Z7Q9X3MC
Z+cIv5NyHiLl7bUbM7+Bi43uFZBw3kMZ/ehkHHyjILRrUh9LyxaEOzxy68iqyf/1
ORL1OBMdKxYBwa9TN9nJ6lu8KrvxygxoG+Uo6E33AqLMwKogIaiBOZ2ujp/ZR//i
3AVr4RbbQonFXvYst7NhfjfxbD8x946Gf0y9YXLzcQ5obP17UG9SaV8nHI/r54bE
NoK/BckKcLojJzQNOqCwnnFR/WimYycYJMksK4vZixrVs4yKKqWf9C9CKXZZS7UA
EFduZwxw+tgwi/7JUfs5hTEj9zLXbBLE/0lbFKCBV/ZinZxkW3AdH06QKFgxrBEw
E9t+C3SBMfRC54orej9laMrf6Iq0yvzHugfgdqdUBLSLUzEQ6Bdv1tH9BR958csm
XcfZtk0pku7dots4rynngLkUum/W7FdcaRDUQX0uaCOHudsv8HU6+1ZuLNlaI3tU
tqq1vh/S3GLmEO5LvpSYUvNIzrn2Bahzed9hc3oskzxxbSSZ42evJl6wnnklYsXF
oDTg1PF5/DcWxoqRI0RFW9OdvsfuEyG14IU6cvtM7d9PXqGOriRsQTQgkyzZmvNa
7dc8RK//LkCOVbfBDj2/sv21H5WgRqSy2MQb6aCpcOIzAjTQUi0=
=rDWn
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
pkg-multimedia-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
