Your message dated Thu, 26 May 2016 10:01:11 +0000 with message-id <e1b5s6j-0000zs...@franck.debian.org> and subject line Bug#823723: fixed in mplayer 2:1.3.0-2 has caused the Debian Bug report #823723, regarding mplayer: CVE-2016-4352: Mplayer/Mencoder integer overflow parsing gif files to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 823723: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823723 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: mplayer Version: 2:1.0~rc4.dfsg1+svn34540-1 Severity: important Tags: security upstream fixed-upstream Forwarded: https://trac.mplayerhq.hu/ticket/2295 Control: found -1 2:1.3.0-1 Hi, the following vulnerability was published for mplayer. CVE-2016-4352[0]: Mplayer/Mencoder integer overflow parsing gif files The issue seems present sourcewise up to 2:1.3.0-1 in unstable. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-4352 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: mplayer Source-Version: 2:1.3.0-2 We believe that the bug you reported is fixed in the latest version of mplayer, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 823...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Miguel A. Colón Vélez <debian.mic...@gmail.com> (supplier of updated mplayer package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 25 May 2016 12:01:48 -0400 Source: mplayer Binary: mplayer-gui mencoder mplayer mplayer-doc mplayer2 Architecture: source amd64 all Version: 2:1.3.0-2 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org> Changed-By: Miguel A. Colón Vélez <debian.mic...@gmail.com> Description: mencoder - MPlayer's Movie Encoder mplayer - movie player for Unix-like systems mplayer-doc - documentation for MPlayer mplayer-gui - movie player for Unix-like systems (GUI variant) mplayer2 - transitional dummy package for mplayer Closes: 823589 823723 Changes: mplayer (2:1.3.0-2) unstable; urgency=medium . [ Mateusz Łukasik ] * debian/control: - Add transitional package mplayer2 for upgrades from jessie Jessie. (Closes: #823589, LP: #1580268) * debian/patches: - Add 0100_svn37857_CVE-2016-4352.patch to fix CVE-2016-4352 - Mplayer/Mencoder integer overflow parsing gif files. (Closes: #823723) . [ Miguel A. Colón Vélez ] * debian/patches: - Refresh patches to fix a FTBFS in GNU/Hurd. Checksums-Sha1: f15e4433cbe4097f6b2ce65979d328ab08c53314 3449 mplayer_1.3.0-2.dsc e86e9b0fd7f1d4b64c38630e5d7577f15da8b6e7 35808 mplayer_1.3.0-2.debian.tar.xz 05d79e6f2a3ab83fce565f011ef4384cae1fcaa9 2141996 mencoder-dbgsym_1.3.0-2_amd64.deb 30109ab8151bdf9b5d7484e6ede7d2bbcd81b10d 825878 mencoder_1.3.0-2_amd64.deb 293c42224e001bd52cc5a8392ced3ad6834af04e 2776498 mplayer-dbgsym_1.3.0-2_amd64.deb e70c8e1a5240a38fb567518d44bc9c9e1281d070 1336210 mplayer-doc_1.3.0-2_all.deb 4e69ce40c766487bfc12b73f93ebb5c0e9bbf008 3135656 mplayer-gui-dbgsym_1.3.0-2_amd64.deb 9462bf8a95304d25945dada0ef7b633b765ee7dd 1319498 mplayer-gui_1.3.0-2_amd64.deb 2c1daf657903685c1cd3e9a9bdf83752db7d36ed 74356 mplayer2_1.3.0-2_all.deb e6e95690eea07dd0fe983c935e9b29bd5664d22d 2280480 mplayer_1.3.0-2_amd64.deb Checksums-Sha256: 67dcfc09b6edf3e8bdcfefc1b03ca0ae99c382aa9c4450d225d0c2c3fc33bee3 3449 mplayer_1.3.0-2.dsc fb39a400f13fc62a3923cca05643d6ae453bba9a66d0e8ea7f93b69ddb0461a7 35808 mplayer_1.3.0-2.debian.tar.xz e6fb52a6a1bbb60a9464ecc1417e7dfc88d3c50567ff3d3aa955c74ebd0c36f4 2141996 mencoder-dbgsym_1.3.0-2_amd64.deb fae1c9105d3ff65a9132b15b3cfee5c246fe0544d5a8b360010503eecfd609a3 825878 mencoder_1.3.0-2_amd64.deb ec92eca88681c50bf0620c3bb36f228b2fa26484a4e0a5afffe94631458588ee 2776498 mplayer-dbgsym_1.3.0-2_amd64.deb d4bcaa2580c4d2358907521df92b721362259a8b4e0b1384c1b36c1f752f64e6 1336210 mplayer-doc_1.3.0-2_all.deb c33525c5512d1783654f4f765851ab77ecf17dc17986af7bca40c6aeb31f7120 3135656 mplayer-gui-dbgsym_1.3.0-2_amd64.deb 4627ca01d93f4cbef41d3033cc77cc7146bb21dd82e8bfc3f2ca22da36fe0c4f 1319498 mplayer-gui_1.3.0-2_amd64.deb 72cc3f166f91e89ac2733bdcb346a7e6a98966de911cd106cef5c12a3c609cc1 74356 mplayer2_1.3.0-2_all.deb ae11303612389c1a4900353fcbe2fa500c6c03113ad8a05929f2eee2299c2f30 2280480 mplayer_1.3.0-2_amd64.deb Files: d5337701155d4d65c081f4c6fe2c53c8 3449 video optional mplayer_1.3.0-2.dsc 192eb3cce4ef7aac0ddb0d605f31d8b6 35808 video optional mplayer_1.3.0-2.debian.tar.xz 3d0a9f579362a825fe2b70785e17dcea 2141996 debug extra mencoder-dbgsym_1.3.0-2_amd64.deb 87d6866cde96d211704497c0b696f937 825878 video optional mencoder_1.3.0-2_amd64.deb c0df565c62ca3d7c605daf9321b83fbe 2776498 debug extra mplayer-dbgsym_1.3.0-2_amd64.deb f0f38090ce4b933dbef09bec7f643ce6 1336210 doc optional mplayer-doc_1.3.0-2_all.deb 47afc6fcd3094f1a35f89cfbdb55c2d3 3135656 debug extra mplayer-gui-dbgsym_1.3.0-2_amd64.deb 1dda03af0009654f18eae67fd8a378ee 1319498 video optional mplayer-gui_1.3.0-2_amd64.deb 970f5c2abac48d6f8aa1290c15904620 74356 oldlibs optional mplayer2_1.3.0-2_all.deb 2588024e18a6a07ee12424f644b4e4e2 2280480 video optional mplayer_1.3.0-2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXRevGAAoJEGny/FFupxmTzRwQAJMw04ZMkvEhnyAO8G+aWSde BhMxPdyibVR/eu4APXI/JNd4AE5hoZa0RgsgtE6jF77ZioVyKSk2+rUJ/l5vz/JU OXM/5H64QOBL5JR0tnXsJmGIXwsc+7TgMumf9MTRK4hU32htk1BtNoUjbBy7Pwiz YU3ujp5KtfbUSEGbCzUk4K7KJvdmRlCjrmfw2pBQlmWpoi/f83G9j6EhPekytxOT N30ftpwk0q8/S7PNSeTUAnNjOnRtgrDDPa1FSuuIoR83sU5Y/2borH1yhgAdMqr1 Y26TMGLtNMlyMVSqmZBTQ9m/GeJ8G/5jPuXVLqFkFpd2dkiZSbIMw/2atAO9zCMh c4Xe0h7ODmCjT4mrQKXwKtcDLrpj19j7AzfhRVIg38Mlujglu/AsBuale0vEMJiB 8ZGSq28YxkJi954nU5bv/Cd0hrpqZs7Ter/3PlmSbneGti6ShoS1Z/zwJSCvvZVw afwaVbJosOv9154xldWbP5QhRUDVcdNDTL21P2bMGQiuNrbCTVSnxhNlwy80QF3z PppXK9R30s9PKGozAZpSTjzDI09j6XUH5H6YMuhrxJQu7zTdiT97jo1t0CSfabLP do2IR9rhwGqlANxP8P2BweSgBya/4f80JriP3m7aiOY9KDLus3qVeKFGQ081ZS0f pPLsKV2bwGTzpWyrAEMI =mhgn -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
