Your message dated Tue, 30 Sep 2008 12:32:15 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#500683: fixed in mplayer 1.0~rc2-18
has caused the Debian Bug report #500683,
regarding CVE-2008-3827: integer overflows
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
500683: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500683
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: mplayer
Version: 1.0~rc2-17
Severity: grave
Tags: security, patch
Justification: user security hole
Hi
mplayer is vulnerable to several integer overflows.
This issue is now public and can be fixed in unstable.
Testing is already fixed and stable will follow soon.
More information can be found here[0].
Cheers
Steffen
[0]: http://www.ocert.org/advisories/ocert-2008-013.html
--- End Message ---
--- Begin Message ---
Source: mplayer
Source-Version: 1.0~rc2-18
We believe that the bug you reported is fixed in the latest version of
mplayer, which is due to be installed in the Debian FTP archive:
mplayer-dbg_1.0~rc2-18_amd64.deb
to pool/main/m/mplayer/mplayer-dbg_1.0~rc2-18_amd64.deb
mplayer-doc_1.0~rc2-18_all.deb
to pool/main/m/mplayer/mplayer-doc_1.0~rc2-18_all.deb
mplayer_1.0~rc2-18.diff.gz
to pool/main/m/mplayer/mplayer_1.0~rc2-18.diff.gz
mplayer_1.0~rc2-18.dsc
to pool/main/m/mplayer/mplayer_1.0~rc2-18.dsc
mplayer_1.0~rc2-18_amd64.deb
to pool/main/m/mplayer/mplayer_1.0~rc2-18_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
A Mennucc1 <[EMAIL PROTECTED]> (supplier of updated mplayer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 22 Sep 2008 11:01:26 +0200
Source: mplayer
Binary: mplayer mplayer-dbg mplayer-doc
Architecture: source all amd64
Version: 1.0~rc2-18
Distribution: unstable
Urgency: high
Maintainer: A Mennucc1 <[EMAIL PROTECTED]>
Changed-By: A Mennucc1 <[EMAIL PROTECTED]>
Description:
mplayer - movie player for Unix-like systems
mplayer-dbg - debugging symbols for MPlayer
mplayer-doc - documentation for MPlayer
Closes: 500683
Changes:
mplayer (1.0~rc2-18) unstable; urgency=high
.
* fix oCERT-2008-013 Mplayer real demuxer heap.
Thanks to Felipe Andres Manzano, Andrea Barisani,
Steffen Joeris, Reimar Döffinger. (Closes: #500683).
* Clean lintian warnings:
build-depend on libgif-dev instead of libungif4-dev
build-depend on x11proto-core-dev instead of x-dev
depends on debconf | debconf-2.0
* Up standard to 3.8.0.0
support DEB_BUILD_OPTIONS="parallel=n"
Checksums-Sha1:
ff5ee02a053fc1e79087d4b9df3f9760cd1d394e 2075 mplayer_1.0~rc2-18.dsc
19a847ad37b44d7f4450f747c781fa660179bf0f 358155 mplayer_1.0~rc2-18.diff.gz
9ffd27ac9348fbefbb05343208f2b152d3763edc 2463124 mplayer-doc_1.0~rc2-18_all.deb
2fbf0b252c94925eae5f6dd358ea1e1a94963cdf 3199394 mplayer_1.0~rc2-18_amd64.deb
aba50e24cfcb858b52a016b5563ee56e5a10d0da 2446420
mplayer-dbg_1.0~rc2-18_amd64.deb
Checksums-Sha256:
cb1e11ba5d361c960c372670b7be9e91731eddcb2a53573777db5b5a48591d8f 2075
mplayer_1.0~rc2-18.dsc
a5fa4767432491f75f731d22978c30dae1458dc70386f106773772a008f404f4 358155
mplayer_1.0~rc2-18.diff.gz
51cf34c2c27061ebb7e2ff450adbc48d1e34ce492437ea0611d48abffd983632 2463124
mplayer-doc_1.0~rc2-18_all.deb
021c5e4856636805eff288b40fbfb002244ad913637939ad4108b06e6caddcb3 3199394
mplayer_1.0~rc2-18_amd64.deb
5f336b34735ca4a65a1d60ceb8b9cd0c218fcd34370008a1129fbbce402268bf 2446420
mplayer-dbg_1.0~rc2-18_amd64.deb
Files:
0a458e620891103069d1fee2c3d367d5 2075 graphics optional mplayer_1.0~rc2-18.dsc
56bcee4ce711adc44c2c24a82777c237 358155 graphics optional
mplayer_1.0~rc2-18.diff.gz
d8fa652433aa21e390a09241bb1d629d 2463124 doc optional
mplayer-doc_1.0~rc2-18_all.deb
9509c500f0cafa68af162378e8429fed 3199394 graphics optional
mplayer_1.0~rc2-18_amd64.deb
f0486dd7c793f5c844acd8932fd9f484 2446420 graphics extra
mplayer-dbg_1.0~rc2-18_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkjiGcgACgkQ9B/tjjP8QKReIgCfYRVLtFAwoZCUQy1Q5Gx3I2rS
dcMAoIAYGWptrGIAsVuU08Q7zOVOHGs+
=LnEs
-----END PGP SIGNATURE-----
--- End Message ---
