Your message dated Sat, 19 Sep 2009 01:56:45 +0000
with message-id <e1mopbt-0006i5...@ries.debian.org>
and subject line Bug#532352: fixed in gst-plugins-good0.10 0.10.8-4.1~lenny2
has caused the Debian Bug report #532352,
regarding gstreamer0.10-plugins-good: CVE-2009-1932 integer overflows
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
532352: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532352
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gstreamer0.10-plugins-good
Version: 0.10.8-4.1~lenny1 0.10.4-4
Severity: serious
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for gstreamer0.10-plugins-good.
CVE-2009-1932[0]:
| Multiple integer overflows in the (1) user_info_callback, (2)
| user_endrow_callback, and (3) gst_pngdec_task functions
| (ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka
| gst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote
| attackers to cause a denial of service and possibly execute arbitrary
| code via a crafted PNG file, which triggers a buffer overflow.
This bug has already been fixed in unstable(http://bugs.debian.org/531631).
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1932
http://security-tracker.debian.net/tracker/CVE-2009-1932
--- End Message ---
--- Begin Message ---
Source: gst-plugins-good0.10
Source-Version: 0.10.8-4.1~lenny2
We believe that the bug you reported is fixed in the latest version of
gst-plugins-good0.10, which is due to be installed in the Debian FTP archive:
gst-plugins-good0.10_0.10.8-4.1~lenny2.diff.gz
to
pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.8-4.1~lenny2.diff.gz
gst-plugins-good0.10_0.10.8-4.1~lenny2.dsc
to pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.8-4.1~lenny2.dsc
gstreamer0.10-esd_0.10.8-4.1~lenny2_i386.deb
to
pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_i386.deb
gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_i386.deb
to
pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_i386.deb
gstreamer0.10-plugins-good-doc_0.10.8-4.1~lenny2_all.deb
to
pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-doc_0.10.8-4.1~lenny2_all.deb
gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_i386.deb
to
pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 532...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steffen Joeris <wh...@debian.org> (supplier of updated gst-plugins-good0.10
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 14 Jul 2009 04:50:47 +0000
Source: gst-plugins-good0.10
Binary: gstreamer0.10-plugins-good-doc gstreamer0.10-esd
gstreamer0.10-plugins-good gstreamer0.10-plugins-good-dbg
Architecture: source all i386
Version: 0.10.8-4.1~lenny2
Distribution: stable-security
Urgency: high
Maintainer: Maintainers of GStreamer packages
<pkg-gstreamer-maintain...@lists.alioth.debian.org>
Changed-By: Steffen Joeris <wh...@debian.org>
Description:
gstreamer0.10-esd - GStreamer plugin for ESD
gstreamer0.10-plugins-good - GStreamer plugins from the "good" set
gstreamer0.10-plugins-good-dbg - GStreamer plugins from the "good" set
gstreamer0.10-plugins-good-doc - GStreamer documentation for plugins from the
"good" set
Closes: 531631 532352
Changes:
gst-plugins-good0.10 (0.10.8-4.1~lenny2) stable-security; urgency=high
.
* Non-maintainer upload by the security team
* Fix multiple integer overflows in ext/libpng/gstpngdec.c
(Closes: #531631, #532352)
Fixes: CVE-2009-1932
Checksums-Sha1:
c7e930d649e49a5f6d7b43479539ddc3913d227f 2568
gst-plugins-good0.10_0.10.8-4.1~lenny2.dsc
f02f405312f24f1d2716099c60a5e40e61ef87a6 2923109
gst-plugins-good0.10_0.10.8.orig.tar.gz
c7e143ea01ac12c88e67b93bf65a3397ea8deb73 30321
gst-plugins-good0.10_0.10.8-4.1~lenny2.diff.gz
d56c365d6b0dc13d58d09ab9b82f650607582a67 172232
gstreamer0.10-plugins-good-doc_0.10.8-4.1~lenny2_all.deb
731730d252bd84cead13e8ed40aa00d3196b9bfb 46554
gstreamer0.10-esd_0.10.8-4.1~lenny2_i386.deb
eedc3eee22cf919add3e1cd3ffefc4b4651a3d52 960766
gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_i386.deb
94a362450d69e55e2f490aaeb8002b7d65bf5501 2503536
gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_i386.deb
Checksums-Sha256:
7269a01e98d02eaaf84c37ff0995d633ec256a090ee24e2cbc3a8e2d9d45f8a3 2568
gst-plugins-good0.10_0.10.8-4.1~lenny2.dsc
dc619bf4748526298627a2cb3a7f4aa66f4e4315174b2f4104c8516c88d6e531 2923109
gst-plugins-good0.10_0.10.8.orig.tar.gz
c835afe38828a55298ab97b937742c06745603b6bdaa409df3005a070cef2a24 30321
gst-plugins-good0.10_0.10.8-4.1~lenny2.diff.gz
293af52403db80d7ec1f984f997bf209692a3c1dceaf6dd9eaa0b63fa78e7685 172232
gstreamer0.10-plugins-good-doc_0.10.8-4.1~lenny2_all.deb
9352da138d3b2fccbade41ba3478bdcb3cc73240c7c9e912b57f540cb75bdfd3 46554
gstreamer0.10-esd_0.10.8-4.1~lenny2_i386.deb
9e65944667987a4b82829c0820605a943f005e6da0b5b44199c8ff3e21f1675c 960766
gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_i386.deb
e5408a7ead485a42bd8b75b83e589b11bfc6d67d0d7a678e6b099dccfb171193 2503536
gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_i386.deb
Files:
bb8e690805dfc8d9eb8595cf9f8738cb 2568 libs optional
gst-plugins-good0.10_0.10.8-4.1~lenny2.dsc
467295921ca225aaa05afe9381f4b424 2923109 libs optional
gst-plugins-good0.10_0.10.8.orig.tar.gz
2f1494f7a2f648f84dd853f95fbc036b 30321 libs optional
gst-plugins-good0.10_0.10.8-4.1~lenny2.diff.gz
cc5f1d3077e8ab179a99e7b00952e4e3 172232 doc optional
gstreamer0.10-plugins-good-doc_0.10.8-4.1~lenny2_all.deb
6ded8d4176f2d53019907d70813c4b3a 46554 libs optional
gstreamer0.10-esd_0.10.8-4.1~lenny2_i386.deb
6d091000a4edb70d2c979cfd56529357 960766 libs optional
gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_i386.deb
7a8c1fad3d157cb33e5119afd6a052cc 2503536 libdevel extra
gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEUEARECAAYFAkpcK88ACgkQ62zWxYk/rQf1VwCY2UqahL6U/vj0gDB/t9o6r11Z
9ACeJEJaMxrOK6jhzLmha8hoHWWUrI8=
=8GyR
-----END PGP SIGNATURE-----
--- End Message ---
