Your message dated Thu, 15 Apr 2010 03:33:08 +0000
with message-id <e1o2fpe-0002rm...@ries.debian.org>
and subject line Bug#575743: fixed in liboggplay 0.2.1~git20091227-1.1
has caused the Debian Bug report #575743,
regarding CVE-2009-3388
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
575743: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575743
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: liboggplay
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for liboggplay.
CVE-2009-3388[0]:
| liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before
| 2.0.1 might allow context-dependent attackers to cause a denial of
| service (application crash) or execute arbitrary code via unspecified
| vectors, related to "memory safety issues."
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3388
http://security-tracker.debian.org/tracker/CVE-2009-3388
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkuvxsEACgkQNxpp46476aqREACfYnCft1W9BXzwONB9Z7fWzr9E
NTAAn18tdjdb7f9EHuL8OBo8wSSIAFiC
=e2C8
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: liboggplay
Source-Version: 0.2.1~git20091227-1.1
We believe that the bug you reported is fixed in the latest version of
liboggplay, which is due to be installed in the Debian FTP archive:
liboggplay1-dbg_0.2.1~git20091227-1.1_amd64.deb
to main/libo/liboggplay/liboggplay1-dbg_0.2.1~git20091227-1.1_amd64.deb
liboggplay1-dev_0.2.1~git20091227-1.1_amd64.deb
to main/libo/liboggplay/liboggplay1-dev_0.2.1~git20091227-1.1_amd64.deb
liboggplay1_0.2.1~git20091227-1.1_amd64.deb
to main/libo/liboggplay/liboggplay1_0.2.1~git20091227-1.1_amd64.deb
liboggplay_0.2.1~git20091227-1.1.diff.gz
to main/libo/liboggplay/liboggplay_0.2.1~git20091227-1.1.diff.gz
liboggplay_0.2.1~git20091227-1.1.dsc
to main/libo/liboggplay/liboggplay_0.2.1~git20091227-1.1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 575...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alexander Reichle-Schmehl <toli...@debian.org> (supplier of updated liboggplay
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 15 Apr 2010 04:11:22 +0200
Source: liboggplay
Binary: liboggplay1 liboggplay1-dev liboggplay1-dbg
Architecture: source amd64
Version: 0.2.1~git20091227-1.1
Distribution: unstable
Urgency: high
Maintainer: John Francesco Ferlito <jo...@inodes.org>
Changed-By: Alexander Reichle-Schmehl <toli...@debian.org>
Description:
liboggplay1 - A library for playing OGG multimedia
liboggplay1-dbg - A library for playing OGG multimedia (debugging symbols)
liboggplay1-dev - A library for playing OGG multimedia (development files)
Closes: 575743
Changes:
liboggplay (0.2.1~git20091227-1.1) unstable; urgency=high
.
* Non-maintainer upload.
* Fix CVE-2009-3388 with patch from Matthew Gregan in
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/14dd26404792
(Closes: #575743)
* Urgency set to high for security related RC bug fix
* Add version (>= 0.46-7~) to build-depen on quilt to avoid ftp-master
auto-reject
Checksums-Sha1:
4cd4ade96cffe68454de4f062eb2058a27f21f89 1229
liboggplay_0.2.1~git20091227-1.1.dsc
4ffbd181934dfbec890d35ef49f68f30ef4f93d6 4201
liboggplay_0.2.1~git20091227-1.1.diff.gz
1660b0c04f74b16eaf145db747cb6242fb693624 33132
liboggplay1_0.2.1~git20091227-1.1_amd64.deb
c2eb4e44c03be8e8283551de2a7fc2bb19362350 41650
liboggplay1-dev_0.2.1~git20091227-1.1_amd64.deb
3f4db56c607259413f0d52ecefbe3e92ba4ea025 62710
liboggplay1-dbg_0.2.1~git20091227-1.1_amd64.deb
Checksums-Sha256:
217c7bc007c9687e1d1793c3c9e36be15d3e4ceffd8d357815e19096845daddc 1229
liboggplay_0.2.1~git20091227-1.1.dsc
f6d0def6844d0a1c5b03c152ca343814db4bbb46668a7b4a4564451b2934101e 4201
liboggplay_0.2.1~git20091227-1.1.diff.gz
a51b32ea654d8893ada2c9e90e58a2a79dcc9bdac34460384b1987136862f3ea 33132
liboggplay1_0.2.1~git20091227-1.1_amd64.deb
eb8bd1bc0b3e5e84521e5ada8f4b2b419dc767eef26158349a40c73fcd514e6a 41650
liboggplay1-dev_0.2.1~git20091227-1.1_amd64.deb
87b9bdb69277130bfc3ce2b14fe2982e2be16f706fc1c2f3786a3f7075521d7f 62710
liboggplay1-dbg_0.2.1~git20091227-1.1_amd64.deb
Files:
1bfe879f222be804c7b4c783e93ebaf0 1229 libs extra
liboggplay_0.2.1~git20091227-1.1.dsc
0a91b3c693a02b2d0251ebd7358be3d4 4201 libs extra
liboggplay_0.2.1~git20091227-1.1.diff.gz
68722742d7214dc924bcfb3110aaba30 33132 libs extra
liboggplay1_0.2.1~git20091227-1.1_amd64.deb
ed3805677d067f44c0c17286ad42b943 41650 libdevel extra
liboggplay1-dev_0.2.1~git20091227-1.1_amd64.deb
26c96681790d6bb66d8e9306fe9b61c9 62710 debug extra
liboggplay1-dbg_0.2.1~git20091227-1.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvGdngACgkQBxd04ADYzRZ4OQCfZw6+QAR2GcVW/r2TPQ2ipI94
YIEAoJ34vXfpwBYwUIq5Bx4lDeDvxpdZ
=FpHs
-----END PGP SIGNATURE-----
--- End Message ---
