Your message dated Sun, 15 Apr 2012 16:19:56 +0000
with message-id <e1sjsba-0003ap...@franck.debian.org>
and subject line Bug#662705: fixed in taglib 1.7.1-1
has caused the Debian Bug report #662705,
regarding taglib: multiple vulnerabilities in taglib
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
662705: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662705
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: taglib
Severity: serious
Hi,
multiple vulnerabilities were found in taglib 1.7 (not sure about
Squeeze status). Two of theme were already allocated CVEs (CVE-2012-1107
and CVE-2012-1108_ and two should have them allocated soon.
More details can be found on the oss-sec thread at
http://www.openwall.com/lists/oss-security/2012/03/04/2 and in the
taglib mail at
http://mail.kde.org/pipermail/taglib-devel/2012-March/002186.html
Regards,
--
Yves-Alexis
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500,
'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: taglib
Source-Version: 1.7.1-1
We believe that the bug you reported is fixed in the latest version of
taglib, which is due to be installed in the Debian FTP archive:
libtag1-dev_1.7.1-1_amd64.deb
to main/t/taglib/libtag1-dev_1.7.1-1_amd64.deb
libtag1-doc_1.7.1-1_all.deb
to main/t/taglib/libtag1-doc_1.7.1-1_all.deb
libtag1-rusxmms_1.7.1-1_amd64.deb
to main/t/taglib/libtag1-rusxmms_1.7.1-1_amd64.deb
libtag1-vanilla_1.7.1-1_amd64.deb
to main/t/taglib/libtag1-vanilla_1.7.1-1_amd64.deb
libtag1c2a_1.7.1-1_amd64.deb
to main/t/taglib/libtag1c2a_1.7.1-1_amd64.deb
libtagc0-dev_1.7.1-1_amd64.deb
to main/t/taglib/libtagc0-dev_1.7.1-1_amd64.deb
libtagc0_1.7.1-1_amd64.deb
to main/t/taglib/libtagc0_1.7.1-1_amd64.deb
taglib_1.7.1-1.debian.tar.gz
to main/t/taglib/taglib_1.7.1-1.debian.tar.gz
taglib_1.7.1-1.dsc
to main/t/taglib/taglib_1.7.1-1.dsc
taglib_1.7.1.orig.tar.gz
to main/t/taglib/taglib_1.7.1.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 662...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Modestas Vainius <mo...@debian.org> (supplier of updated taglib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 15 Apr 2012 19:08:51 +0300
Source: taglib
Binary: libtag1c2a libtag1-vanilla libtag1-rusxmms libtag1-dev libtag1-doc
libtagc0 libtagc0-dev
Architecture: source amd64 all
Version: 1.7.1-1
Distribution: unstable
Urgency: high
Maintainer: Modestas Vainius <mo...@debian.org>
Changed-By: Modestas Vainius <mo...@debian.org>
Description:
libtag1-dev - audio meta-data library - development files
libtag1-doc - audio meta-data library - API documentation
libtag1-rusxmms - audio meta-data library - RusXMMS flavour
libtag1-vanilla - audio meta-data library - vanilla flavour
libtag1c2a - audio meta-data library
libtagc0 - audio meta-data library - C bindings
libtagc0-dev - audio meta-data library - development files for C bindings
Closes: 662705
Changes:
taglib (1.7.1-1) unstable; urgency=high
.
* New upstream release:
- fixes security vulnerabilities: CVE-2012-1107, CVE-2012-1108
and CVE-2012-1584. (Closes: #662705)
* Bump Standards-Version to 3.9.3: no changes needed.
* Drop upstream_doxygen_out_of_source.diff, merged upstream.
* Drop backport_protection_against_broken_wma_files.diff, merged upstream.
* Update symbol file.
* Urgency=high due to security fixes.
Checksums-Sha1:
455c4b65333f4febab655b6660613b52995951a5 1617 taglib_1.7.1-1.dsc
bafe0958eb884981cade83d45c18ee34165479b8 535319 taglib_1.7.1.orig.tar.gz
53f5eb86ca7d76a8f431aa4348a2a848ef64b984 26454 taglib_1.7.1-1.debian.tar.gz
3772697f9bbdc38a429b99723fd39c64f61506d4 8990 libtag1c2a_1.7.1-1_amd64.deb
a06371679622cefd8a7ac40ee497f200c96adc4a 244058
libtag1-vanilla_1.7.1-1_amd64.deb
690ee43460e58dd5086af0fc1dcc051b0a5b1a5f 246734
libtag1-rusxmms_1.7.1-1_amd64.deb
6a3948e0738a75a913508090093906a483eb248b 80660 libtag1-dev_1.7.1-1_amd64.deb
80b273e57b232b786236e060088646c770b2d0ad 5574924 libtag1-doc_1.7.1-1_all.deb
2a7315182f06e833bbe0b807613df36210292c0c 14882 libtagc0_1.7.1-1_amd64.deb
8f30caa9dd952f1e0700753989088423332f9264 12036 libtagc0-dev_1.7.1-1_amd64.deb
Checksums-Sha256:
76ea1a42ba39a226d952854c662e4bac138478abd40f20e5962b69776e668657 1617
taglib_1.7.1-1.dsc
52de470997b604b7b2983f7bcf604ca8d2ce0194fbe16f2ce1aff42e53fb87d9 535319
taglib_1.7.1.orig.tar.gz
e4964a57002ff37482e84b738edf0dd206f211b87c0084491bde2b18fdeff2ed 26454
taglib_1.7.1-1.debian.tar.gz
6a21bd77fadb7567aa6bd6f990c1813e73468654577088900c024628820792af 8990
libtag1c2a_1.7.1-1_amd64.deb
e3e59657219f3e98f29c870c276a1463aeab9c7fee0cdcc5f587f64e779a4bc8 244058
libtag1-vanilla_1.7.1-1_amd64.deb
39731f8cdb67a4ae24ab186022a2b1a915ec0ec54207b612ccc1abc393f9881f 246734
libtag1-rusxmms_1.7.1-1_amd64.deb
d8e4622dc844719a1be420cfbdf40dffa6e85b282185e49a2a91aacd985e084d 80660
libtag1-dev_1.7.1-1_amd64.deb
0c78c68b12cf76b988449efa518c5ab67970ec0fd847cea180fefe1dac681f34 5574924
libtag1-doc_1.7.1-1_all.deb
0d3067cb244a4e3928f6782baa32401d062952a8b0d4760e9a50d98370e649de 14882
libtagc0_1.7.1-1_amd64.deb
f6af5e293c8375013a562c55fdb89daece449874ba7d8d30c06302581c7aa1ba 12036
libtagc0-dev_1.7.1-1_amd64.deb
Files:
85d847ac7ad50bf2aae05098e92895b7 1617 libs optional taglib_1.7.1-1.dsc
aa0f7e2d9700bbb78c5f990ed2f5d9b6 535319 libs optional taglib_1.7.1.orig.tar.gz
bdf6d84b967dd470a185f1d2cb69e557 26454 libs optional
taglib_1.7.1-1.debian.tar.gz
e4465627f03c935649de9db6221b1db7 8990 libs optional
libtag1c2a_1.7.1-1_amd64.deb
3c9a728bea88ee52412aae0b4a197bac 244058 libs optional
libtag1-vanilla_1.7.1-1_amd64.deb
04c780d21a930e720cf99bca7bc4e751 246734 libs optional
libtag1-rusxmms_1.7.1-1_amd64.deb
66e7b2ff98c1fffa2dc24881e2c5ab5a 80660 libdevel optional
libtag1-dev_1.7.1-1_amd64.deb
f4ce94e90b02230c169694653a472d7d 5574924 doc optional
libtag1-doc_1.7.1-1_all.deb
df9c414f84ad2410c98cb9ab95590478 14882 libs optional libtagc0_1.7.1-1_amd64.deb
3168992db5bd7df4649f070ce7aa4edd 12036 libdevel optional
libtagc0-dev_1.7.1-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk+K8+YACgkQHO9JRnPq4hTxbgCgvULWp1O/gvyuHX0gUDI55J3G
T1YAnRh4ukLMfqYXTXJi+GxCljm4rJZa
=OC4G
-----END PGP SIGNATURE-----
--- End Message ---