Bug#662705: marked as done (taglib: multiple vulnerabilities in taglib)

Debian Bug Tracking System Sun, 15 Apr 2012 09:21:42 -0700

Your message dated Sun, 15 Apr 2012 16:19:56 +0000
with message-id <e1sjsba-0003ap...@franck.debian.org>
and subject line Bug#662705: fixed in taglib 1.7.1-1
has caused the Debian Bug report #662705,
regarding taglib: multiple vulnerabilities in taglib
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
662705: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662705
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: taglib
Severity: serious

Hi,

multiple vulnerabilities were found in taglib 1.7 (not sure about
Squeeze status). Two of theme were already allocated CVEs (CVE-2012-1107
and CVE-2012-1108_ and two should have them allocated soon.

More details can be found on the oss-sec thread at
http://www.openwall.com/lists/oss-security/2012/03/04/2 and in the
taglib mail at
http://mail.kde.org/pipermail/taglib-devel/2012-March/002186.html

Regards,
-- 
Yves-Alexis

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 
'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---

--- Begin Message ---

Source: taglib
Source-Version: 1.7.1-1

We believe that the bug you reported is fixed in the latest version of
taglib, which is due to be installed in the Debian FTP archive:

libtag1-dev_1.7.1-1_amd64.deb
  to main/t/taglib/libtag1-dev_1.7.1-1_amd64.deb
libtag1-doc_1.7.1-1_all.deb
  to main/t/taglib/libtag1-doc_1.7.1-1_all.deb
libtag1-rusxmms_1.7.1-1_amd64.deb
  to main/t/taglib/libtag1-rusxmms_1.7.1-1_amd64.deb
libtag1-vanilla_1.7.1-1_amd64.deb
  to main/t/taglib/libtag1-vanilla_1.7.1-1_amd64.deb
libtag1c2a_1.7.1-1_amd64.deb
  to main/t/taglib/libtag1c2a_1.7.1-1_amd64.deb
libtagc0-dev_1.7.1-1_amd64.deb
  to main/t/taglib/libtagc0-dev_1.7.1-1_amd64.deb
libtagc0_1.7.1-1_amd64.deb
  to main/t/taglib/libtagc0_1.7.1-1_amd64.deb
taglib_1.7.1-1.debian.tar.gz
  to main/t/taglib/taglib_1.7.1-1.debian.tar.gz
taglib_1.7.1-1.dsc
  to main/t/taglib/taglib_1.7.1-1.dsc
taglib_1.7.1.orig.tar.gz
  to main/t/taglib/taglib_1.7.1.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 662...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Modestas Vainius <mo...@debian.org> (supplier of updated taglib package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 15 Apr 2012 19:08:51 +0300
Source: taglib
Binary: libtag1c2a libtag1-vanilla libtag1-rusxmms libtag1-dev libtag1-doc 
libtagc0 libtagc0-dev
Architecture: source amd64 all
Version: 1.7.1-1
Distribution: unstable
Urgency: high
Maintainer: Modestas Vainius <mo...@debian.org>
Changed-By: Modestas Vainius <mo...@debian.org>
Description: 
 libtag1-dev - audio meta-data library - development files
 libtag1-doc - audio meta-data library - API documentation
 libtag1-rusxmms - audio meta-data library - RusXMMS flavour
 libtag1-vanilla - audio meta-data library - vanilla flavour
 libtag1c2a - audio meta-data library
 libtagc0   - audio meta-data library - C bindings
 libtagc0-dev - audio meta-data library - development files for C bindings
Closes: 662705
Changes: 
 taglib (1.7.1-1) unstable; urgency=high
 .
   * New upstream release:
     - fixes security vulnerabilities: CVE-2012-1107, CVE-2012-1108
       and CVE-2012-1584. (Closes: #662705)
   * Bump Standards-Version to 3.9.3: no changes needed.
   * Drop upstream_doxygen_out_of_source.diff, merged upstream.
   * Drop backport_protection_against_broken_wma_files.diff, merged upstream.
   * Update symbol file.
   * Urgency=high due to security fixes.
Checksums-Sha1: 
 455c4b65333f4febab655b6660613b52995951a5 1617 taglib_1.7.1-1.dsc
 bafe0958eb884981cade83d45c18ee34165479b8 535319 taglib_1.7.1.orig.tar.gz
 53f5eb86ca7d76a8f431aa4348a2a848ef64b984 26454 taglib_1.7.1-1.debian.tar.gz
 3772697f9bbdc38a429b99723fd39c64f61506d4 8990 libtag1c2a_1.7.1-1_amd64.deb
 a06371679622cefd8a7ac40ee497f200c96adc4a 244058 
libtag1-vanilla_1.7.1-1_amd64.deb
 690ee43460e58dd5086af0fc1dcc051b0a5b1a5f 246734 
libtag1-rusxmms_1.7.1-1_amd64.deb
 6a3948e0738a75a913508090093906a483eb248b 80660 libtag1-dev_1.7.1-1_amd64.deb
 80b273e57b232b786236e060088646c770b2d0ad 5574924 libtag1-doc_1.7.1-1_all.deb
 2a7315182f06e833bbe0b807613df36210292c0c 14882 libtagc0_1.7.1-1_amd64.deb
 8f30caa9dd952f1e0700753989088423332f9264 12036 libtagc0-dev_1.7.1-1_amd64.deb
Checksums-Sha256: 
 76ea1a42ba39a226d952854c662e4bac138478abd40f20e5962b69776e668657 1617 
taglib_1.7.1-1.dsc
 52de470997b604b7b2983f7bcf604ca8d2ce0194fbe16f2ce1aff42e53fb87d9 535319 
taglib_1.7.1.orig.tar.gz
 e4964a57002ff37482e84b738edf0dd206f211b87c0084491bde2b18fdeff2ed 26454 
taglib_1.7.1-1.debian.tar.gz
 6a21bd77fadb7567aa6bd6f990c1813e73468654577088900c024628820792af 8990 
libtag1c2a_1.7.1-1_amd64.deb
 e3e59657219f3e98f29c870c276a1463aeab9c7fee0cdcc5f587f64e779a4bc8 244058 
libtag1-vanilla_1.7.1-1_amd64.deb
 39731f8cdb67a4ae24ab186022a2b1a915ec0ec54207b612ccc1abc393f9881f 246734 
libtag1-rusxmms_1.7.1-1_amd64.deb
 d8e4622dc844719a1be420cfbdf40dffa6e85b282185e49a2a91aacd985e084d 80660 
libtag1-dev_1.7.1-1_amd64.deb
 0c78c68b12cf76b988449efa518c5ab67970ec0fd847cea180fefe1dac681f34 5574924 
libtag1-doc_1.7.1-1_all.deb
 0d3067cb244a4e3928f6782baa32401d062952a8b0d4760e9a50d98370e649de 14882 
libtagc0_1.7.1-1_amd64.deb
 f6af5e293c8375013a562c55fdb89daece449874ba7d8d30c06302581c7aa1ba 12036 
libtagc0-dev_1.7.1-1_amd64.deb
Files: 
 85d847ac7ad50bf2aae05098e92895b7 1617 libs optional taglib_1.7.1-1.dsc
 aa0f7e2d9700bbb78c5f990ed2f5d9b6 535319 libs optional taglib_1.7.1.orig.tar.gz
 bdf6d84b967dd470a185f1d2cb69e557 26454 libs optional 
taglib_1.7.1-1.debian.tar.gz
 e4465627f03c935649de9db6221b1db7 8990 libs optional 
libtag1c2a_1.7.1-1_amd64.deb
 3c9a728bea88ee52412aae0b4a197bac 244058 libs optional 
libtag1-vanilla_1.7.1-1_amd64.deb
 04c780d21a930e720cf99bca7bc4e751 246734 libs optional 
libtag1-rusxmms_1.7.1-1_amd64.deb
 66e7b2ff98c1fffa2dc24881e2c5ab5a 80660 libdevel optional 
libtag1-dev_1.7.1-1_amd64.deb
 f4ce94e90b02230c169694653a472d7d 5574924 doc optional 
libtag1-doc_1.7.1-1_all.deb
 df9c414f84ad2410c98cb9ab95590478 14882 libs optional libtagc0_1.7.1-1_amd64.deb
 3168992db5bd7df4649f070ce7aa4edd 12036 libdevel optional 
libtagc0-dev_1.7.1-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk+K8+YACgkQHO9JRnPq4hTxbgCgvULWp1O/gvyuHX0gUDI55J3G
T1YAnRh4ukLMfqYXTXJi+GxCljm4rJZa
=OC4G
-----END PGP SIGNATURE-----

--- End Message ---

Bug#662705: marked as done (taglib: multiple vulnerabilities in taglib)

Reply via email to