Your message dated Thu, 06 Dec 2012 21:48:48 +0000 with message-id <e1tgjji-0002ft...@franck.debian.org> and subject line Bug#692130: fixed in vlc 2.0.3-4 has caused the Debian Bug report #692130, regarding vlc: CVE-2012-5470 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 692130: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692130 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: vlc Severity: grave Tags: security Justification: user security hole Please see http://openwall.com/lists/oss-security/2012/10/24/3 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: vlc Source-Version: 2.0.3-4 We believe that the bug you reported is fixed in the latest version of vlc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 692...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Benjamin Drung <bdr...@debian.org> (supplier of updated vlc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 06 Dec 2012 21:55:05 +0100 Source: vlc Binary: libvlc-dev libvlc5 libvlccore-dev libvlccore5 vlc vlc-data vlc-dbg vlc-nox vlc-plugin-fluidsynth vlc-plugin-jack vlc-plugin-notify vlc-plugin-pulse vlc-plugin-sdl vlc-plugin-svg vlc-plugin-zvbi Architecture: source amd64 all Version: 2.0.3-4 Distribution: testing Urgency: low Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintain...@lists.alioth.debian.org> Changed-By: Benjamin Drung <bdr...@debian.org> Description: libvlc-dev - development files for libvlc libvlc5 - multimedia player and streamer library libvlccore-dev - development files for libvlccore libvlccore5 - base library for VLC and its modules vlc - multimedia player and streamer vlc-data - Common data for VLC vlc-dbg - debugging symbols for vlc vlc-nox - multimedia player and streamer (without X support) vlc-plugin-fluidsynth - FluidSynth plugin for VLC vlc-plugin-jack - Jack audio plugins for VLC vlc-plugin-notify - LibNotify plugin for VLC vlc-plugin-pulse - PulseAudio plugin for VLC vlc-plugin-sdl - SDL video and audio output plugin for VLC vlc-plugin-svg - SVG plugin for VLC vlc-plugin-zvbi - VBI teletext plugin for VLC Closes: 692130 Changes: vlc (2.0.3-4) testing; urgency=low . * SECURITY UPDATE: denial of service via crafted PNG file (Closes: #692130) - CVE-2012-5470 Checksums-Sha1: a244bafc51c83a51f8f2cab50087990d7fe4b3e5 4844 vlc_2.0.3-4.dsc fb092d2a54844ccecff8effa8abf8fd926948cc0 58849 vlc_2.0.3-4.debian.tar.gz 5b53f723c9f76da98eda8eed14b11ca83a311669 59484 libvlc-dev_2.0.3-4_amd64.deb 7df718dd42fc7392fceb1f055243534c489b0c04 39264 libvlc5_2.0.3-4_amd64.deb 5fa2043ad30a41aa6f5a61e4d2ae77bbcaf00d99 504596 libvlccore-dev_2.0.3-4_amd64.deb e18a6da841c8550b1090ea7e28879f0e3165b0c8 356468 libvlccore5_2.0.3-4_amd64.deb d98adbd171a998187105d9a5ee9dc5f5ff024163 1050612 vlc_2.0.3-4_amd64.deb 2ca4d89968e5bb5d2e3cc4a4a89230c86ac72eff 5104920 vlc-data_2.0.3-4_all.deb de77495eebf061822c070823dc93fdca9985696a 13273302 vlc-dbg_2.0.3-4_amd64.deb d2642ebb50503d92b0bfabdb28eb74a541b714b9 2550258 vlc-nox_2.0.3-4_amd64.deb 3cfdb6aa01b1f941de5a77c49bafb4f7ae47692f 5468 vlc-plugin-fluidsynth_2.0.3-4_amd64.deb f2cde8430e69c45163199ed940473413cd1a5d1c 10476 vlc-plugin-jack_2.0.3-4_amd64.deb b7fd73efcaa5887aee4ba21efcdf2473ac76e792 5608 vlc-plugin-notify_2.0.3-4_amd64.deb 47a414a7e5a9c2d5baced95ae7200274dceac7a3 16680 vlc-plugin-pulse_2.0.3-4_amd64.deb 94f453333d6e8c831f2b06b0e515fd4205030893 8088 vlc-plugin-sdl_2.0.3-4_amd64.deb 9d915cf99fea70f70a08859bdca2fc0a83f2cd04 6292 vlc-plugin-svg_2.0.3-4_amd64.deb ff0a037c59ab6ac6dfcd10de91f1db4fcfe9cea3 8018 vlc-plugin-zvbi_2.0.3-4_amd64.deb Checksums-Sha256: e3dac665dfde3fd679958de066146fc360ece159f6c7707c2fab07081fc4b5ce 4844 vlc_2.0.3-4.dsc f4102cc7ab5560fa147e61b5c62c1030d8ded7ec27c752c83793a0ab6d08c46d 58849 vlc_2.0.3-4.debian.tar.gz cab38b1a8e916d31118afc579940b31199e1a9f68d29094b34908f6755f0465e 59484 libvlc-dev_2.0.3-4_amd64.deb 9c6dad68c48f8461b2a94bd01d6810e816e572c67a79371df3e531450dfbd87c 39264 libvlc5_2.0.3-4_amd64.deb 5575d274a0fa1c102126e6f33c14c9286234ad1a37cbf9519f07c82643cc1365 504596 libvlccore-dev_2.0.3-4_amd64.deb da4b1924fbca94e640e30d3a3b36caa02ccc0171a0593b645b275b0e309e518f 356468 libvlccore5_2.0.3-4_amd64.deb a80b44a2edbf7c5d282dfbb0230fc85e74dd9bce652c59a8be2d5201752bb9e0 1050612 vlc_2.0.3-4_amd64.deb da12b879de8bacee2335c81ad6299b3caffe91899dc2bd43b8f671d9e1f5834d 5104920 vlc-data_2.0.3-4_all.deb 214c4d9330c0ddc92e30e195026365b03f23a1bd4216ca10b1058de411bb5902 13273302 vlc-dbg_2.0.3-4_amd64.deb 1cba1a5d32110b9299630e0023b62bca523a2efc34bf5ab8c7a04744a4206111 2550258 vlc-nox_2.0.3-4_amd64.deb 2f76927deb5229210e4afc6b06e9a9c3b977c0ee55344ca2b9d528e98952d689 5468 vlc-plugin-fluidsynth_2.0.3-4_amd64.deb 76b477b27bf996dd25fcf49d33c0456731c60b5b682865077f2c861dc28c4707 10476 vlc-plugin-jack_2.0.3-4_amd64.deb aff4193104af885741a8100e2efef4de1a0eeaaa87195ba9862106ee61c86e94 5608 vlc-plugin-notify_2.0.3-4_amd64.deb 7dce3f52f21f3f51a96181033fb4e9c53cd0651fbdde6684c6e8bcf5374cbf7b 16680 vlc-plugin-pulse_2.0.3-4_amd64.deb c1810d6b4ff8f7875dc8c3bc1bff72d095ee434dcc0edc4ca048382f31ec6bb3 8088 vlc-plugin-sdl_2.0.3-4_amd64.deb d32ad56bd17485fcabc2ffbbfe95f7b8c037cf19a4d24a78ee1b561c9816b7b5 6292 vlc-plugin-svg_2.0.3-4_amd64.deb 44768580e85252d1966f15f46d254bd6d43ff236c37594c10be45e203b447aef 8018 vlc-plugin-zvbi_2.0.3-4_amd64.deb Files: 162f2fbd9d2604852a3b9eb73eda47e5 4844 video optional vlc_2.0.3-4.dsc 0dd70bac2fd1b8bacbf7adcbadcb5e88 58849 video optional vlc_2.0.3-4.debian.tar.gz 5576a33914b6ea7563c6d6adb0a0376b 59484 libdevel optional libvlc-dev_2.0.3-4_amd64.deb 91d3457f28633c189ed8d294aaf2a265 39264 libs optional libvlc5_2.0.3-4_amd64.deb 6e9bcf3a9cf6641679a4a1edd98f132a 504596 libdevel optional libvlccore-dev_2.0.3-4_amd64.deb 75b7d1d9050721c55389acb8b173160a 356468 libs optional libvlccore5_2.0.3-4_amd64.deb 852aa3dc476434d81daa0632fdafbf8f 1050612 video optional vlc_2.0.3-4_amd64.deb 32e43751f7d1cf6d580d9d42b0926799 5104920 video optional vlc-data_2.0.3-4_all.deb ec1600a937ad1ed6b3056569a0f03330 13273302 debug extra vlc-dbg_2.0.3-4_amd64.deb 1da3697a32c1fe0058d852c69e97fa8b 2550258 video optional vlc-nox_2.0.3-4_amd64.deb 522eca9080b4c389c5481456fcfe07db 5468 video optional vlc-plugin-fluidsynth_2.0.3-4_amd64.deb a4608a73e7661207617bb65d5c67008a 10476 video optional vlc-plugin-jack_2.0.3-4_amd64.deb 4f5136cd5763a77b87bdb9dd35cd3a94 5608 video optional vlc-plugin-notify_2.0.3-4_amd64.deb 4b9ab96fb81817b622484be22309a0f6 16680 video optional vlc-plugin-pulse_2.0.3-4_amd64.deb 60d1736ce627a164fd84a75fb9607d1a 8088 video optional vlc-plugin-sdl_2.0.3-4_amd64.deb a5621eb1e36a3b29fe6fbf2d02d1762d 6292 video optional vlc-plugin-svg_2.0.3-4_amd64.deb 2b6f28bd6824e60af73d258d94917aee 8018 video optional vlc-plugin-zvbi_2.0.3-4_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCgAGBQJQwQ7GAAoJEBWetcTvyHdMBvMP/3wg8kOsy3moNO4nHL3oGbqD OHzgQXsUelYqBx4FOojTCBjAAX4Oow0o9ncN4eOz22HR8jgzSRL31dzyE10O1FBR rBdKyphjWJ0nc8s0Mn248ev2Ace9b47bfFnbYsV7ounpkKvWpegl9Rd9+AqJZyG7 9JFZgN7QUygwA8xFipWXh0157ETLJ8zLyItarlbf8od2tvwZsTRMvwvybJ9zXeSv o3Gzl+b6lnFmo5MLueM4NWAtr8l2EJbU0cibXceo9xx7QCZfnXBhyhO4RgSj7uE3 wUIaYFSR2Wzo9ZCL8QrFSDlbgv+NF978SAgvnS6FI7WJ0XWAliVbt7JIeqEU40XB llkHOgGrsbZH07v+3OSnxzbaa4Kxxdojw6gWfnmOArC/awLHxsUCI/1WdW8yWayx N55M+VgWv1ONccn2tJ0TIYkKqEQApC1qA48R4bYAxASTTyJR35YDV8sIEgIwT64r FLX1wstj218zicFR8xngMcIB3ygcjQH6EgZX4LV+rrb5SXb7EnoQw2OOrEPjxFoX 0xElf34NcXVj6a798XYwZJQ//GLdfvdBKQ0MB9m0L7i/qohYGFTo2vfua94zB2nz j60IN7IuF4mmHYzcc3VUwiG03YN62Kz+qS9cgfRt+GGVMNMfWwVu9IKfqf8+T/xp pPQ6Xp4PrU/rNqapRjpu =5Auu -----END PGP SIGNATURE-----
--- End Message ---
