Bug#695614: marked as done (CVE-2012-6303: buffer overflows)

[Debian Bug Tracking System]

Your message dated Wed, 02 Jan 2013 00:17:31 +0000
with message-id <e1tqc1t-0001gd...@franck.debian.org>
and subject line Bug#695614: fixed in snack 2.2.10-dfsg1-12.1
has caused the Debian Bug report #695614,
regarding CVE-2012-6303: buffer overflows
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
695614: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695614
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: snack
Severity: important
Tags: security

Hi,
the following vulnerability was published for snack.

CVE-2012-6303[0]:
WaveSurfer and Snack Sound Toolkit buffer overflows

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6303
    http://security-tracker.debian.org/tracker/CVE-2012-6303
[1] http://www.openwall.com/lists/oss-security/2012/12/10/2

Please adjust the affected versions in the BTS as needed.

p.s.: I haven't done further investigation, only reporting/forwarding
      from oss-security mailinglist.

Regards,
Salvatore

signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

Source: snack
Source-Version: 2.2.10-dfsg1-12.1

We believe that the bug you reported is fixed in the latest version of
snack, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 695...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
John Paul Adrian Glaubitz <glaub...@physik.fu-berlin.de> (supplier of updated 
snack package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 02 Jan 2013 00:56:47 +0100
Source: snack
Binary: libsnack2 libsnack2-alsa python-tksnack libsnack2-dev libsnack2-doc
Architecture: source amd64 all
Version: 2.2.10-dfsg1-12.1
Distribution: unstable
Urgency: low
Maintainer: Sergei Golovan <sgolo...@debian.org>
Changed-By: John Paul Adrian Glaubitz <glaub...@physik.fu-berlin.de>
Description: 
 libsnack2  - Sound extension to Tcl/Tk and Python/Tkinter - Tcl/Tk library
 libsnack2-alsa - Sound extension to Tcl/Tk and Python/Tkinter - Tcl/Tk library
 libsnack2-dev - Sound extension to Tcl/Tk and Python/Tkinter - development 
files
 libsnack2-doc - Sound extension to Tcl/Tk and Python/Tkinter - documentation
 python-tksnack - Sound extension to Tcl/Tk and Python/Tkinter - Python library
Closes: 695614
Changes: 
 snack (2.2.10-dfsg1-12.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Include patch by Michael Karcher to fix CVE-2012-6303 (Closes: #695614).
Checksums-Sha1: 
 d904cedf3a86fec64ab3f45bd960776d400d5265 2053 snack_2.2.10-dfsg1-12.1.dsc
 05e3b4269a60c0132b29a4c105ef783afd313aa5 656156 snack_2.2.10-dfsg1.orig.tar.gz
 4c534576af9d714b2d64a6687e49bc05531b08a7 9766 snack_2.2.10-dfsg1-12.1.diff.gz
 900ec5acdb9eb8e7ad4e69c94b4204a8512e02ff 414202 
libsnack2_2.2.10-dfsg1-12.1_amd64.deb
 96b574a5c37b5ed0fcde8e946ec4c3957418a58f 59012 
libsnack2-dev_2.2.10-dfsg1-12.1_amd64.deb
 3097f11ce5bf38ad240cf6fc31ae8f5e5bc4f2fe 407514 
libsnack2-alsa_2.2.10-dfsg1-12.1_amd64.deb
 4ea50258d6a2fbccde6896539edf0d39e7d1c1f7 32826 
python-tksnack_2.2.10-dfsg1-12.1_all.deb
 802a851f1c3d9212531e6c3f307fd792cc53dbba 226582 
libsnack2-doc_2.2.10-dfsg1-12.1_all.deb
Checksums-Sha256: 
 cda1d5fe7749acd8f7bf5de050dd96aae23a08975550be8ee3403db006d2e967 2053 
snack_2.2.10-dfsg1-12.1.dsc
 596396e3c7dcace8fd112a9e16d027d37f7f227096fb1b03afe1ef28f9311ac4 656156 
snack_2.2.10-dfsg1.orig.tar.gz
 1e40efaaac14b3aba17886f825302c2f3964937dd39755fcd9d5461f793bd598 9766 
snack_2.2.10-dfsg1-12.1.diff.gz
 f20a2f534376faa5e67d8cb7bc9b722e0aada564d210d16f92a5acc94c4d58ed 414202 
libsnack2_2.2.10-dfsg1-12.1_amd64.deb
 bcefb10187fe6ebc0801174ba392a3263aa98c4fd74f529c444cbf97ba70ae22 59012 
libsnack2-dev_2.2.10-dfsg1-12.1_amd64.deb
 02ee4e0d582bb232582a6d1842ff71f723691e63f4ef33776343b258a3ca3226 407514 
libsnack2-alsa_2.2.10-dfsg1-12.1_amd64.deb
 1bd9bfba91681c3b31ef8e5760cc11bd2116632bd1d2ad9ab35840673d7e6527 32826 
python-tksnack_2.2.10-dfsg1-12.1_all.deb
 76b35f58918141230c5201a6afa49e5655f8fa5edc161698d7e2e737f1f245a2 226582 
libsnack2-doc_2.2.10-dfsg1-12.1_all.deb
Files: 
 e620bd1d7793afdb949a6172881352b9 2053 sound optional 
snack_2.2.10-dfsg1-12.1.dsc
 7b29d83a8dc163ea8dcf7bf3f461db79 656156 sound optional 
snack_2.2.10-dfsg1.orig.tar.gz
 f20481a0b6ef43f94c9dea52191a44d5 9766 sound optional 
snack_2.2.10-dfsg1-12.1.diff.gz
 b2596d732330dcd683f11a10987d7526 414202 libs optional 
libsnack2_2.2.10-dfsg1-12.1_amd64.deb
 ac17f159312cb884e7cd5865e35bbe6a 59012 libdevel optional 
libsnack2-dev_2.2.10-dfsg1-12.1_amd64.deb
 4431a4f10e6981959778bfddf54aef3e 407514 libs optional 
libsnack2-alsa_2.2.10-dfsg1-12.1_amd64.deb
 71ad97f3b2aa5dc43707c9d263d421f8 32826 python optional 
python-tksnack_2.2.10-dfsg1-12.1_all.deb
 686697d0e0aadec3e5525982bcb93ec7 226582 doc optional 
libsnack2-doc_2.2.10-dfsg1-12.1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJQ43jFAAoJEHQmOzf1tfkT6zwP/3UFVYVldNJSZUjNFUgfg4bo
ejCh4zVmCL8rC5/l2zaSP+mxKi4oNCLyepnltIot4sgonK/tNvfXB1Fi4iBZuDA8
t1c8/kzMKVfbGsn7XNuEhvWfFbY303nNMS8l22wsoDBqQY3IWmEussRUUhEtbwQx
zgAAPXG0JvjSQkQlCgC5RbMTZDwokaPLqlVsRyM9Z/BhJN9NmRbRbLmvch1ftayq
SCjfOPizn+cfZjrWw38iD3ldcNTaUcztf2mfPWFUbtDReWKs2eQpnLpEMq9cKZuc
nrFFb8ArbsjET4qQmQSdwjQ+0ndhB/IbrrKzHLIPCvl/zkSOv+z/wpfThOm+Zh+H
CMj2leaIA1FgPfX+1To79FGfPED72sQF3pjU0IoLr0AikGsiGhk05fut9sbsqqGA
zKdlkBr1MQOM0qXwqgMFrillpoEmFt2TcwkCaztIhHZZD93/chwvu2CJabW3A6v6
RR/8cbFd/yT5Uye1+nlSCmL5swPnyCsuX3eS0JePQLSJqhIhjV4+ZDymgWCzfwrt
WcnvJKACX9USufK8gvRbUwm9or/Hlc9OmhNHFMeXVbjzYtOsGIh8sSWCtOn18zXu
GJd5jpc7b9Owgj5nA046Mbd/zeKTog6E6U79c+ImNa+j4psdhcHA2Ws+csvVh5Tn
7EsS4PSj6KJ64e8RyQhW
=nwOY
-----END PGP SIGNATURE-----

--- End Message ---