Bug#711163: marked as done (srtp: CVE-2013-2139)

Mon, 22 Jul 2013 16:10:02 -0700 

Your message dated Mon, 22 Jul 2013 23:05:37 +0000
with message-id <e1v1paf-0001ds...@franck.debian.org>
and subject line Bug#711163: fixed in srtp 1.4.5~20130609~dfsg-1
has caused the Debian Bug report #711163,
regarding srtp: CVE-2013-2139
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
711163: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711163
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: srtp
Severity: grave
Tags: security

This was assigned CVE-2013-2139:
http://seclists.org/fulldisclosure/2013/Jun/10

Fix:
https://github.com/cisco/libsrtp/pull/27

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: srtp
Source-Version: 1.4.5~20130609~dfsg-1

We believe that the bug you reported is fixed in the latest version of
srtp, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 711...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jonas Smedegaard <d...@jones.dk> (supplier of updated srtp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 23 Jul 2013 00:22:19 +0200
Source: srtp
Binary: libsrtp0-dev libsrtp0 srtp-docs srtp-utils
Architecture: source all amd64
Version: 1.4.5~20130609~dfsg-1
Distribution: unstable
Urgency: low
Maintainer: Jonas Smedegaard <d...@jones.dk>
Changed-By: Jonas Smedegaard <d...@jones.dk>
Description: 
 libsrtp0   - Secure RTP (SRTP) and UST Reference Implementations - shared libr
 libsrtp0-dev - Secure RTP (SRTP) and UST Reference Implementations - 
development
 srtp-docs  - Secure RTP (SRTP) and UST Reference Implementations - documentati
 srtp-utils - Secure RTP (SRTP) and UST Reference Implementations - utilities
Closes: 628583 711163
Changes: 
 srtp (1.4.5~20130609~dfsg-1) unstable; urgency=low
 .
   [ upstream ]
   * New snapshot of Git source.
     + Includes fix for CVE-2013-2139.
       Closes: bug#711163. Thanks to Moritz Muehlenhoff.
 .
   [ Jonas Smedegaard ]
   * Update README.source to emphasize control.in file as *not* a
     show-stopper for contributions, referring to wiki page for details.
   * Have git-import-orig avoid .git-ignore files.
   * Remove debian/source/local-options: abort-on-upstream-changes and
     unapply-patches are default in dpkg-source since 1.16.1.
   * Bump debhelper compatibility level to 8.
   * Use canonical hostname (anonscm.debian.org) in Vcs-* URIs.
   * Update Homepage to use Github URL.
   * Update CDBS upstream-tarball hints to use Github source.
   * Update watch file to use Github URL.
   * Strip releases subdir when repackaging upstream tarball.
   * Tidy patches:
     + Unfuzz and refresh with shortening quilt options.
     + Tidy DEP-3 headers.
   * Update copyright and licensing info:
     + Add git URL as alternate source.
     + Update Source and Upstream-Contact to use Github URLs.
     + Bump copyright file format to 1.0.
     + Fix adjust copyright file header section to mention repackaging in
       Source paragraph and use only a single Files-Excluded paragraph.
     + Extend copyright coverage for autotools to include recent years.
     + Fix add License section for GAP~configure.
     + Bump packaging license to GPL-3+, and extend copyrigt coverage for
       myself to include recent years.
     + Fix include license verbatim and label it as derived: GPL-2+~file.
   * Relax to build-depend unversioned on debhelper, devscripts and cdbs:
     Needed versions satisfied even in oldstable.
   * Bump standards-version to 3.9.4.
   * Drop done TODO items.
 .
   [ Daniel Pocock ]
   * Fix bus error in cipher_test causing FTBFS on sparc64.
     Closes: bug#628583. Thanks to Tzafrir Cohen.
   * Fix support forced 64bit alignment.
   * Fix stat driver test. Thanks to John Foley.
   * Tweak documentation build to fix errors.
Checksums-Sha1: 
 5914b9c16ff0915cf4f55d7f49a460e87e3afdab 2230 srtp_1.4.5~20130609~dfsg-1.dsc
 1276b78ad6d6c8d16a1c4cee0bf29b7fba41d72c 251824 
srtp_1.4.5~20130609~dfsg.orig.tar.gz
 381b67125816dfcd8c5750dc72e1d9268bb5a7ab 15288 
srtp_1.4.5~20130609~dfsg-1.debian.tar.gz
 fcd46fbd80a244d58bd82d8e4b0137b374bff7c2 247010 
srtp-docs_1.4.5~20130609~dfsg-1_all.deb
 542e0dbcf9071f80e95cc0bec6b2688a1a367cd5 111316 
libsrtp0-dev_1.4.5~20130609~dfsg-1_amd64.deb
 bffda56af7fbcd0265dd971873f9f9650ab04f31 72938 
libsrtp0_1.4.5~20130609~dfsg-1_amd64.deb
 25ffa79d0e6059ec816bc0d7d6a7d14622e12014 310544 
srtp-utils_1.4.5~20130609~dfsg-1_amd64.deb
Checksums-Sha256: 
 ac57f2daa1728db0b098b2c82c7d4a730ce5585b2ea4527b726c7e9cb331e803 2230 
srtp_1.4.5~20130609~dfsg-1.dsc
 32083ced5621613a0190e4f0d5e7486aa0deb7d3a8f02d7d8bb45c57d0920584 251824 
srtp_1.4.5~20130609~dfsg.orig.tar.gz
 dec8b8954a08ec1f2445e975fe7839d90f0c7786a81d422c230de933b51e51ff 15288 
srtp_1.4.5~20130609~dfsg-1.debian.tar.gz
 aaa3a09ff2e223326cc1817623d39f1256fe138ee1fc75b3e01d7675c36eb3f8 247010 
srtp-docs_1.4.5~20130609~dfsg-1_all.deb
 458262a587300bf445123d918a404175fbbe6f848b09ddb17d27d2c832b818f5 111316 
libsrtp0-dev_1.4.5~20130609~dfsg-1_amd64.deb
 327978aec81d6ff1559f3dfde6cf822676bc296a97045cd8202836f495da4e9e 72938 
libsrtp0_1.4.5~20130609~dfsg-1_amd64.deb
 ca934a9a45f260a83ea3e9c885b55c0baef6ae27e6dc8011818f87c0e34c7bae 310544 
srtp-utils_1.4.5~20130609~dfsg-1_amd64.deb
Files: 
 c085896b2bda4322d7e40861030c21e4 2230 libs optional 
srtp_1.4.5~20130609~dfsg-1.dsc
 ed80a9530f8d12d8332897b246f27151 251824 libs optional 
srtp_1.4.5~20130609~dfsg.orig.tar.gz
 96dc50f12c6caf964b96727014568a54 15288 libs optional 
srtp_1.4.5~20130609~dfsg-1.debian.tar.gz
 02e99e2b2452cfcfa74af6b26c0d5d9a 247010 doc optional 
srtp-docs_1.4.5~20130609~dfsg-1_all.deb
 faab80e10e2b022c8f3baee7415411f5 111316 libdevel optional 
libsrtp0-dev_1.4.5~20130609~dfsg-1_amd64.deb
 5aeecbfabaeea70fe5bfab2b84fabead 72938 libs optional 
libsrtp0_1.4.5~20130609~dfsg-1_amd64.deb
 9faf94e527feb5d112f67eb629c37bf3 310544 libs optional 
srtp-utils_1.4.5~20130609~dfsg-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJR7bboAAoJECx8MUbBoAEhiAEQAJmiTOFtuPDXDgO2BA3tFWtR
rlj70y3UMsQi2PycFs011rCHJ9mha+W1Bk/v3XBmBKqYCQBPsYzQKW9AGKRCqkf0
5zChQjAezTp263vNlk91zgrdpGAxgJWaR75ySdp6UwU/LZmGeW/qSd8pspL2ZKp6
sG+vMhufuMDgbbp2MojRvXblBes1HHqPJmplc1x/TLK0MWxB+fwnwsb10WFcIglK
bIMDjxnTeF71u6pT6lGbiPggzYXkjVQD3uu6yj887Owr18GrrFuTG4ZBAbbhIqVR
Lw7WME5NbmglZqjFRECHjBWaoTwlBB+zgn4iCc/3tMYQdx35cooeV1Erj0+Jgp4g
M05kGrkznt87/lnpeLC1JrBUx6aIBFLWZNePeBoLIhG9pl1TnOfoMDOlcGwE1kjR
6g4ZQt8ZjqahtoBJx0oh6ATjHiLbLxshphT0qlL2zjNq761emzJSjT38V1ZP5alt
EPff16EBvBFIsc0P5qp48s3tHHVIOIYj8JfU+q+4CMrEVvMkfDn6SNH4m0AAbleq
+Fl/m42ABwt5xQcW5WWyZNkBBrXqwrYNYoOnaPw3HtaUpc35ydMupUo7KlOKiQNN
4R2gqSRdW2+I7cdTqJCkVf5TKwyx8W4NoiaYWpSp68fZCWqKcTqaGdLJuetav8IA
BWgpkpydSF4YG0jOkqVs
=4dXD
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to