Your message dated Sun, 08 Sep 2013 19:02:04 +0000 with message-id <e1vikfi-0007ob...@franck.debian.org> and subject line Bug#719462: fixed in libmodplug 1:0.8.8.4-3+deb7u1+git20130828 has caused the Debian Bug report #719462, regarding libmodplug: CVE-2013-4233 CVE-2013-4234 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 719462: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719462 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libmodplug Severity: grave Tags: security Justification: user security hole Hi, please see http://blog.scrt.ch/2013/07/24/vlc-abc-parsing-seems-to-be-a-ctf-challenge/ For the CVE assignments: http://seclists.org/oss-sec/2013/q3/343 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: libmodplug Source-Version: 1:0.8.8.4-3+deb7u1+git20130828 We believe that the bug you reported is fixed in the latest version of libmodplug, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 719...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Zed Pobre <z...@debian.org> (supplier of updated libmodplug package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 02 Sep 2013 22:29:48 -0400 Source: libmodplug Binary: libmodplug1 libmodplug-dev Architecture: source all amd64 Version: 1:0.8.8.4-3+deb7u1+git20130828 Distribution: stable-security Urgency: high Maintainer: Zed Pobre <z...@debian.org> Changed-By: Zed Pobre <z...@debian.org> Description: libmodplug-dev - development files for mod music based on ModPlug libmodplug1 - shared libraries for mod music based on ModPlug Closes: 719462 Changes: libmodplug (1:0.8.8.4-3+deb7u1+git20130828) stable-security; urgency=high . * Merge all changes from latest upstream Git repository (0.8.8.4 with additional patches), including the following security changes: * CVE-2013-4233: fix integer overflow in load_abc.cpp * CVE-2013-4234: fix heap overflows in abc_MIDI_drum and abc_MIDI_gchord * Closes: #719462 Checksums-Sha1: 236b755918a6da0e154a6b6c8714f4f7938a3094 1837 libmodplug_0.8.8.4-3+deb7u1+git20130828.dsc df4deffe542b501070ccb0aee37d875ebb0c9e22 546319 libmodplug_0.8.8.4.orig.tar.gz 47f286e863de1cc33af3880112f98632d99dc6c4 20759 libmodplug_0.8.8.4-3+deb7u1+git20130828.diff.gz 3b580c26529ecbaf951541e786bab6439e82f6c9 27854 libmodplug-dev_0.8.8.4-3+deb7u1+git20130828_all.deb 609b3e61edfcad5d2de32fe27e7a34118506a37b 182910 libmodplug1_0.8.8.4-3+deb7u1+git20130828_amd64.deb Checksums-Sha256: fc32bcf08fb2c37ccdab822324f48e9b8ef7b9b4697f64e6ef1dbf9572c7b2d3 1837 libmodplug_0.8.8.4-3+deb7u1+git20130828.dsc 5c5ee13dddbed144be26276e5f102da17ff5b1c992f3100389983082da2264f7 546319 libmodplug_0.8.8.4.orig.tar.gz 4ab7cf898fc57b7da868f30ae4bacb4acc9dd53ee9c26c21833997b5dbb208ae 20759 libmodplug_0.8.8.4-3+deb7u1+git20130828.diff.gz 475013a1d9f79b899a98df821d8a943fb2394aa16f116c6362dbfd2e78a76f4c 27854 libmodplug-dev_0.8.8.4-3+deb7u1+git20130828_all.deb 54884ba9750b06796c7b8b901bfc02c4680dc6283dad81c3472f08214fffd1bc 182910 libmodplug1_0.8.8.4-3+deb7u1+git20130828_amd64.deb Files: f7b13625d8be7e92e0e2c1ac92abad74 1837 libs optional libmodplug_0.8.8.4-3+deb7u1+git20130828.dsc fddc3c704c5489de2a3cf0fedfec59db 546319 libs optional libmodplug_0.8.8.4.orig.tar.gz d1695f0593a235f73699ea53b0ad144d 20759 libs optional libmodplug_0.8.8.4-3+deb7u1+git20130828.diff.gz 186ca35fa7622263e263d21183e831e8 27854 libdevel optional libmodplug-dev_0.8.8.4-3+deb7u1+git20130828_all.deb e4217b8469711120fbd3d3db6f1cd88a 182910 libs optional libmodplug1_0.8.8.4-3+deb7u1+git20130828_amd64.deb -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJSJj9UAAoJEEj0fFjWHGKDDN0P/1bd6quYZJnTCbmOkhL5P6nR kmpjncv37Xdp9CY9Z0vP33WlX9B5YjAd4wIbGq7BZrrvmyzIO4pKvCTLL36yimSc lnuRjQ1EYRWTPOwj8E4/CQWjPI3eKdQy2yofdqnmMDU0W7MspR6SjSZ/YOXxRD0n FJECxlxSx04FRfzKrdcXSx3ACpBp/9RdoaNXZAjdHipQLUvGCL51FMMuXqxAdpWJ Q+lXj091gkitn4As5AbjBy6JxeeDmnwtxyIxERLHI/ViPPB25z7LOwLsrpNAtiP2 B3u0yyhRJoo0lkzrFc5BYEvUGteHpVm4pYI4JAs5iQWIwy0O3Ns57Av7/Z3cHGz6 8RTok3ck3q15668sdqGHkTYhYn8pCIqtBXfGN56K4l7lSjrVgpJotCHYoviw7aox 0X6j7mm/GXaMmbYg6FzBBNQJ0Q0ZhLKpUsmxT86O9w/L+3QAJVrgAQcFFPyR8m26 5Vc/tP5afsTy/gYPt6YD90v2DKJYNKjeb2UAUINdkjKNaILGHUyC7bd1A2S/AqXC sHry/Rst3daZNWGns6B2YNUeosGGAm2bEHyP62gV8XK3ULl7Ktkm4RN8Z5DMHba+ JyZuMNp2Nptj+9GvvtM0u2evMrOfEiGHW5nWqC/kmSUL27WQSViQbK/jN7QLk3WG 7zbDaEPF7Bk9K2b5PTnt =VRbT -----END PGP SIGNATURE-----
--- End Message ---
