Bug#784220: marked as done (gst-plugins-bad0.10: CVE-2015-0797: buffer overflow in the plugin for mp4 playback)

Mon, 01 Feb 2016 20:05:16 -0800 

Your message dated Tue, 02 Feb 2016 04:00:32 +0000
with message-id <e1aqs8m-000151...@franck.debian.org>
and subject line Bug#813254: Removed package(s) from unstable
has caused the Debian Bug report #784220,
regarding gst-plugins-bad0.10: CVE-2015-0797: buffer overflow in the plugin for 
mp4 playback
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
784220: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784220
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: gst-plugins-bad0.10
Version: 0.10.23-7.1
Severity: grave
Tags: security upstream patch
Justification: user security hole
Control: fixed -1 0.10.23-7.1+deb7u2

Hi

This is as well for keeping track of this issue in the BTS. In
DSA-3225-1 a buffer overflow in the plugin for mp4 playback was fixed.
For jessie and above the impact is less grave as no browser attack
vector is present. But could you fix this issue as well through a
jessie-pu?

https://security-tracker.debian.org/tracker/CVE-2015-0797
https://www.debian.org/security/2015/dsa-3225

Keeping the severity to RC (unless you dissagree), since
gst-plugins-bad0.10 might be as well a candidate for removal before
the stretch release.

Patch:
https://sources.debian.net/data/main/g/gst-plugins-bad0.10/0.10.23-7.1+deb7u2/debian/patches/buffer-overflow-mp4.patch

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Version: 0.10.23-8.1+rm

Dear submitter,

as the package gst-plugins-bad0.10 has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/813254

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)

--- End Message ---

Reply via email to