Your message dated Thu, 24 Nov 2016 13:00:29 +0200
with message-id <1479985229.2088.69.ca...@coaxion.net>
and subject line Re: Bug#845375: gst-plugins-good1.0: heap corruption
vulnerability in the gstreamer decoder for the FLIC file format
has caused the Debian Bug report #845375,
regarding gst-plugins-good1.0: CVE-2016-9634 CVE-2016-9635 CVE-2016-9636
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
845375: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845375
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gst-plugins-good1.0
Version: 1.4.4-2
Severity: grave
Tags: security upstream patch
Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=774834
Hi
See
https://scarybeastsecurity.blogspot.ch/2016/11/0day-exploit-advancing-exploitation.html
(there is no CVE assigned yet).
Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=774834
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Version: 1.10.1-2
On Tue, 2016-11-22 at 22:00 +0100, Salvatore Bonaccorso wrote:
> Source: gst-plugins-good1.0
> Version: 1.4.4-2
> Severity: grave
> Tags: security upstream patch
> Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=774834
>
> Hi
>
> See
> https://scarybeastsecurity.blogspot.ch/2016/11/0day-exploit-
> advancing-exploitation.html (there is no CVE assigned yet).
>
> Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=774834
Forgot to close this one with my 1.10.1-2 upload. But that one contains
the fixes for these CVEs.
signature.asc
Description: This is a digitally signed message part
--- End Message ---
