Your message dated Wed, 29 Mar 2017 19:32:08 +0000 with message-id <e1ctjkc-0007vs...@fasolo.debian.org> and subject line Bug#857651: fixed in audiofile 0.3.6-2+deb8u2 has caused the Debian Bug report #857651, regarding Multiple security issues to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 857651: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: audiofile Severity: grave Tags: security Hi, please see these security tracker entries for details, which have all the links to the reports, github issues and patches: https://security-tracker.debian.org/tracker/CVE-2017-6829 https://security-tracker.debian.org/tracker/CVE-2017-6831 https://security-tracker.debian.org/tracker/CVE-2017-6832 https://security-tracker.debian.org/tracker/CVE-2017-6833 https://security-tracker.debian.org/tracker/CVE-2017-6834 https://security-tracker.debian.org/tracker/CVE-2017-6835 https://security-tracker.debian.org/tracker/CVE-2017-6836 https://security-tracker.debian.org/tracker/CVE-2017-6837 https://security-tracker.debian.org/tracker/CVE-2017-6838 https://security-tracker.debian.org/tracker/CVE-2017-6839 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: audiofile Source-Version: 0.3.6-2+deb8u2 We believe that the bug you reported is fixed in the latest version of audiofile, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 857...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated audiofile package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 18 Mar 2017 19:28:56 +0100 Source: audiofile Binary: audiofile-tools libaudiofile-dev libaudiofile1 libaudiofile-dbg Architecture: source Version: 0.3.6-2+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintain...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 857651 Description: audiofile-tools - sfinfo and sfconvert tools libaudiofile-dbg - Open-source version of SGI's audiofile library (debug) libaudiofile-dev - Open-source version of SGI's audiofile library (header files) libaudiofile1 - Open-source version of SGI's audiofile library Changes: audiofile (0.3.6-2+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Address several vulnerabilities (Closes: #857651) - Always check the number of coefficients (CVE-2017-6827 CVE-2017-6828 CVE-2017-6832 CVE-2017-6833 CVE-2017-6835 CVE-2017-6837) - clamp index values to fix index overflow in IMA.cpp (CVE-2017-6829) - Check for multiplication overflow in sfconvert (CVE-2017-6830 CVE-2017-6834 CVE-2017-6836 CVE-2017-6838) - Actually fail when error occurs in parseFormat (CVE-2017-6831) - Check for multiplication overflow in MSADPCM decodeSample (CVE-2017-6839) * Fix signature of multiplyCheckOverflow. It returns a bool, not an int * Check for division by zero in BlockCodec::runPull Checksums-Sha1: 9ef62372482313a1af0c8f669410d51822ee0230 2385 audiofile_0.3.6-2+deb8u2.dsc 3aba3ef724b1b5f88cfc20ab9f8ce098e6c35a0e 811733 audiofile_0.3.6.orig.tar.gz 110bf58c6c24d698eb55aa19894f77907517ac22 15512 audiofile_0.3.6-2+deb8u2.debian.tar.xz Checksums-Sha256: 381b03e1b3f7270bcca367769b685e3e6a461cfb5a9ff2f30a72bf9e60205e6b 2385 audiofile_0.3.6-2+deb8u2.dsc cdc60df19ab08bfe55344395739bb08f50fc15c92da3962fac334d3bff116965 811733 audiofile_0.3.6.orig.tar.gz 6f08b8d898317e92b42722f8040d1c6c42ceb717068f40b66251486656910738 15512 audiofile_0.3.6-2+deb8u2.debian.tar.xz Files: d5ac09ee6abc76c7f1cd46187d9d1763 2385 libs optional audiofile_0.3.6-2+deb8u2.dsc 2731d79bec0acef3d30d2fc86b0b72fd 811733 libs optional audiofile_0.3.6.orig.tar.gz ed19806ebe18badf2256636de983482c 15512 libs optional audiofile_0.3.6-2+deb8u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAljNgMxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89ER1UQAINRqHyi+BqRt85Aw7FrivdNCGd3WOBG bU92d/HauItplCS7Eqg5vDS+mtRnDGGQBqFaZO7zjyUnjKaKF8QSEz/DXpt3K49Z B0u4Rb2UZ39mm4WCu60vSNsiD4cUtGj8aLROsz+Aeg5TTvE7ETFMVsW0ZK9V1G8J weazOvS+BBm1axX6es5kuMum5UNzirmkJzWeHUia7MtKOwdsht1f0EDQtrnXFYtb 3veKM+84R98hlunBm0hL+ait2hfSlmwsiy6or3KxK/M4qLapH55xIArZ9OuvW2sL pY5YTnmw1ZKCavaGmbB8MiidiliA/20k3PzpRYDupTfY2NPBrx3p5obNQu/evt9x Db+eDXFGCTdVC/MQpNvAGinDnzmmKbHIfmkqhxwV9DZq9re358whu1crG/HP5fVu tkbqc6sDaltD5c1TmiBkR7lniDKc3SZ7XimAAf4JBjuiqiqRI7thFIHSilpWSQ0X Cl9LZu3lZpa0kF7Eg4DUUAQ7m1w1wNhte7IUng0GW7QArZn7UGWJ3LnD2gqysVbv YaL8Rt2pMYr5L3uiaw5oRv/u76UOOcbzmb5C8EpKgoHD/s9ftVaiPe9OYhW09zqs P1pVkNN0vKlkgTN8Zx459JO7TEvTNh+uzoqGMaximPnAaSbT+GE3cH5h/GTwbV2/ QHakxvDH/lI0 =8Y7S -----END PGP SIGNATURE-----
--- End Message ---
