Your message dated Sat, 17 Mar 2018 09:49:25 +0000 with message-id <e1ex8sr-00012u...@fasolo.debian.org> and subject line Bug#893130: fixed in libvorbis 1.3.5-4.2 has caused the Debian Bug report #893130, regarding libvorbis: CVE-2018-5146: out-of-bounds memory write to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 893130: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893130 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libvorbis Version: 1.3.4-2 Severity: grave Tags: patch security upstream Control: fixed -1 1.3.4-2+deb8u1 Control: fixed -1 1.3.5-4+deb9u2 Hi, the following vulnerability was published for libvorbis. CVE-2018-5146[0]: out-of-bounds memory write If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-5146 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146 [1] https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/ [2] https://git.xiph.org/?p=vorbis.git;a=commit;h=667ceb4aab60c1f74060143bb24e5f427b3cce5f Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libvorbis Source-Version: 1.3.5-4.2 We believe that the bug you reported is fixed in the latest version of libvorbis, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 893...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libvorbis package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 16 Mar 2018 22:26:37 +0100 Source: libvorbis Binary: libvorbis0a libvorbisenc2 libvorbisfile3 libvorbis-dev libvorbis-dbg Architecture: source Version: 1.3.5-4.2 Distribution: unstable Urgency: medium Maintainer: Debian Xiph.org Maintainers <pkg-xiph-ma...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 893130 Description: libvorbis-dbg - debug files for Vorbis General Audio Compression Codec libvorbis-dev - development files for Vorbis General Audio Compression Codec libvorbis0a - decoder library for Vorbis General Audio Compression Codec libvorbisenc2 - encoder library for Vorbis General Audio Compression Codec libvorbisfile3 - high-level API for Vorbis General Audio Compression Codec Changes: libvorbis (1.3.5-4.2) unstable; urgency=medium . * Non-maintainer upload. * Prevent out-of-bounds write in codebook decoding (CVE-2018-5146) (Closes: #893130) Checksums-Sha1: 41b367c93ae3acdf783f10d7afe5e1b9a55ef994 2546 libvorbis_1.3.5-4.2.dsc a5e9d1232426c9379ffec0b80620e80129c3a318 12340 libvorbis_1.3.5-4.2.debian.tar.xz Checksums-Sha256: 074430404ed9851708fa99c6028c6419c2eae6d57299e623b443d6079f8b3d87 2546 libvorbis_1.3.5-4.2.dsc 22d0f18332c7f5fb06b8366e1653d18165284c07152a3af7872b70cde3a7fdfc 12340 libvorbis_1.3.5-4.2.debian.tar.xz Files: 9412a65284d7f5b936b94abf6f46ee27 2546 libs optional libvorbis_1.3.5-4.2.dsc ca8a01e8ca40e87b85d8ea23c4e5483f 12340 libs optional libvorbis_1.3.5-4.2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqsyNRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89ETukQAIKSzWobwCdLto42itHscgPIvqv3GqPd gAfi2b7wErTim6vbHJmAZYxRFPvEsBMce/fqTfD11hW5yp8U5ZtCjWOSH3I+42iI CM2IxU5z4it5s3nFga/eu5CnFCHf0J3Jem5ahJgA9IHQx+DWmxJcOpG2mNvg39UP 8CECTTsI+LhU4uKscOV5CilxO6zgQ53kmsVtAIYx1qImnoO2psu6q4/Jqz5cP7V4 0t5sQS2RUC4x5R8HEzkFFl5vVW3B7jH/qrke3ANVY51rOf8GnJNT0Fc3sC3jGrcQ X9cKg4IwBkFTvNrEFSOoHr6CbkiauruYnWJLo8b534pVzDKVmoVXtFMPhF4m5+h9 x8JnX9uuyDvGx+AVTB+vHtLm+K2ocL4H0Y8ekSibr7OSW1epWZnZCYcky4+ZvVMw 8SFSf7Lh5SpbFu8nAP7Zpl8qF+Z5GDUoBzjqkuPONiOYVbqNHb7p2RTufNngk/Qj YVvB7x5CQGUffuwji9frr3crceMiFG8c46NbqQYc77PITZHwzR6djI/CM6MFVvWk EFpQ1+R6RGWoVXqEsxlzKOXfCxXqOWptt4Kpo2M2G1THpT7csWnONWgoQdLSlkqZ yFkQD4YzZ6VDgnNYkhIx6kvoNwyG1iLpHE8bkOk14q+ua1uZkErAt4aQaWy62s+a P972knBHC/h1 =mYM9 -----END PGP SIGNATURE-----
--- End Message ---
