Your message dated Mon, 17 Jul 2006 11:17:03 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#378279: fixed in adplug 2.0.1-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: adplug
Version: 2.0-3 1.5.1-6
Severity: serious
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
CVE-2006-3582: "Multiple stack-based buffer overflows in AdPlug 2.0 and
earlier allow remote user-complicit attackers to execute arbitrary code
via the size specified in the package header of (1) CFF, (2) MTK, (3)
DMO, and (4) U6M files."
CVE-2006-3581: "Multiple stack-based buffer overflows in AdPlug 2.0 and
earlier allow remote user-complicit attackers to execute arbitrary code
via large (1) DTM and (2) S3M files."
These are fixed in CVS. There has been no new upstream release since
these fixes were committed on July 5th.
Patches are available; fixed files and versions appear to be:
src/dmo.h 1.9 [1]
src/mtk.cpp 1.4 [2]
src/cff.h 1.10 [3]
src/dtm.h 1.5 [4]
src/cff.cpp 1.17 [5]
src/s3m.cpp 1.7 [6]
src/dtm.cpp 1.7 [7]
src/u6m.cpp 1.6 [8]
src/mtk.h 1.4 [9]
src/dmo.cpp [10]
The original advisory [11] also reports a sample exploit [12], but I
have not tried it. I believe that adplug in sarge is also affected,
but have not confirmed.
Please mention the CVE in your changelog.
Thanks,
Alec
[1] http://adplug.cvs.sourceforge.net/adplug/adplug/src/dmo.h
[2] http://adplug.cvs.sourceforge.net/adplug/adplug/src/mtk.cpp
[3] http://adplug.cvs.sourceforge.net/adplug/adplug/src/cff.h
[4] http://adplug.cvs.sourceforge.net/adplug/adplug/src/dtm.h
[5] http://adplug.cvs.sourceforge.net/adplug/adplug/src/cff.cpp
[6] http://adplug.cvs.sourceforge.net/adplug/adplug/src/s3m.cpp
[7] http://adplug.cvs.sourceforge.net/adplug/adplug/src/dtm.cpp
[8] http://adplug.cvs.sourceforge.net/adplug/adplug/src/u6m.cpp
[9] http://adplug.cvs.sourceforge.net/adplug/adplug/src/mtk.h
[10] http://adplug.cvs.sourceforge.net/adplug/adplug/src/dmo.cpp
[11] http://aluigi.altervista.org/adv/adplugbof-adv.txt
[12] http://aluigi.org/poc/adplugbof.c
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEuCOTAud/2YgchcQRAuEjAKDJ+RHhjef4LySH1DMm/dL0IuUobQCfbaLr
Klb8DydIreRxXyCmeS+V5ZE=
=urRR
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: adplug
Source-Version: 2.0.1-1
We believe that the bug you reported is fixed in the latest version of
adplug, which is due to be installed in the Debian FTP archive:
adplug-utils_2.0.1-1_i386.deb
to pool/main/a/adplug/adplug-utils_2.0.1-1_i386.deb
adplug_2.0.1-1.diff.gz
to pool/main/a/adplug/adplug_2.0.1-1.diff.gz
adplug_2.0.1-1.dsc
to pool/main/a/adplug/adplug_2.0.1-1.dsc
adplug_2.0.1.orig.tar.gz
to pool/main/a/adplug/adplug_2.0.1.orig.tar.gz
libadplug-dev_2.0.1-1_i386.deb
to pool/main/a/adplug/libadplug-dev_2.0.1-1_i386.deb
libadplug0c2a_2.0.1-1_i386.deb
to pool/main/a/adplug/libadplug0c2a_2.0.1-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Baumann <[EMAIL PROTECTED]> (supplier of updated adplug package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 17 Jul 2006 19:48:00 +0200
Source: adplug
Binary: libadplug0c2a adplug-utils libadplug-dev
Architecture: source i386
Version: 2.0.1-1
Distribution: unstable
Urgency: high
Maintainer: Daniel Baumann <[EMAIL PROTECTED]>
Changed-By: Daniel Baumann <[EMAIL PROTECTED]>
Description:
adplug-utils - free AdLib sound library (utils)
libadplug-dev - free AdLib sound library (development)
libadplug0c2a - free AdLib sound library
Closes: 378279
Changes:
adplug (2.0.1-1) unstable; urgency=high
.
* New upstream release:
- fixes multiple remote stack-based buffer overflows CVE-2006-3582
CVE-2006-3581 (Closes: #378279).
Files:
dc48b6b5ce7f4911e08a63f30c76973e 624 libs optional adplug_2.0.1-1.dsc
c9a9259dbc6a21424b9caaa24f64a01b 975975 libs optional adplug_2.0.1.orig.tar.gz
9fdee39afb579457d9ae13ec4b90904c 3265 libs optional adplug_2.0.1-1.diff.gz
36b8eb015dedde03a599606af683a407 179250 libs optional
libadplug0c2a_2.0.1-1_i386.deb
3bd7594245976414accb5b3dc6680b44 239936 libdevel optional
libadplug-dev_2.0.1-1_i386.deb
e26c05f99b5a19934d6a4a68d5186e8e 24980 utils optional
adplug-utils_2.0.1-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEu8+Y+C5cwEsrK54RAlp1AKCi4WVcXMFK3/fb0bA5JG3JjFqnSQCgkzIk
jgydGKO7ECBr+xmne5B7QFw=
=W4Xy
-----END PGP SIGNATURE-----
--- End Message ---
