Your message dated Sun, 17 Jan 2016 12:48:50 +0000 with message-id <[email protected]> and subject line Bug#793320: fixed in wavpack 4.75.2-1 has caused the Debian Bug report #793320, regarding /usr/lib/x86_64-linux-gnu/libwavpack.so.1.1.6: executable stack in libwavpack.so.1.1.6 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 793320: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793320 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: libwavpack1 Version: 4.75.0-1 Severity: important File: /usr/lib/x86_64-linux-gnu/libwavpack.so.1.1.6 Hi, it seems that wavpack on x86_64 is shipped with an executable stack: readelf -l /usr/lib/x86_64-linux-gnu/libwavpack.so.1.1.6 |grep -A1 GNU_STACK GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 RWE 10 That's usually a *very* bad idea, especially in a media library, where stack-based buffer overflows can be quite common. Can you please disable it? Regards, -- Yves-Alexis Perez -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (450, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.0.8-grsec+ (SMP w/4 CPU cores; PREEMPT) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libwavpack1:amd64 depends on: ii libc6 2.19-19 libwavpack1:amd64 recommends no packages. libwavpack1:amd64 suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: wavpack Source-Version: 4.75.2-1 We believe that the bug you reported is fixed in the latest version of wavpack, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sebastian Ramacher <[email protected]> (supplier of updated wavpack package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 17 Jan 2016 13:39:23 +0100 Source: wavpack Binary: libwavpack1 libwavpack-dev wavpack Architecture: source Version: 4.75.2-1 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers <[email protected]> Changed-By: Sebastian Ramacher <[email protected]> Description: libwavpack-dev - audio codec (lossy and lossless) - development files libwavpack1 - audio codec (lossy and lossless) - library wavpack - audio codec (lossy and lossless) - encoder and decoder Closes: 793320 Changes: wavpack (4.75.2-1) unstable; urgency=medium . * Team upload. * New upstream release. * debian/patches/mark-stack-non-executable.patch: Mark stack as non-executable. Thanks to Russell Coker for the patch. (Closes: #793320) * debian/control: Remove ${shlibs:Depends} from libwavpack-dev's Depends. Checksums-Sha1: ae80332e6cf6ad669184c6d8cdeb69e6f1ffa32a 2117 wavpack_4.75.2-1.dsc 9025eab39f9db05f39f88db70891a2421d124435 439798 wavpack_4.75.2.orig.tar.bz2 5848604b4c8d63d447b826d237d9fb43f4ba5705 5764 wavpack_4.75.2-1.debian.tar.xz Checksums-Sha256: 704f39bf82249764f02fe81c13eb7ff77a3d8ab5dbe06952240f5c96239740e7 2117 wavpack_4.75.2-1.dsc 7d31b34166c33c3109b45c6e4579b472fd05e3ee8ec6d728352961c5cdd1d6b0 439798 wavpack_4.75.2.orig.tar.bz2 e9094451db0a12c235170a81e1bb86f2ac69f78bbdfcdc40d4bc71d83eba2b93 5764 wavpack_4.75.2-1.debian.tar.xz Files: 72df14d33fe9b329f464c1b9c992859f 2117 sound optional wavpack_4.75.2-1.dsc e8bbc4c3382f9148918ad7b896e10ac1 439798 sound optional wavpack_4.75.2.orig.tar.bz2 db10434152ab8847b3bb37d536c875aa 5764 sound optional wavpack_4.75.2-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWm4vfAAoJEGny/FFupxmThPAP/3qZpJKZGnA5BJgQg8WMywOk iDOuwhiwzLVsDkiwuqO+OXWo06t6pawfbV5NKNxCUvvFmx9WKOWVDmQcv50mcRCx ZQbaBSB7QORCYmqGwANXto58RNhMxBwJbi1xDVpphTg0xayGoZHl88PpzVWTCn8U Z0VrGJOSzCvgq8W9+jSHHzN8zEHmIJmkdxNznE41eSnijOs1mojkpiZTJ9DWR2Z6 pNJENv9kFKnoWoqvo+v2BEChhGR9gRFuvMSbTid4EocqVVdOCZHWmsRuWXYuTl34 p3nUs41xIYFw0u2e1g/GeLPWbj0tCytB+BX/741xe1aIP5EfIKTJVXlmRR5DCgRy bxN7KY2+HmPKWnO2daVV6jCcy7asZ/22a2GUKrnOP2xHfYxntNiZ449IdfmrxkAn /JrPxruiBsVLmJ+O/qryEyIfM6s4rM54KZHsYZwoHZG8C1KutqnPFQdzBpoZGGgI xCOF9XTCFnKSzn0Oz1rQh4aNuIyUWPy3nhf0qcuPRyLLq1bJwY6V5YprVHAgsqL7 aDH1uHFlDhkPDII0TdPGntxD9F0Vj2nNFrzm8O+Vv256nTR2z1TmeKPZWwasg9+J qOU5UNP3gQzGy3zKh4RxVXLjHgzAlH8jG9oJd8gBTMjRrDtFXbTwr7cKz51IdjMj IMHj8CTrixSZvAPZrzoS =jjb8 -----END PGP SIGNATURE-----
--- End Message ---
