Your message dated Tue, 20 Jun 2017 13:46:50 +0000
with message-id <[email protected]>
and subject line Bug#864704: fixed in libsndfile 1.0.28-1
has caused the Debian Bug report #864704,
regarding libsndfile: CVE-2017-6892
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
864704: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864704
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libsndfile
Version: 1.0.25-9.1
Severity: important
Tags: upstream security patch
Hi,
the following vulnerability was published for libsndfile.
CVE-2017-6892[0]:
| In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()"
| function (aiff.c) can be exploited to cause an out-of-bounds read
| memory access via a specially crafted AIFF file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-6892
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6892
[1]
https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libsndfile
Source-Version: 1.0.28-1
We believe that the bug you reported is fixed in the latest version of
libsndfile, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
IOhannes m zmölnig (Debian/GNU) <[email protected]> (supplier of updated
libsndfile package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 20 Jun 2017 15:03:55 +0200
Source: libsndfile
Binary: libsndfile1-dev libsndfile1 sndfile-programs
Architecture: source
Version: 1.0.28-1
Distribution: unstable
Urgency: medium
Maintainer: Erik de Castro Lopo <[email protected]>
Changed-By: IOhannes m zmölnig (Debian/GNU) <[email protected]>
Description:
libsndfile1 - Library for reading/writing audio files
libsndfile1-dev - Development files for libsndfile; a library for
reading/writing a
sndfile-programs - Sample programs that use libsndfile
Closes: 864704
Changes:
libsndfile (1.0.28-1) unstable; urgency=medium
.
* New upstream version 1.0.28
.
* d/patches/
* Removed patches applied upstream
* Refreshed patches
* Backported patch for fixing CVE-2017-6892
(Closes: #864704)
* Fixed more typos
* d/control: single line per Depends
* Switched packaging to shorthand dh
* Build automatic debug packages
* Dropped setting of DEB_*_GNU_TYPE and friends
* Raised debhelper compat to 10
* Dropped B-D on dh-autoreconf
* B-D on autotools-dev
* Use DEP5 for d/copyright
* Bumped standards version to 4.0.0
*
Checksums-Sha1:
94a8c055a1e8849c1670949ad7c742c3b2213581 2195 libsndfile_1.0.28-1.dsc
85aa967e19f6b9bf975601d79669025e5f8bc77d 1202833 libsndfile_1.0.28.orig.tar.gz
cf1997042fddf338f296bb47a1cb30b25dc42209 12288
libsndfile_1.0.28-1.debian.tar.xz
3706975134120554d18f0a53347ff963453322cf 6971
libsndfile_1.0.28-1_amd64.buildinfo
Checksums-Sha256:
2add75d023ec908ae94396e2a2e0ac83f0ad9e6ddb5b238419c91c5e91b22981 2195
libsndfile_1.0.28-1.dsc
1ff33929f042fa333aed1e8923aa628c3ee9e1eb85512686c55092d1e5a9dfa9 1202833
libsndfile_1.0.28.orig.tar.gz
64cc02577add5f93352ffbd52f65e0b134cfe322b0c95f096e0b6a4f337b9a22 12288
libsndfile_1.0.28-1.debian.tar.xz
3c5e7d1493617536dc45eb906ee4875d9d04348a1f9e31bc91c398685028f82a 6971
libsndfile_1.0.28-1_amd64.buildinfo
Files:
b2b808eb68aea9fb3b79c69d49d79561 2195 devel optional libsndfile_1.0.28-1.dsc
646b5f98ce89ac60cdb060fcd398247c 1202833 devel optional
libsndfile_1.0.28.orig.tar.gz
786f9a2fb9d1f6190bddd6ce5c99b1ca 12288 devel optional
libsndfile_1.0.28-1.debian.tar.xz
c390acc1b0df39ba1d9f897921b5f1e5 6971 devel optional
libsndfile_1.0.28-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEdAXnRVdICXNIABVttlAZxH96NvgFAllJHsgACgkQtlAZxH96
Nviopw/+P5iWwfQXiNY9/poolA8/27gF2F3XC2H5j4XNZa4BOx9jllXycrEkvrQ+
haL6dKbFsGR/iWqA1v/G+7aXv/r6gybBnxdG/kpNzP8lNXXsjZOocDHbqaSoL4ku
HUrEiLaynTQTJKVk11/rS+4MH2rG5FsX4Jep+l3V3jgucgZYfbYiw0v7kt5kxUTp
7dNTa/olylEEmtHM7oM4Kd2cvqweWFSeQ1oE1t9s36wdidQ4gHQ+Of85jIRElR13
Oymyq8yzAGQ1lrsuvH5wSt6G7bziGIEyqr8nk+BQRCKgYhnCn2JcykeR7thD0i3/
5bLJX46U93S7brxCHT1ymKzwgM/LWhHTSa2dJBUnGNf++vbU1iV3YbeO43qFJX8z
t974cid8ifgwqZuSmCI18jE36lt8COdRur/ARPsMEszcwy8PkTbJJ+tGEu+mIpE8
ff9yi/d2JZ9BoW5h07c5ktf3L7Gnj2gZTuVHpFZv7gsirULQSJZKqL10y4JAK98z
fd9BOdO9/Khb7CTXugeQSVXeF648IZvOf4TWQ6D7pt2UVRykkbufPTGqSOn6p8zV
jOHB6NYUN+9ZNgwSADwzRpdoumBZSKf+JM1psRURZfxsuEIs3wxKkeo9NpKkZJK7
ub17JefzREMDLwjoWIWn/F1lmUbfhs3vtUXCKU0gVRGYWRA1lzA=
=Kvjq
-----END PGP SIGNATURE-----
--- End Message ---
