Your message dated Fri, 28 Apr 2006 14:18:01 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#361863: fixed in mpg123 0.59r-22
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: mpg123
Version: 0.59r-21
Severity: grave
Tags: security
cite:
"Unspecified vulnerability in mpg123 0.59r allows user-complicit
attackers to trigger a segmentation fault and possibly have other
impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE:
this issue might be related to CVE-2004-0991, but it is not clear."
Version 0.59r-21 should be fixed against CVE-2004-0991 but segfaults
with the poc-exploit. So it seems to be a different vulnerability
than CVE-2004-0991.
gdb says the segfault is in layer3.c:1185, but debugging this is beyond
me.
If you fix it, please mention the CVE-id in the changelog.
--- End Message ---
--- Begin Message ---
Source: mpg123
Source-Version: 0.59r-22
We believe that the bug you reported is fixed in the latest version of
mpg123, which is due to be installed in the Debian FTP archive:
mpg123-esd_0.59r-22_alpha.deb
to pool/non-free/m/mpg123/mpg123-esd_0.59r-22_alpha.deb
mpg123-esd_0.59r-22_i386.deb
to pool/non-free/m/mpg123/mpg123-esd_0.59r-22_i386.deb
mpg123-esd_0.59r-22_powerpc.deb
to pool/non-free/m/mpg123/mpg123-esd_0.59r-22_powerpc.deb
mpg123-nas_0.59r-22_i386.deb
to pool/non-free/m/mpg123/mpg123-nas_0.59r-22_i386.deb
mpg123-oss-3dnow_0.59r-22_i386.deb
to pool/non-free/m/mpg123/mpg123-oss-3dnow_0.59r-22_i386.deb
mpg123-oss-i486_0.59r-22_i386.deb
to pool/non-free/m/mpg123/mpg123-oss-i486_0.59r-22_i386.deb
mpg123_0.59r-22.diff.gz
to pool/non-free/m/mpg123/mpg123_0.59r-22.diff.gz
mpg123_0.59r-22.dsc
to pool/non-free/m/mpg123/mpg123_0.59r-22.dsc
mpg123_0.59r-22_alpha.deb
to pool/non-free/m/mpg123/mpg123_0.59r-22_alpha.deb
mpg123_0.59r-22_arm.deb
to pool/non-free/m/mpg123/mpg123_0.59r-22_arm.deb
mpg123_0.59r-22_hppa.deb
to pool/non-free/m/mpg123/mpg123_0.59r-22_hppa.deb
mpg123_0.59r-22_i386.deb
to pool/non-free/m/mpg123/mpg123_0.59r-22_i386.deb
mpg123_0.59r-22_m68k.deb
to pool/non-free/m/mpg123/mpg123_0.59r-22_m68k.deb
mpg123_0.59r-22_powerpc.deb
to pool/non-free/m/mpg123/mpg123_0.59r-22_powerpc.deb
mpg123_0.59r-22_sparc.deb
to pool/non-free/m/mpg123/mpg123_0.59r-22_sparc.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Kobras <[EMAIL PROTECTED]> (supplier of updated mpg123 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 28 Apr 2006 18:27:35 +0200
Source: mpg123
Binary: mpg123-esd mpg123-oss-3dnow mpg123-nas mpg123-oss-i486 mpg123
Architecture: alpha arm hppa i386 m68k powerpc source sparc
Version: 0.59r-22
Distribution: unstable
Urgency: high
Maintainer: Daniel Kobras <[EMAIL PROTECTED]>
Changed-By: Daniel Kobras <[EMAIL PROTECTED]>
Description:
mpg123 - MPEG layer 1/2/3 audio player
mpg123-esd - MPEG layer 1/2/3 audio player with Esound support
Closes: 350356 361863
Changes:
mpg123 (0.59r-22) unstable; urgency=high
.
* layer3.c: Fix buffer overflow in III_i_stereo() (CVE-2006-1655).
Closes: #361863
* mpg123.1: Fix several typos in man page. Patch thanks to A Costa.
Closes: #350356
* decode_i386.c: Cheat around strict aliasing problem in WRITE_SAMPLE().
* Makefile: Replace deprecated -mcpu option with -mtune in x86 targets.
* debian/control: Complies with version 3.6.2 of Debian policy. Bump
Standards-Version accordingly.
Files:
1b7af7f99f5da40a23f73ad2c81bcb73 101828 non-free/sound optional
mpg123_0.59r-22_sparc.deb
2e91950f51f8cd35098f0a84fd8d8603 100900 non-free/sound optional
mpg123-oss-3dnow_0.59r-22_i386.deb
3e36a30c7dc8365ad603485286ffa882 99028 non-free/sound optional
mpg123-nas_0.59r-22_i386.deb
553fdd06c744b959c29cd0cd86181c58 92714 non-free/sound optional
mpg123_0.59r-22_m68k.deb
5f0c54690171a19593961e4db56fe32c 107132 non-free/sound optional
mpg123_0.59r-22_powerpc.deb
682d1fc248323c805eedee638162bf7a 108114 non-free/sound optional
mpg123-esd_0.59r-22_powerpc.deb
89fff88cd3bdee5504bedaf20303e091 44058 non-free/sound optional
mpg123_0.59r-22.diff.gz
33bc4841d7a52c12c26c247e1073491c 684 non-free/sound optional
mpg123_0.59r-22.dsc
90037c6cd6d7a60e7f0da247d6d6f9f6 119666 non-free/sound optional
mpg123_0.59r-22_alpha.deb
93e00c032c75f11c585dbe893853d12d 97794 non-free/sound optional
mpg123_0.59r-22_i386.deb
9df6f65d2f87875bb073d2f8252e9682 119168 non-free/sound optional
mpg123-esd_0.59r-22_alpha.deb
9f9f217af2ca09a53159f3207af1740c 97328 non-free/sound optional
mpg123-esd_0.59r-22_i386.deb
d61fdcfc91c12637a94b54f95f355699 112904 non-free/sound optional
mpg123_0.59r-22_hppa.deb
df89626d43b5e3b5eebecb11a9adcf72 108524 non-free/sound optional
mpg123_0.59r-22_arm.deb
e6c00fdfe89428b33fe825bbb31ea6c1 106334 non-free/sound optional
mpg123-oss-i486_0.59r-22_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)
iD8DBQFEUmO5pOKIA4m/fisRAh+RAKDXg1eZPVH4P9ovcTcu7gOKbQeLhACdHidA
tC0I8eWEd7WCcCGnqCk6rv0=
=4iMH
-----END PGP SIGNATURE-----
--- End Message ---
