Your message dated Sat, 20 Mar 2021 06:18:34 +0000
with message-id <[email protected]>
and subject line Bug#985554: fixed in libmediainfo 20.09+dfsg-2
has caused the Debian Bug report #985554,
regarding libmediainfo: CVE-2020-26797
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
985554: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985554
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libmediainfo
Version: 20.09+dfsg-1
Severity: important
Tags: security upstream
Forwarded: https://sourceforge.net/p/mediainfo/bugs/1154/
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for libmediainfo.
CVE-2020-26797[0]:
| Mediainfo before version 20.08 has a heap buffer overflow
| vulnerability via
| MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-26797
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26797
[1] https://sourceforge.net/p/mediainfo/bugs/1154/
[2]
https://github.com/MediaArea/MediaInfoLib/commit/7bab1c3a043784be2c90f2e54a0e5a8d7263eead
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libmediainfo
Source-Version: 20.09+dfsg-2
Done: Chow Loong Jin <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libmediainfo, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chow Loong Jin <[email protected]> (supplier of updated libmediainfo package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 20 Mar 2021 13:41:56 +0800
Source: libmediainfo
Architecture: source
Version: 20.09+dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Chow Loong Jin <[email protected]>
Changed-By: Chow Loong Jin <[email protected]>
Closes: 985554
Changes:
libmediainfo (20.09+dfsg-2) unstable; urgency=medium
.
* [86dabe6] Import https://github.com/MediaArea/MediaInfoLib/pull/1313.patch.
Fixes CVE-2020-26797 (Closes: #985554)
* [9d2ee88] Regenerate the diff so that dpkg-source stops complaining
Checksums-Sha1:
5657bac1b6ecf0f840f275c9b5e6d59d5a5a458d 2314 libmediainfo_20.09+dfsg-2.dsc
0c32f97ec455d49a8c42d799c1793ee24968d176 11472
libmediainfo_20.09+dfsg-2.debian.tar.xz
f202fda2468509df1c1a214660c7c0ae7d282162 8964
libmediainfo_20.09+dfsg-2_source.buildinfo
Checksums-Sha256:
f09519cf2f6dc6ec536589aa04baa624e36f38f4af2dbbec3a30721b5e231d01 2314
libmediainfo_20.09+dfsg-2.dsc
73476b47a84347801a9e56838c2764f09eaa3941f24e9c46155c0a844a8d5d77 11472
libmediainfo_20.09+dfsg-2.debian.tar.xz
adb5d8757b178e7c5dff1a8be4265434f42d07674c8e329ac4ee79715cf08b34 8964
libmediainfo_20.09+dfsg-2_source.buildinfo
Files:
ba030f57c5e1f27bcb44c9809edecd3e 2314 libs optional
libmediainfo_20.09+dfsg-2.dsc
cae8fdd2cc33e1dcafba39b8f6693ff9 11472 libs optional
libmediainfo_20.09+dfsg-2.debian.tar.xz
4bf364c3eddbdd57662e31e126537e15 8964 libs optional
libmediainfo_20.09+dfsg-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEEuDQnfs/9/dZ027Q+9UiW1iHUqEFAmBVjbgACgkQ+9UiW1iH
UqE8GQ/7BmANXSoGA5K990oRGITxHsmbRrsbXF65l9jfkU+NvANtkS5CJGfvXMRz
qJYMFegLdZAGlzfqxoQGzDIiCGAP/MnfgLiO9jQ2gNp17Yjivhx8JMvbAfnjq7X9
IW8ZfwsHfOQPRgFSSvzdDYfHy52jNrfoTCRG5kXitVGN4TZ/wq5ix6JptzX5dnn6
gRNpisj6O/d6ns24NllAL+D7SPrHxV+f9GQdD4u7asjQH/VJ9b0xNxU32fBi6ra7
TyQxI7eAABUIZ7Zzai/2gSd5Odqu2KZNNKUf/qwWwQvNehYhchwiV2RXAva6LHD2
QwAMW6w3qBIIMHyySiFb42zqDv94rSnjc1u09Tg1gJi+aA4+KoFN6fOThaJAlYhL
vQuakF0xbvssFoaVBo+BIu7d3lsqdXCLiO6irL9p9+bqOCraHntGETpnaP3pcYQV
eorY2+Z2xBCaxFSl+wwIRnCCmqvI/eH1Ax4H8Na4xNVMeASVH7mz8NrMARJ6b0eq
RwBvnFyAeG4xy8fWtoWcX1fu+3aiOofOw4vOwHwoRGJaRqojeENumt36aNB5fwtW
W4tPQ3wW1m9RPsKQNOSUvx9fDo4NWx51dsD6LFVees7u78XtQG2E9/4RJfBNqLC1
s6CvqPjUTwBRGSfJSCVgMIzXIFVmlwRssX8e90AgSBA23O247u0=
=dcRK
-----END PGP SIGNATURE-----
--- End Message ---
