Your message dated Fri, 02 May 2025 20:50:53 +0000
with message-id <[email protected]>
and subject line Bug#1038951: fixed in fdkaac 1.0.6-0.1
has caused the Debian Bug report #1038951,
regarding fdkaac: CVE-2023-34823 CVE-2023-34824
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1038951: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038951
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: fdkaac
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for fdkaac.
CVE-2023-34823[0]:
| fdkaac before 1.0.5 was discovered to contain a stack overflow in
| read_callback function in src/main.c.
CVE-2023-34824[1]:
| fdkaac before 1.0.5 was discovered to contain a heap buffer overflow
| in caf_info function in caf_reader.c.
https://github.com/nu774/fdkaac/issues/55
https://github.com/nu774/fdkaac/commit/22dbf72491541aa854835fdf2a9a0d92532728d8
(v1.0.5)
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-34823
https://www.cve.org/CVERecord?id=CVE-2023-34823
[1] https://security-tracker.debian.org/tracker/CVE-2023-34824
https://www.cve.org/CVERecord?id=CVE-2023-34824
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: fdkaac
Source-Version: 1.0.6-0.1
Done: Bastian Germann <[email protected]>
We believe that the bug you reported is fixed in the latest version of
fdkaac, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastian Germann <[email protected]> (supplier of updated fdkaac package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 02 May 2025 22:00:18 +0200
Source: fdkaac
Architecture: source
Version: 1.0.6-0.1
Distribution: unstable
Urgency: medium
Maintainer: Marius Gavrilescu <[email protected]>
Changed-By: Bastian Germann <[email protected]>
Closes: 1017751 1017754 1038951
Changes:
fdkaac (1.0.6-0.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Import new upstream version, fixing CVE-2022-36148, CVE-2022-37781,
CVE-2023-34823, CVE-2023-34824. (Closes: #1017754, #1038951, #1017751)
Checksums-Sha1:
493647998b21227b3a178dec2d9e8d8fd162d611 1675 fdkaac_1.0.6-0.1.dsc
5ecae15d7ab7f7b6fca7092affb98f5767750be2 86614 fdkaac_1.0.6.orig.tar.gz
418edb240956df9f6aee3e394a5b438ce7b9ca8b 3440 fdkaac_1.0.6-0.1.debian.tar.xz
0693506f6e292adc4afc31d9ea7575c79e949e80 5497 fdkaac_1.0.6-0.1_source.buildinfo
Checksums-Sha256:
a7308764fa242e9c9b2c9ab4940668b81d7109c6c14e25f595f263d71da0020c 1675
fdkaac_1.0.6-0.1.dsc
ed34c8dcae3d49d385e1ceaa380c5871cda744402358c61bcb49950a25bfae58 86614
fdkaac_1.0.6.orig.tar.gz
4cd5d560ba92ca0f272545d2c91cd1b92383977e2801675d0f078ec2d53dd66d 3440
fdkaac_1.0.6-0.1.debian.tar.xz
cc2905ed331b72101aca2cd7e878e028972f08e82052dcd63e828cf24c0adfaa 5497
fdkaac_1.0.6-0.1_source.buildinfo
Files:
5bb0491bf35217fa3a68f1b3d9905145 1675 contrib/sound optional
fdkaac_1.0.6-0.1.dsc
01c4cf5a36cecd64f8baba4da195835c 86614 contrib/sound optional
fdkaac_1.0.6.orig.tar.gz
8a94587fbb0c55cf2ac6011aa74e2c17 3440 contrib/sound optional
fdkaac_1.0.6-0.1.debian.tar.xz
0dec591b07a25082e96c26f7c4483432 5497 contrib/sound optional
fdkaac_1.0.6-0.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmgVJT4QHGJhZ2VAZGVi
aWFuLm9yZwAKCRAfXHqLRVZDFLRWDAC3sMb37s4g1s+BqNPFUD/ZPn4wxWBLLtfP
MqZYrD0wkut5dmA6OsoDvJSm68tLF633fAvpPCijbMA1f2dR37QOQSypMMuJJtha
OP0FY9/T3K0x/4kJm4j5Q1W9EWfNpTgSbHD87qjkVcvxLjd56hu9jRVSwOWSAdlu
CU6wxMfob57ZAHiGDkbNBoOAhICfVY7DjRzLDwx028ObG3HYwjDrR5lXF0CYJQQZ
m91vZnExIjgZSvAVd7tI+armcSsIPvY8SyB8g5/o7vz66i6Foe8Vnn09lcTYHPHC
O/Imo7R3UMuUqL2qNnk2DWT0WfD/V9Z0E6QW/bwDhQCOg0mQ/QjxDLSz5uzjQZll
c5gXJgt9hAxFjtDFIPAqYoNd7wVcenRgkep/ekWyIsxa8HA2mvwKV5X2iNB1AV4R
bjG3WVYW6O291h+Bxj28+9s7y+7fBIm4QwBmj4/m0TLG5+merdzZclsAuAA9Ph2L
koMyqy/CtmJcnLvfjioaSbV81cvb4UE=
=u6bd
-----END PGP SIGNATURE-----
pgp_KtLh8dOx6.pgp
Description: PGP signature
--- End Message ---
