Your message dated Thu, 01 Jan 2026 23:25:50 +0000
with message-id <[email protected]>
and subject line Bug#1124380: fixed in uxplay 1.72.3-1
has caused the Debian Bug report #1124380,
regarding uxplay: CVE-2025-60458
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1124380: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124380
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: uxplay
Version: 1.72.2-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/FDH2/UxPlay/issues/486
https://github.com/FDH2/UxPlay/issues/441
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for uxplay.
CVE-2025-60458[0]:
| UxPlay 1.72 contains a double free vulnerability in its RTSP request
| handling. A specially crafted RTSP TEARDOWN request can trigger
| multiple calls to free() on the same memory address, potentially
| causing a Denial of Service.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-60458
https://www.cve.org/CVERecord?id=CVE-2025-60458
[1] https://github.com/FDH2/UxPlay/issues/486
[2] https://github.com/FDH2/UxPlay/issues/441
[3]
https://github.com/FDH2/UxPlay/commit/747d9ffadfc126c6951eca7eae7063e50a7c3f78
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: uxplay
Source-Version: 1.72.3-1
Done: Alex Myczko <[email protected]>
We believe that the bug you reported is fixed in the latest version of
uxplay, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alex Myczko <[email protected]> (supplier of updated uxplay package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 01 Jan 2026 23:38:02 +0100
Source: uxplay
Architecture: source
Version: 1.72.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Bananas Team <[email protected]>
Changed-By: Alex Myczko <[email protected]>
Closes: 1124380
Changes:
uxplay (1.72.3-1) unstable; urgency=medium
.
* New upstream version. (Closes: #1124380) (CVE-2025-60458)
* d/copyright: bump year.
* d/watch: update to version 5.
Checksums-Sha1:
de796dfecd456e3f179b3e347deeb9d5df7e423c 2048 uxplay_1.72.3-1.dsc
e50ad8dcbdef8c6c62bcb327b4926f9e113e06ef 485311 uxplay_1.72.3.orig.tar.gz
533d0b5e8e70b2404b85a7edde2c19d315c5113c 4620 uxplay_1.72.3-1.debian.tar.xz
e883f9ac363a76af5b907db7c0e81e794f15e369 19666 uxplay_1.72.3-1_source.buildinfo
Checksums-Sha256:
b41252e3c4565138cb99cde02bfda1f5d3ab60d3bb8840117a7fc53ea4f12a4a 2048
uxplay_1.72.3-1.dsc
a2f41c5481c2c3c8f125c38f8142a99d69b21d727be816616b66dd96af9a9c63 485311
uxplay_1.72.3.orig.tar.gz
c51f4e87cbb68fced8ae7b2d1fe9061adb1b213da18352f8584412346a3672fc 4620
uxplay_1.72.3-1.debian.tar.xz
154c4029aaa0c9dc709c0150c296ca766c96b5c7080d58139fb15c831c45a3b0 19666
uxplay_1.72.3-1_source.buildinfo
Files:
deb1386178270829f05d17dce8b7b21a 2048 net optional uxplay_1.72.3-1.dsc
599b23b2d6cbf9a6311e1dadbf2374e6 485311 net optional uxplay_1.72.3.orig.tar.gz
ce373f9ef49479953f69bc309bdddaa0 4620 net optional
uxplay_1.72.3-1.debian.tar.xz
2b16a9a4216b639bfb4dc4b6743f69bf 19666 net optional
uxplay_1.72.3-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtgob82PcExn/Co6JEWhSvN91FcAFAmlW+GMACgkQEWhSvN91
FcBrBhAAmltq7ZeSmDksDHCz1HsIUjGkoX+tEFHQCfaEXjtEXvg5vI8XdjswlPwR
b8el2gnnhAoz4GhYe6cyBviRtivqNF3pLTa9HxtSMTiFUIvXDkTZNeJohavx3Ud6
DPqboogxHkj00R8k1konU9+cPlT4poEj/Oz35xTtFXpZS29ZrhA1wWS7efF35+T6
ieDEsyBRpMlxf/LOiZ7mzCt7SYf/zAi9M5HrkyQrctwe5l7kOqmpSqaEX/JyLK5j
xuWZ3VFT7yo2Nop0EZVtEZR6M2CJ+Yy50l5hZSZTK9VqP6H6XMfuMseP5lLuMhSl
YLF/CK8jnte5lDF6pgjfmphDN7p17fxxYBeYzjT0+Fe3YKjM/laGeUlMr9uV5Gn/
ToW7pFlQoV5kxMVvU202/xO0EQc4TgMR3CJDPQVUxQyAjTrzpwqWIwwzWTXe7fh3
cTf8oAKyvWntOxXC1ZGdkPdRHsgAe+Fa4hpwldQs9om+Wo7ghzT5dCBrAOwi89rS
QjY+fSiIxv0oSQVGt3Qs9iBheSNrO3cDRAG+sWNzHTmKGKoheSKfbaTEdhn89JNT
/vHNFH21C4tsqv0Pcd+Kwh4IO/ej+HGdEoUAB9g4PlnRzGL3Xbon2APoPYwncqaB
tX7qjXudBJ9NgU1zkwo3gYIN9MU9bVqSLiPp+L8hAxy/QbAhDoQ=
=Pxqc
-----END PGP SIGNATURE-----
pgp_WIM_RLN64.pgp
Description: PGP signature
--- End Message ---
