Your message dated Thu, 09 Jul 2026 12:34:09 +0000
with message-id <[email protected]>
and subject line Bug#1141308: fixed in pipewire 1.6.8-1
has caused the Debian Bug report #1141308,
regarding pipewire: CVE-2026-14324
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1141308: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1141308
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: pipewire
X-Debbugs-CC: [email protected]
Severity: important
Tags: security

Hi,

The following vulnerability was published for pipewire.

CVE-2026-14324[0]:
| RAOP module accepts unbounded Content-Length values and does not
| check the pw_array_add() return.

https://bugzilla.redhat.com/show_bug.cgi?id=2495903


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-14324
    https://www.cve.org/CVERecord?id=CVE-2026-14324

Please adjust the affected versions in the BTS as needed.

--- End Message ---
--- Begin Message ---
Source: pipewire
Source-Version: 1.6.8-1
Done: Dylan Aïssi <[email protected]>

We believe that the bug you reported is fixed in the latest version of
pipewire, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dylan Aïssi <[email protected]> (supplier of updated pipewire package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 09 Jul 2026 13:16:15 +0200
Source: pipewire
Architecture: source
Version: 1.6.8-1
Distribution: unstable
Urgency: medium
Maintainer: Utopia Maintenance Team 
<[email protected]>
Changed-By: Dylan Aïssi <[email protected]>
Closes: 1141308
Changes:
 pipewire (1.6.8-1) unstable; urgency=medium
 .
   * New upstream release
     - Fix CVE-2026-14324 (Closes: #1141308)
Checksums-Sha1:
 fb0a938ac5e916bdfaee4a6049c696e9509bb6e4 4895 pipewire_1.6.8-1.dsc
 32e3efe9ee7a07f7242a02e76b25abc84773578d 2748522 pipewire_1.6.8.orig.tar.gz
 6ed5f0148f783f54ccbdb4fe1e8140160affc6cb 30732 pipewire_1.6.8-1.debian.tar.xz
 ca1d241e5b368bd00fc11b49be4b60bdf390d125 30511 pipewire_1.6.8-1_amd64.buildinfo
Checksums-Sha256:
 3e43aa52a3d133069b87553be6e50054d6419f91194777ebae1007d46553313c 4895 
pipewire_1.6.8-1.dsc
 a28f12524d69a8b47feffe31309a6702e45ca4ee54494ff1343d766abf2ec58b 2748522 
pipewire_1.6.8.orig.tar.gz
 f9c602a2566111c4cf76e31e661fd3502e95076523368e24405fafaaff1469e4 30732 
pipewire_1.6.8-1.debian.tar.xz
 9900ecf267adcf47578eb57cb5a956cfd4e3fad03c9e49794fb8a5c0dbb9cea9 30511 
pipewire_1.6.8-1_amd64.buildinfo
Files:
 b9d75ba06c3b3af84a2b64ebfc78d567 4895 libs optional pipewire_1.6.8-1.dsc
 a1b0f1e75a85175cb28e1eacde96f973 2748522 libs optional 
pipewire_1.6.8.orig.tar.gz
 38d49c3cdb7fbe5db922a89b13970bb9 30732 libs optional 
pipewire_1.6.8-1.debian.tar.xz
 181a02bd3e945663eae57afb31323bd4 30511 libs optional 
pipewire_1.6.8-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEmjwHvQbeL0FugTpdYS7xYT4FD1QFAmpPjewACgkQYS7xYT4F
D1SB6Q/9G1zTXA9Tlh2Byf2GR9ME6qd5DgbexVKJQu6UjaPTxb5KUfGF4XnZA9aB
DLobR/lPet3xHGjgW+ojwC06bfkYcxxrBg/aDOGqewV5CGngCjaiJdSjxjmHfZCK
VrOSnAjZrQNqPtc+585oS6eA8djQEjpP6VRX01wW8Nrp2T8VXeC53B3BhKMipOqe
OtPYKZ+eZ//nnY2bY6lGQ3cG9Drf1Fe2dc0IXr18LrR4wrO/iXmvEMtzeMnvCYsi
xNJIi4G8daOfJ69q/Eh9l5VjyMKWuHlOUnDjLoK7UzNCJT0EWeVYDqnuYV5/yxL3
QJuoR3EOORCAk2sBRVqoqthycTaJLTJ3ckGf+/v3YN6b1BHstdDdDhENyx1Pam+O
JJ25CRx7JD4eoFMrO5ECLzI50FVmFaJwSBRfmhmAoqPYhSpV/2/yKUtLJWnkAoSm
TegDx5PRSOb4/XvCxwHbltG6SnkSrtgLNS8oeXXDA6Wd0fuO8BDSmPRwBnYnkotu
JhJPbKkQqWOX4bwwhR2/FMXBSZE3A6q+jmBBXD234YDVVvMiNqvvKcHSsEEliCD6
LhFIixZ0gVaNRuyrZbq9NI/f7cMzkquuuYgZ7CcmOV3xFvRzvhMLtUpuDv85yhTj
TRUT4mnE0Ad+shXWm9F62VP2BCAXpfnIs/qgVRwoF5HHDYmIO6I=
=Rb9s
-----END PGP SIGNATURE-----

Attachment: pgp7ArNAe4Mj_.pgp
Description: PGP signature


--- End Message ---

Reply via email to