Bug#528650: marked as done (libsndfile1: Potential heap overflow in all versions <= 1.0.19)

Debian Bug Tracking System Tue, 19 May 2009 03:47:39 -0700

Your message dated Tue, 19 May 2009 09:48:51 +0000
with message-id <[email protected]>
and subject line Bug#528650: fixed in libsndfile 1.0.20-1
has caused the Debian Bug report #528650,
regarding libsndfile1: Potential heap overflow in all versions <= 1.0.19
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
528650: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528650
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: libsndfile1
Severity: normal
Tags: patch


Potential heap overflow as described here:

    http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/rel_20.html

The blog post also links to patches for all versions of libsndfile from
1.0.15 to  1.0.19 inclusive.


-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/1 CPU core)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=ANSI_X3.4-1968) 
(ignored: LC_ALL set to POSIX)
Shell: /bin/sh linked to /bin/bash

--- End Message ---

--- Begin Message ---

Source: libsndfile
Source-Version: 1.0.20-1

We believe that the bug you reported is fixed in the latest version of
libsndfile, which is due to be installed in the Debian FTP archive:

libsndfile1-dev_1.0.20-1_i386.deb
  to pool/main/libs/libsndfile/libsndfile1-dev_1.0.20-1_i386.deb
libsndfile1_1.0.20-1_i386.deb
  to pool/main/libs/libsndfile/libsndfile1_1.0.20-1_i386.deb
libsndfile_1.0.20-1.diff.gz
  to pool/main/libs/libsndfile/libsndfile_1.0.20-1.diff.gz
libsndfile_1.0.20-1.dsc
  to pool/main/libs/libsndfile/libsndfile_1.0.20-1.dsc
libsndfile_1.0.20.orig.tar.gz
  to pool/main/libs/libsndfile/libsndfile_1.0.20.orig.tar.gz
sndfile-programs_1.0.20-1_i386.deb
  to pool/main/libs/libsndfile/sndfile-programs_1.0.20-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Samuel Mimram <[email protected]> (supplier of updated libsndfile package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 19 May 2009 09:13:56 +0200
Source: libsndfile
Binary: libsndfile1-dev libsndfile1 sndfile-programs
Architecture: source i386
Version: 1.0.20-1
Distribution: unstable
Urgency: low
Maintainer: Samuel Mimram <[email protected]>
Changed-By: Samuel Mimram <[email protected]>
Description: 
 libsndfile1 - Library for reading/writing audio files
 libsndfile1-dev - Library for reading/writing audio files
 sndfile-programs - Sample programs that use libsndfile
Closes: 528650
Changes: 
 libsndfile (1.0.20-1) unstable; urgency=low
 .
   * New upstream release.
   * Fixes potential heap overflows on VOC and AIFF files, closes: #528650.
Checksums-Sha1: 
 bac2a0716a30945e736bc1bc04b211126cf87b84 1181 libsndfile_1.0.20-1.dsc
 d4f88b919c644f54dd4038c4cf4fb2e7b0d32f7b 927422 libsndfile_1.0.20.orig.tar.gz
 b850e8ab3aacc5ca87ceaf9cfc0235a4a18fe934 6238 libsndfile_1.0.20-1.diff.gz
 f9310e74a7d1be344f16a228bed055f996ab5269 352132 
libsndfile1-dev_1.0.20-1_i386.deb
 28855d71899cc72f6bf136c3b257731d93c32c28 227984 libsndfile1_1.0.20-1_i386.deb
 d19fac4aecf7bfd507d6e25634861a2906f98e43 99960 
sndfile-programs_1.0.20-1_i386.deb
Checksums-Sha256: 
 ec0919d06b3fd16688fcce053486cfdfc5a7077c9d0c6f57590c955aeae20e78 1181 
libsndfile_1.0.20-1.dsc
 7517eb966579f8814b5efe307cb919c5b4e7b5c6729209ba1da95f31e8368dc7 927422 
libsndfile_1.0.20.orig.tar.gz
 b4c6df0c8fe6fa1de02a650370d9fe92cd64f75f9635aac15919289ff9271b56 6238 
libsndfile_1.0.20-1.diff.gz
 2a348b81f8876bc7cb9e767e40b58c0fe6a85280aecd7f912b52dde19d217050 352132 
libsndfile1-dev_1.0.20-1_i386.deb
 4cfc2f5925efd11ba049804514f9d88d9c82820f34c4f6fab4a875a2b96def06 227984 
libsndfile1_1.0.20-1_i386.deb
 dd5bb911d1d0bdf4d9da2b5041deb6191d5252406817210f6069c84808865bd6 99960 
sndfile-programs_1.0.20-1_i386.deb
Files: 
 0f01782e9950859dfe7f56d6538ed26a 1181 devel optional libsndfile_1.0.20-1.dsc
 e0553e12c7a467af44693e95e2eac668 927422 devel optional 
libsndfile_1.0.20.orig.tar.gz
 00338bffba9ff8053a378a7e7e853129 6238 devel optional 
libsndfile_1.0.20-1.diff.gz
 f3bfe665a2832538d4ec2fe0bec50d24 352132 libdevel optional 
libsndfile1-dev_1.0.20-1_i386.deb
 9ff51cff5f4df3fa0efe577fd366f2c0 227984 libs optional 
libsndfile1_1.0.20-1_i386.deb
 a024621aff1d99c215ea92c532c85194 99960 utils optional 
sndfile-programs_1.0.20-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkoSfN4ACgkQIae1O4AJae9P8QCfS4eCXj/H3n84ZOhqjYg7QwRP
2t8Anj2xNtIVT5LYIj2k4Ha5cvYXsXOX
=rAvC
-----END PGP SIGNATURE-----

--- End Message ---

Bug#528650: marked as done (libsndfile1: Potential heap overflow in all versions <= 1.0.19)

Reply via email to