Your message dated Wed, 07 May 2014 22:47:43 +0000
with message-id <[email protected]>
and subject line Bug#745301: fixed in libmms 0.6-1+squeeze2
has caused the Debian Bug report #745301,
regarding libmms: CVE-2014-2892: heap-based buffer overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
745301: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745301
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libmms
Version: 0.6-1
Severity: grave
Tags: security upstream fixed-upstream
Hi,
the following vulnerability was published for libmms.
CVE-2014-2892[0]:
heap-based buffer overflow
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2892
https://security-tracker.debian.org/tracker/CVE-2014-2892
[1]
http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libmms
Source-Version: 0.6-1+squeeze2
We believe that the bug you reported is fixed in the latest version of
libmms, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastian Ramacher <[email protected]> (supplier of updated libmms package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 25 Apr 2014 16:14:59 +0200
Source: libmms
Binary: libmms-dev libmms0
Architecture: source amd64
Version: 0.6-1+squeeze2
Distribution: squeeze-security
Urgency: high
Maintainer: Debian Multimedia Packages Maintainers
<[email protected]>
Changed-By: Sebastian Ramacher <[email protected]>
Description:
libmms-dev - MMS stream protocol library - development files
libmms0 - MMS stream protocol library - shared library
Closes: 745301
Changes:
libmms (0.6-1+squeeze2) squeeze-security; urgency=high
.
* Team upload.
* debian/patches/0002-CVE-2014-2892.patch: Apply upstream patch for
CVE-2014-2892. (Closes: #745301)
Checksums-Sha1:
41e7f99078a26738ff404beedbb635ac535343c0 1984 libmms_0.6-1+squeeze2.dsc
d93b9c27e6c83f288e1672029aa3c081270b669b 334519 libmms_0.6.orig.tar.gz
336e2719c6f68c215846a42da7fe8c48bb18bd0a 8999 libmms_0.6-1+squeeze2.diff.gz
adef3a06656c6313a3eec05457aef21caaefbdce 47834
libmms-dev_0.6-1+squeeze2_amd64.deb
6a8d6e23c24adba0137e89c30eeb5a4aaf3f0cae 39092 libmms0_0.6-1+squeeze2_amd64.deb
Checksums-Sha256:
caf98eefaa9ab50d76eed75941df9b397a4383b7dc97d571ef8159f52407d2b2 1984
libmms_0.6-1+squeeze2.dsc
1f894f33b5e0334bd7c75343480bdf3a9cf79232aa92085c03f1a67e7d4ceb9d 334519
libmms_0.6.orig.tar.gz
776ee68601fabb86a03e5959c6cecec14049c28913da870492cad1bb2a9cb75e 8999
libmms_0.6-1+squeeze2.diff.gz
02d2566a9af4c2c2dc9a16ad544fe71e8d72a76b75a38a05f560a43c5df746ae 47834
libmms-dev_0.6-1+squeeze2_amd64.deb
9c27dc4a5e6db66b97e14dc7c4d55588a62c8c44057b3a32fcb9278dc200ad00 39092
libmms0_0.6-1+squeeze2_amd64.deb
Files:
65a0affe6f41579f23cc9b11855c3af3 1984 libs optional libmms_0.6-1+squeeze2.dsc
650ad04a4c8bd79246390b81b29680b6 334519 libs optional libmms_0.6.orig.tar.gz
fce90ebcc71a94d652a20ed00906d8cf 8999 libs optional
libmms_0.6-1+squeeze2.diff.gz
85f3b9925e084ba86dc8947e239b50aa 47834 libdevel optional
libmms-dev_0.6-1+squeeze2_amd64.deb
2614a0817ec3dde069dfc7e11bdf1e4b 39092 libs optional
libmms0_0.6-1+squeeze2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJTWnxJAAoJEGny/FFupxmTeq8P/R57h+jnsSOMu8qVDlRpuMXG
Ib6EZHTI2WM2Quu6we8UtItyb9/LhtWhrF1xyio5d7gkjR46elGflBP3totsV22t
AJCbON5lhOYxxCj9ndvk6WPTJi64Z7xYwnYdrCfZeNJQMegTuNmVmOSKcvPbV5e5
BzUWC8N2xjj/ocB+8NUOclYIvijZxlMBMa439xWUchCnkcXT+TQN0mAojy3gaDk3
55b/icmCNeC7w1luRFQNGuD508ThgmXMmfmMeQ3bu5P7ljpBGQyK2FYsZ17Zvhns
Zd8f+/fmQXincwUeL/8vdMaZxDQP4NQh9ecJ4IYM09nMIWTdMl1ZUKwbQtjXcAAT
9WlYtVk1X3gHXJbSYcTjK8kfu+WAAiNupLhR0/pUGz6zcqwYZxk1Ulr4dut0k1qY
6ENfUuJ9KgfGYZi9Kw7/ZWcnfLj2rKRGp1QFFC6je8p7DSg1HDf4t59FObDnIG6l
pFomKqCRIvwTiaZPcyO3tPjEU4OBtcfnlREtj0pupyw67S13rjZkc/m9pqNgNQvD
gz+B8N1sKtZsByDQ/kTSQ03ab+aUJckIRbwSSYrwYrWzY3CC7LgbDPLIEW0UaJgz
PwZqAS+AeR6Q370CDGipjZKn2LJ9swnJMNLPueu13n9po6ck5fWSW+uCFU+L/Y6n
8yT67kIUngZ8sGer4FiO
=9kJs
-----END PGP SIGNATURE-----
--- End Message ---
