Your message dated Thu, 24 Mar 2016 23:18:03 +0000
with message-id <[email protected]>
and subject line Bug#804445: fixed in libsndfile 1.0.25-9.1+deb8u1
has caused the Debian Bug report #804445,
regarding libsndfile: CVE-2015-7805: Heap overflow vulnerability when parsing
specially crafted AIFF header
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
804445: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804445
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libsndfile
Version: 1.0.25-5
Severity: grave
Tags: security upstream
Hi,
(Setting severity to grave for now, but not fully evaluated)
The following vulnerability was published for libsndfile.
CVE-2015-7805[0]:
| Heap overflow vulnerability when parsing specially crafted AIFF
| header
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-7805
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1277897
[2] https://bugzilla.novell.com/show_bug.cgi?id=953516
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libsndfile
Source-Version: 1.0.25-9.1+deb8u1
We believe that the bug you reported is fixed in the latest version of
libsndfile, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <[email protected]> (supplier of updated libsndfile package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 23 Mar 2016 00:34:11 +0100
Source: libsndfile
Binary: libsndfile1-dev libsndfile1 sndfile-programs libsndfile1-dbg
sndfile-programs-dbg
Architecture: source amd64
Version: 1.0.25-9.1+deb8u1
Distribution: jessie
Urgency: medium
Maintainer: Erik de Castro Lopo <[email protected]>
Changed-By: Moritz Mühlenhoff <[email protected]>
Description:
libsndfile1 - Library for reading/writing audio files
libsndfile1-dbg - debugging symbols for libsndfile
libsndfile1-dev - Development files for libsndfile; a library for
reading/writing a
sndfile-programs - Sample programs that use libsndfile
sndfile-programs-dbg - debugging symbols for sndfile-programs
Closes: 804445 804447
Changes:
libsndfile (1.0.25-9.1+deb8u1) jessie; urgency=medium
.
* Fix denial of service through division by zero (CVE-2014-9756)
-> 03_file_io_divide_by_zero.diff (Closes: #804447)
* Fix heap overflow in AIFF parser (CVE-2015-7805)
-> 04_fix_aiff_heap_overflow.diff (Closes: #804445)
Checksums-Sha1:
64cc465e0af1f9dc2bb77a34e8ef37337a8e47f8 2139 libsndfile_1.0.25-9.1+deb8u1.dsc
b6e2375a06200a5ae36546fdefdbdb57fb5b6bef 12108
libsndfile_1.0.25-9.1+deb8u1.debian.tar.xz
7d3d3c1ce17ed4ac3faf9495ed190c19c6e58aef 702674
libsndfile1-dev_1.0.25-9.1+deb8u1_amd64.deb
43e120d90f3885488389ca948fca2f3e3929473d 214796
libsndfile1_1.0.25-9.1+deb8u1_amd64.deb
c21ca839d4819a6a087794de9a287ce7762e3c06 109180
sndfile-programs_1.0.25-9.1+deb8u1_amd64.deb
2f7a01c7a2fa77f81ecad3987385d90a305d3a25 345820
libsndfile1-dbg_1.0.25-9.1+deb8u1_amd64.deb
1c4f9db4a4e626b3aac018ca6c8284cc428c9b87 138434
sndfile-programs-dbg_1.0.25-9.1+deb8u1_amd64.deb
Checksums-Sha256:
441513a750ed084d7fdc176d267893b9c71d5da43a896d9728738ac69e8b9bc2 2139
libsndfile_1.0.25-9.1+deb8u1.dsc
a50b9b97d65ba03444f765402e91b878368cf9d6096fdf8635d12d9f4d64b6a1 12108
libsndfile_1.0.25-9.1+deb8u1.debian.tar.xz
09c8ab6cbd8609eaaae2b8ade0c49295a9e4050c1fd8ae509f4d12257aa0974d 702674
libsndfile1-dev_1.0.25-9.1+deb8u1_amd64.deb
380f699ef71bf56689d85b3870c198ba233dfb631b9c0318e1107be507fecaff 214796
libsndfile1_1.0.25-9.1+deb8u1_amd64.deb
d58f3316dd439b536e1684545b6b2a18ef2ba09431f12c9ba5c0c1122857c1ce 109180
sndfile-programs_1.0.25-9.1+deb8u1_amd64.deb
815f6a5cbccc7e25007cbdc9f3a1aed14af22e27f15ecdcd54c84253be9d637e 345820
libsndfile1-dbg_1.0.25-9.1+deb8u1_amd64.deb
52ea43d5c26703751c8dc3d51e71906fed71a7f2263f8da341e96ad2d2e90ecd 138434
sndfile-programs-dbg_1.0.25-9.1+deb8u1_amd64.deb
Files:
b14c99650eb21b67f8985d7bbb4dfa12 2139 devel optional
libsndfile_1.0.25-9.1+deb8u1.dsc
39f22a077d20a5f4af5ec052b3ce6d70 12108 devel optional
libsndfile_1.0.25-9.1+deb8u1.debian.tar.xz
c0098f8c0135c920bdfdd4b5ade64864 702674 libdevel optional
libsndfile1-dev_1.0.25-9.1+deb8u1_amd64.deb
6dfbd0fb0b76b9a79b9f8b4e614874e1 214796 libs optional
libsndfile1_1.0.25-9.1+deb8u1_amd64.deb
822e7c9719f9d4c90bc641c97ffe7f6d 109180 utils optional
sndfile-programs_1.0.25-9.1+deb8u1_amd64.deb
708dc713eaf9f11f1ca07a32067b3eba 345820 debug extra
libsndfile1-dbg_1.0.25-9.1+deb8u1_amd64.deb
8b75409125a8e99a47c4a06b38160b9b 138434 debug extra
sndfile-programs-dbg_1.0.25-9.1+deb8u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJW8xvvAAoJEBDCk7bDfE42wdIP/0Ea8agrw93ii/KOmch7sMKR
LbFtXcZ62vh1zJQc4fNaypPqXtOJB4qC9Bz58W6WbGLz+t3ylNyE56xcLGEG0+fh
FbmonSH3A/9lKMo0vL5VC8+G+HtMdYbSijEGrGQXIhQDile5476iwZW5KJzl0tOu
IwJ+DkUGM6/iMU76D7Y9dZrs/1t7CjFUqA/SN2TGLFhIP7x485+oir+OLMVaPvwV
JV0K5xG/d9v6H/66d4rB6jrZrA2qQ/XYIlmFv5qzoAsjWEEx9tRY1AHQ8pSLYAei
YvN/pWEISK5o3ogsJCJGOElBnUcmP2fpCksw2wVDwJC7lgIte/r2GLbHqA7vk4Y/
EMTTROPZ0dTPbzjbiqfrZ8XUuowJMutGuKg9C9N/6EZjLlBT1AmYQ80rXv9WyWKU
ICq5o004Kvezm4ARGhbrLPyZKSheXowQcDQPmWSlbI5vMFVNonNbnsdNtU/ycHDF
Hthmks4KFiHw8h/H3BzXwnjyo09WcKeNbvcp9surn6eV/Tqa+n9+9wmJU56Tzq/6
Y7pANrQhhZWNDbZqnnJptjRr4PWHRIqCxoFUPfnPb95TdH+zMRodtssNCKTdiHiP
bayObi6NWcytbtdstGDt+IZB3eEHwVkFQor/htB6MyLVncnN+9XeHH7AWcT18ELD
Fsm7/VMZYxxqkXHXnwUI
=rE8O
-----END PGP SIGNATURE-----
--- End Message ---
