Your message dated Wed, 30 Aug 2006 23:05:16 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#361863: fixed in mpg123 0.59r-20sarge1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: mpg123
Version: 0.59r-21
Severity: grave
Tags: security
cite:
"Unspecified vulnerability in mpg123 0.59r allows user-complicit
attackers to trigger a segmentation fault and possibly have other
impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE:
this issue might be related to CVE-2004-0991, but it is not clear."
Version 0.59r-21 should be fixed against CVE-2004-0991 but segfaults
with the poc-exploit. So it seems to be a different vulnerability
than CVE-2004-0991.
gdb says the segfault is in layer3.c:1185, but debugging this is beyond
me.
If you fix it, please mention the CVE-id in the changelog.
--- End Message ---
--- Begin Message ---
Source: mpg123
Source-Version: 0.59r-20sarge1
We believe that the bug you reported is fixed in the latest version of
mpg123, which is due to be installed in the Debian FTP archive:
mpg123-esd_0.59r-20sarge1_alpha.deb
to pool/non-free/m/mpg123/mpg123-esd_0.59r-20sarge1_alpha.deb
mpg123-esd_0.59r-20sarge1_i386.deb
to pool/non-free/m/mpg123/mpg123-esd_0.59r-20sarge1_i386.deb
mpg123-esd_0.59r-20sarge1_powerpc.deb
to pool/non-free/m/mpg123/mpg123-esd_0.59r-20sarge1_powerpc.deb
mpg123-nas_0.59r-20sarge1_i386.deb
to pool/non-free/m/mpg123/mpg123-nas_0.59r-20sarge1_i386.deb
mpg123-oss-3dnow_0.59r-20sarge1_i386.deb
to pool/non-free/m/mpg123/mpg123-oss-3dnow_0.59r-20sarge1_i386.deb
mpg123-oss-i486_0.59r-20sarge1_i386.deb
to pool/non-free/m/mpg123/mpg123-oss-i486_0.59r-20sarge1_i386.deb
mpg123_0.59r-20sarge1.diff.gz
to pool/non-free/m/mpg123/mpg123_0.59r-20sarge1.diff.gz
mpg123_0.59r-20sarge1.dsc
to pool/non-free/m/mpg123/mpg123_0.59r-20sarge1.dsc
mpg123_0.59r-20sarge1_alpha.deb
to pool/non-free/m/mpg123/mpg123_0.59r-20sarge1_alpha.deb
mpg123_0.59r-20sarge1_arm.deb
to pool/non-free/m/mpg123/mpg123_0.59r-20sarge1_arm.deb
mpg123_0.59r-20sarge1_hppa.deb
to pool/non-free/m/mpg123/mpg123_0.59r-20sarge1_hppa.deb
mpg123_0.59r-20sarge1_i386.deb
to pool/non-free/m/mpg123/mpg123_0.59r-20sarge1_i386.deb
mpg123_0.59r-20sarge1_m68k.deb
to pool/non-free/m/mpg123/mpg123_0.59r-20sarge1_m68k.deb
mpg123_0.59r-20sarge1_powerpc.deb
to pool/non-free/m/mpg123/mpg123_0.59r-20sarge1_powerpc.deb
mpg123_0.59r-20sarge1_sparc.deb
to pool/non-free/m/mpg123/mpg123_0.59r-20sarge1_sparc.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Kobras <[EMAIL PROTECTED]> (supplier of updated mpg123 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 3 May 2006 16:59:50 +0200
Source: mpg123
Binary: mpg123-esd mpg123-oss-3dnow mpg123-nas mpg123-oss-i486 mpg123
Architecture: alpha arm hppa i386 m68k powerpc source sparc
Version: 0.59r-20sarge1
Distribution: stable-security
Urgency: high
Maintainer: Daniel Kobras <[EMAIL PROTECTED]>
Changed-By: Daniel Kobras <[EMAIL PROTECTED]>
Description:
mpg123 - MPEG layer 1/2/3 audio player
mpg123-esd - MPEG layer 1/2/3 audio player with Esound support
Closes: 361863
Changes:
mpg123 (0.59r-20sarge1) stable-security; urgency=high
.
* layer3.c: Fix buffer overflow in III_i_stereo() (CVE-2006-1655).
Closes: #361863
Files:
04843c3a016782384e2dc5ae987a365d 98058 non-free/sound optional
mpg123-esd_0.59r-20sarge1_powerpc.deb
3119adeed1228f6bd10c3f7100a308e0 41527 non-free/sound optional
mpg123_0.59r-20sarge1.diff.gz
3cc30d3290684dbce40e71acec6202ad 91586 non-free/sound optional
mpg123_0.59r-20sarge1_sparc.deb
54462dbc34ad9fbbfce90fec5608e79f 87232 non-free/sound optional
mpg123-esd_0.59r-20sarge1_i386.deb
55e68e2a8a4ad452d9078d26550fcd3b 124814 non-free/sound optional
mpg123-esd_0.59r-20sarge1_alpha.deb
5f04ef0d8a5ae5c30f3acdc0c00b0927 101702 non-free/sound optional
mpg123_0.59r-20sarge1_hppa.deb
ba026638de21be9fa5061056bd53a43d 751 non-free/sound optional
mpg123_0.59r-20sarge1.dsc
82ab3c03fc9256ad5e5049152a8c00fc 102068 non-free/sound optional
mpg123_0.59r-20sarge1_arm.deb
95df59ad1651dd2346d49fafc83747e7 159028 non-free/sound optional
mpg123_0.59r.orig.tar.gz
a072702eaf20b77fd0438ffeb28eede9 87160 non-free/sound optional
mpg123_0.59r-20sarge1_i386.deb
b9ea8480d28e09e27673072ade3021e3 124974 non-free/sound optional
mpg123_0.59r-20sarge1_alpha.deb
c4d04e08d4326ec2e734675922dd8f61 90148 non-free/sound optional
mpg123-nas_0.59r-20sarge1_i386.deb
cf2cf30c6c4d4b912c4585979c823eab 96536 non-free/sound optional
mpg123_0.59r-20sarge1_powerpc.deb
e7b3d76e2e011f2f6e70630e0cb15737 93850 non-free/sound optional
mpg123-oss-i486_0.59r-20sarge1_i386.deb
e8166266d16a7f503547217a58d871bb 90392 non-free/sound optional
mpg123-oss-3dnow_0.59r-20sarge1_i386.deb
e81a61a8c84c0a776655501b3cfff93c 80232 non-free/sound optional
mpg123_0.59r-20sarge1_m68k.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEdFyspOKIA4m/fisRAjVfAKCDK+eLiG/K4vboiJ82vpwjkI1wJQCg4nTc
pkamgpljz0VlXKU0MsbCBWU=
=d/yK
-----END PGP SIGNATURE-----
--- End Message ---
