Your message dated Tue, 18 Jun 2019 21:50:15 +0000 with message-id <[email protected]> and subject line Bug#930276: fixed in vlc 3.0.7-0+deb9u1 has caused the Debian Bug report #930276, regarding vlc: multiple vulnerabilities fixed in 3.0.7 release to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 930276: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930276 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Source: vlc Version: 3.0.6-1 Severity: grave Tags: security upstream Justification: user security hole Control: fixed -1 3.0.7-1 Control: found -1 3.0.6-0+deb9u1 Hi Given there are no CVEs for the repsective issues (so far) add a single tracking bug in the BTS to get a reference, fixed already in 3.0.7-1 in unstable: vlc (3.0.7-1) unstable; urgency=high . * New upstream release. - Fix multiple integer overflows. - Fix multiple buffer overflows. - Fix use-after-free issue. - Fix NULL pointer dereference. - Fix other memory access bugs and infinite loops. * debian/rules: Be explicit about --enable-debug/disable-debug. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: vlc Source-Version: 3.0.7-0+deb9u1 We believe that the bug you reported is fixed in the latest version of vlc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sebastian Ramacher <[email protected]> (supplier of updated vlc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 09 Jun 2019 22:00:27 +0200 Source: vlc Binary: vlc libvlc-dev libvlc5 libvlccore-dev libvlccore9 libvlc-bin vlc-bin vlc-data vlc-l10n vlc-plugin-base vlc-plugin-access-extra vlc-plugin-video-output vlc-plugin-video-splitter vlc-plugin-visualization vlc-plugin-skins2 vlc-plugin-qt vlc-plugin-fluidsynth vlc-plugin-jack vlc-plugin-notify vlc-plugin-svg vlc-plugin-samba vlc-nox vlc-plugin-zvbi Architecture: source Version: 3.0.7-0+deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Debian Multimedia Maintainers <[email protected]> Changed-By: Sebastian Ramacher <[email protected]> Description: libvlc-bin - tools for VLC's base library libvlc-dev - development files for libvlc libvlc5 - multimedia player and streamer library libvlccore-dev - development files for libvlccore libvlccore9 - base library for VLC and its modules vlc - multimedia player and streamer vlc-bin - binaries from VLC vlc-data - Common data for VLC vlc-l10n - Translations for VLC vlc-nox - transitional dummy package vlc-plugin-access-extra - multimedia player and streamer (extra access plugins) vlc-plugin-base - multimedia player and streamer (base plugins) vlc-plugin-fluidsynth - FluidSynth plugin for VLC vlc-plugin-jack - Jack audio plugins for VLC vlc-plugin-notify - LibNotify plugin for VLC vlc-plugin-qt - multimedia player and streamer (Qt plugin) vlc-plugin-samba - Samba plugin for VLC vlc-plugin-skins2 - multimedia player and streamer (Skins2 plugin) vlc-plugin-svg - SVG plugin for VLC vlc-plugin-video-output - multimedia player and streamer (video output plugins) vlc-plugin-video-splitter - multimedia player and streamer (video splitter plugins) vlc-plugin-visualization - multimedia player and streamer (visualization plugins) vlc-plugin-zvbi - transitional dummy package Closes: 930276 Changes: vlc (3.0.7-0+deb9u1) stretch-security; urgency=medium . * New upstream bug fix release. (Closes: #930276) - Fix multiple integer overflows. - Fix multiple buffer overflows. - Fix use-after-free issue. - Fix NULL pointer dereference. - Fix other memory access bugs and infinite loops. * debian/patches: Removed, included upstream. Checksums-Sha1: fc6d94d4a9bebc84da1b7fb22ac303f1d0095f09 6436 vlc_3.0.7-0+deb9u1.dsc 8c9f96a11199e813ec718c3d1885501a557e336f 26059760 vlc_3.0.7.orig.tar.xz 30a674e9c43acd46f54da004274cf7b642aa45f8 195 vlc_3.0.7.orig.tar.xz.asc aa21a1aee81bf2e5d4d39818fcdfd49b6665f7e4 63152 vlc_3.0.7-0+deb9u1.debian.tar.xz Checksums-Sha256: e53acf5ca79a6d10d426af015f71d2e86ae9b078153c60acb0fa82b7f069f907 6436 vlc_3.0.7-0+deb9u1.dsc 5cb5fe140f0f4bae3e0a613fb5f516270f62e2dbde6de27fa78ea9f43cd73916 26059760 vlc_3.0.7.orig.tar.xz c0a69c9c4a88538456944e7f22957237b7002afe7ae2e19fe0c9fc4b3d12c20f 195 vlc_3.0.7.orig.tar.xz.asc 6f861c3361bcca177275bc770b230f3a24b12648b837f820d060227d8ebcb0f9 63152 vlc_3.0.7-0+deb9u1.debian.tar.xz Files: a15050b009bc5c85518c85cb8e535cb6 6436 video optional vlc_3.0.7-0+deb9u1.dsc 230932ec40185856af28f82ec2e38b8a 26059760 video optional vlc_3.0.7.orig.tar.xz 33997ae674c192df171f1c4868aba7ac 195 video optional vlc_3.0.7.orig.tar.xz.asc bcf314eb53588ee587254acaab29c848 63152 video optional vlc_3.0.7-0+deb9u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAlz9Z5MACgkQafL8UW6n GZNwyQ//ePfs+cOtdLAEaTOwtyCDWBYV+Gw+SREzKtteVjAb9Lz9pP3tVk249eVW KdrxBWaBQpytH3PAqKapJOMBy6QIuB0ytIzoVQmyppf4m9vL/h/O4hWC3xyIlwL5 Qed5Ix0qGd5eJ1B6yl3Dbg7M+77tn+AssAXziAYyvOJ0n3FjvgKKEZXegujSMjdp k9liex5qhJuS/FUzz6vdY0rEPnC5fqC9aNG50Q4vVGzsT/hlPM8zS6f3oG+rfMzk CPvEwNKYGCO7iCIOBcIYFmkiC56kzyV8YQ9q9+DpSfqVB6teEWXtnJKdkurL8Apo +luhZ97ORiDvuRR954g39H2qYt1GEq/KPbWbIyoSdzflAhO9FcYAnJtn7apgMJIU 92e8DKU8jagOCJCh6ny6J65WNy0cS0sfY1rizEfcLfStC0Hp/fSTxXaMDLDJMYA5 pbsNeU7jjG2/yLnA3N5vyaO69N9Xjom6/+Go1e1pWNLwqjXnJaR13bbJkrh+2f80 B/wBpj2rFD+0cGT9xkpdTNF3G225PJ54W71V9rc6V9Z0sqocXnB/kgj0SNbgZECz lNBwirRCMObxNcXQ7dZxOoU2yQuDxHRbR7KgPmA+IoyO4bXwv08sHE1HsC1q82Ct HaflFYImM9S4k5RkYFGAcGfEQK1AFFikCxrnji8P7oko16mtERk= =aO0R -----END PGP SIGNATURE-----
--- End Message ---
