Your message dated Wed, 19 Mar 2014 11:33:03 +0100
with message-id <[email protected]>
and subject line Re: Bug#742112: RM: mp3gain/1.5.2-r2-5
has caused the Debian Bug report #742112,
regarding RM: mp3gain/1.5.2-r2-5
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
742112: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742112
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: rm
As described in the 'serious' bug I just filed against it, mp3gain
contains a 10ish-year-old embedded code copy of mpglib (originating from
src:mpg123, I think) with known buffer overflows (including 'grave' bug
#740268).
I've just uploaded 1.5.2-r2-6 to fix the known buffer overflows, but
the coding style is such that there are probably more exploitable overflows
that we don't know about, so I don't think it should be in jessie.
I might ask the ftp-masters to remove it from unstable at some
point, but for the moment I think it'll be easier to do
stable updates if it still exists in unstable, so I'm only
asking for testing removal right now.
Thanks,
S
--- End Message ---
--- Begin Message ---
Simon McVittie <[email protected]> (2014-03-19):
> Package: release.debian.org
> Severity: normal
> User: [email protected]
> Usertags: rm
>
> As described in the 'serious' bug I just filed against it, mp3gain
> contains a 10ish-year-old embedded code copy of mpglib (originating from
> src:mpg123, I think) with known buffer overflows (including 'grave' bug
> #740268).
>
> I've just uploaded 1.5.2-r2-6 to fix the known buffer overflows, but
> the coding style is such that there are probably more exploitable overflows
> that we don't know about, so I don't think it should be in jessie.
The following should do:
kibi@franck:~$ head -4 hints/kibi
# 2014-03-19
# RoM: #742112
remove mp3gain/1.5.2-r2-5
block mp3gain
Thanks for your report, closing accordingly.
Mraw,
KiBi.
signature.asc
Description: Digital signature
--- End Message ---
