Your message dated Mon, 27 Feb 2017 23:03:37 +0000
with message-id <[email protected]>
and subject line Bug#855099: fixed in libquicktime 2:1.2.4-10
has caused the Debian Bug report #855099,
regarding libquicktime: CVE-2016-2399
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
855099: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855099
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libquicktime
Version: 2:1.2.4-7
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for libquicktime.
CVE-2016-2399[0]:
| Integer overflow in the quicktime_read_pascal function in libquicktime
| 1.2.4 and earlier allows remote attackers to cause a denial of service
| or possibly have other unspecified impact via a crafted hdlr MP4 atom.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-2399
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libquicktime
Source-Version: 2:1.2.4-10
We believe that the bug you reported is fixed in the latest version of
libquicktime, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Balint Reczey <[email protected]> (supplier of updated libquicktime
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 27 Feb 2017 23:15:30 +0100
Source: libquicktime
Binary: libquicktime2 libquicktime-dev libquicktime-doc quicktime-utils
quicktime-x11utils
Architecture: source
Version: 2:1.2.4-10
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers
<[email protected]>
Changed-By: Balint Reczey <[email protected]>
Description:
libquicktime-dev - library for reading and writing Quicktime files
(development)
libquicktime-doc - library for reading and writing Quicktime files
(documentation)
libquicktime2 - library for reading and writing Quicktime files
quicktime-utils - library for reading and writing Quicktime files (utilities)
quicktime-x11utils - library for reading and writing Quicktime files (x11
utilities)
Closes: 855099
Changes:
libquicktime (2:1.2.4-10) unstable; urgency=medium
.
* Fix integer overflow in the quicktime_read_pascal function (CVE-2016-2399)
(Closes: #855099)
Checksums-Sha1:
1409f04a43b715c9bd910bf328b701c81886378c 2686 libquicktime_1.2.4-10.dsc
924c8f16d2655e9e636eab21c0c55615752c3a0d 21464
libquicktime_1.2.4-10.debian.tar.xz
Checksums-Sha256:
cb6880d2518d255e42f5143b0d19ac6b389185ea77cc81364932d215d5407937 2686
libquicktime_1.2.4-10.dsc
550cc827c675aeb37727f6daaa311b649246dc9f952e830f0796c25af1137340 21464
libquicktime_1.2.4-10.debian.tar.xz
Files:
b12c93efefc9c6517e231d3abc05557a 2686 devel optional libquicktime_1.2.4-10.dsc
778638b7b20c1a0f5c260d5ec1b83f5b 21464 devel optional
libquicktime_1.2.4-10.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJYtKwTAAoJEPZk0la0aRp9lUYP/2lHamthtVvoMU5ac+abkIca
FVZbWtgOO3wXYbez/VI9pYao0l6uC849hInr6HR+GEc2TYmO+lOZlbgFqBt9JEjX
jBzJ+7sUEBQj2dw3UfbLtOX5MPlI5nvFcLfcOb+KU0jpZcaguygHSLat6DWd/l7k
d2REzj0XTjR7PpZh7vYD6FqipVGd037IOAzRiF9KuA3KJjKGqhylXaqD17THrqbc
AiAS2ic8tegIOIfHT7PGqZnUxAByZR5z14QERu+2MvkTUaAu4MBEMPpWcUiss8/x
hUo5cyNkY/qxV68EeC0NctTwlH3m/X4oEMhJR9n0NhHD/LGpxnIahF3aqzIKGs9b
TJ894wM/6pDCmY2qofnHj19IDeV9TUpaGul9h4kMHbBB3j2AMN7vGLb2Q8sRsJc+
Uk9N38vT9HsarFUowVJqsJyYMj+W80N7JtC0b8Wn6wzib0bdXlJv/JAQvaAP7v00
oFUGS4xClSwGu/P/h0KheZcH4mWQL5VHiWV2bjuccg8cclVF7ZQmFYa0/LJ/u/Ra
5Avdd0qOp/HTwXDofkv4n6GvWo3Xp+pPiviyk6/3uu1+lhbs1sfChPe53wsJEa/o
4UAd/oct1v8SFyTpp47NpOUNxZILFQZAzD6o/17rTAXBd5fjOMBckKxll+lhTfLM
IfCF2z/+MH1GppfBLQ8y
=htay
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
pkg-multimedia-maintainers mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
