Your message dated Thu, 09 Mar 2017 23:18:00 +0000
with message-id <[email protected]>
and subject line Bug#855099: fixed in libquicktime 2:1.2.4-7+deb8u1
has caused the Debian Bug report #855099,
regarding libquicktime: CVE-2016-2399
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
855099: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855099
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libquicktime
Version: 2:1.2.4-7
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for libquicktime.
CVE-2016-2399[0]:
| Integer overflow in the quicktime_read_pascal function in libquicktime
| 1.2.4 and earlier allows remote attackers to cause a denial of service
| or possibly have other unspecified impact via a crafted hdlr MP4 atom.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-2399
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libquicktime
Source-Version: 2:1.2.4-7+deb8u1
We believe that the bug you reported is fixed in the latest version of
libquicktime, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Balint Reczey <[email protected]> (supplier of updated libquicktime
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 28 Feb 2017 00:00:44 +0100
Source: libquicktime
Binary: libquicktime2 libquicktime-dev libquicktime-doc quicktime-utils
quicktime-x11utils
Architecture: source all amd64
Version: 2:1.2.4-7+deb8u1
Distribution: jessie-security
Urgency: medium
Maintainer: Debian Multimedia Maintainers
<[email protected]>
Changed-By: Balint Reczey <[email protected]>
Description:
libquicktime-dev - library for reading and writing Quicktime files
(development)
libquicktime-doc - library for reading and writing Quicktime files
(documentation)
libquicktime2 - library for reading and writing Quicktime files
quicktime-utils - library for reading and writing Quicktime files (utilities)
quicktime-x11utils - library for reading and writing Quicktime files (x11
utilities)
Closes: 855099
Changes:
libquicktime (2:1.2.4-7+deb8u1) jessie-security; urgency=medium
.
* Team Upload
* Fix integer overflow in the quicktime_read_pascal function (CVE-2016-2399)
(Closes: #855099)
Checksums-Sha1:
a8a11d321b79133f3e3c776338a4802e1eaf41cb 2734 libquicktime_1.2.4-7+deb8u1.dsc
7008b2dc27b9b40965bd2df42d39ff4cb8b6305e 1028626 libquicktime_1.2.4.orig.tar.gz
6327606da5d770f89929f7fd1a8e4c5ad2a3613e 18316
libquicktime_1.2.4-7+deb8u1.debian.tar.xz
d1c51f90f644509ad9fa5ed8e2fcd196ca9c2761 122922
libquicktime-doc_1.2.4-7+deb8u1_all.deb
d212290347d064960c8924a40325a302d4f78575 276170
libquicktime2_1.2.4-7+deb8u1_amd64.deb
85ec05372a1cacda291dc95c2f13ec57d58399c6 38918
libquicktime-dev_1.2.4-7+deb8u1_amd64.deb
ea46d50f690beb1b0e3d456a8d853df7bda44a0e 32276
quicktime-utils_1.2.4-7+deb8u1_amd64.deb
ad457565759091b50c20fe125b8f7243c3e6ce66 39774
quicktime-x11utils_1.2.4-7+deb8u1_amd64.deb
Checksums-Sha256:
fb9d2849fc4b4335b6bfd8ca49bd0ae831ed18cebf7ee666e5d437cd200c880c 2734
libquicktime_1.2.4-7+deb8u1.dsc
1c53359c33b31347b4d7b00d3611463fe5e942cae3ec0fefe0d2fd413fd47368 1028626
libquicktime_1.2.4.orig.tar.gz
31490a9d1a635ba7e9a03648be34365c3a794aceb6ee2fabcd05e83cf22881d8 18316
libquicktime_1.2.4-7+deb8u1.debian.tar.xz
2ec97244e54acc1688814c2969bd721e2be9e12c65ead20d8816c5bbdeb1b599 122922
libquicktime-doc_1.2.4-7+deb8u1_all.deb
c13ee2ce300c68631b8a55a9f5488b47d9618ef03bc632a12445bf6c25f729cb 276170
libquicktime2_1.2.4-7+deb8u1_amd64.deb
1082db356a3f2503c07d2a61855720fac34939f3d421678fbfce02e17daf5ab4 38918
libquicktime-dev_1.2.4-7+deb8u1_amd64.deb
28906f945dfb278e3346dfd4c16d52640ddbc18553e0736b01ea986cde942d0a 32276
quicktime-utils_1.2.4-7+deb8u1_amd64.deb
ab7836ee19d51730f132750202375e015b9973acfb547e7363aed219a4f323c1 39774
quicktime-x11utils_1.2.4-7+deb8u1_amd64.deb
Files:
b49b3fd4afbe5f346de526c80486d4c2 2734 devel optional
libquicktime_1.2.4-7+deb8u1.dsc
81cfcebad9b7ee7e7cfbefc861d6d61b 1028626 devel optional
libquicktime_1.2.4.orig.tar.gz
85eb0735fa192c55bef202b800d05efd 18316 devel optional
libquicktime_1.2.4-7+deb8u1.debian.tar.xz
13d7e953778b1c7b3ba9cd1e5b02e101 122922 doc optional
libquicktime-doc_1.2.4-7+deb8u1_all.deb
b19bed5c11a8726a5a2bd87d10ad345d 276170 libs optional
libquicktime2_1.2.4-7+deb8u1_amd64.deb
c2cffc5f7a7ff191067a24ad603cdca7 38918 libdevel optional
libquicktime-dev_1.2.4-7+deb8u1_amd64.deb
ada6287e8155eb0da7ae0f3612dcb538 32276 utils extra
quicktime-utils_1.2.4-7+deb8u1_amd64.deb
dfd9ba926840ec14c91b15c1c0ae0d0e 39774 utils extra
quicktime-x11utils_1.2.4-7+deb8u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJYtWrCAAoJEPZk0la0aRp9Ps4P/AloQWXhp27KyhKqKgthmKxk
0G1YhkFxF7AjPjomISevYs/yftOZzG4cmOnXIO/YR/AWgZXzjy+rO7OjTQPOG8W8
zsSMytgYaSWfCqT8I4B3XS+jbU7sKigXhfQGi8w5qhY2tQO44hBxhIuQFjnbp1Tm
hK/LJtHEj4+dKq5M9F6E4HQgZUxwdrC/j4L4f13Jq/eVwcm1fR72VjKqUZkpPPKb
GV9SVEefrPFSkVp8EB+FjNoekEMZ1kaAYzwk7WXJ6uOO8/v7kJUadwXFyxmPFsim
/IqlaFzMHXTlywpEg3fDTaYYcD/k0UoPsmk3Uf1r/xSb2njDXg+KzyHbFeoQ0h0V
gwfVIo7lSJZ2Pl/i/9AsjJQ9ijvJofHdivRZf8kpEvHDxXmZOO4iS5xJErCnn5Ta
U82DuBL5MBtJaeyf5JB3aaw1cXElUJ22g4c2BAQIde2eoSVQL3JS3bZ91N5BDQG1
lpPX1jXGBzWqzvJ9t7KWwy3N7ZbCykp+uywtQPnmJ5KHPlYXQF7TSwH1lbFiL9fm
fxMXPALB0kjozFhBZauXIfX1qMzHQ3jW+XnZd12cUhxyYhp8t6HVtLWOjrlT2Zn4
iMNCmT8qOydVRYYmJmETzcm4o7+zFjTdcGZBy7jdARDJySE8jgViG6MfN0wgg9o8
f4VKM7N4kAWMMZdrYo3f
=ByUy
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
pkg-multimedia-maintainers mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
