Your message dated Wed, 27 Dec 2017 17:03:51 +0000 with message-id <e1euf7p-000br6...@fasolo.debian.org> and subject line Bug#870857: fixed in soundtouch 1.9.2-3 has caused the Debian Bug report #870857, regarding soundtouch: CVE-2017-9260 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 870857: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870857 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: soundtouch Version: 1.9.2-2 Severity: important Tags: upstream security Hi, the following vulnerability was published for soundtouch. CVE-2017-9260[0]: | The TDStretchSSE::calcCrossCorr function in | source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote | attackers to cause a denial of service (heap-based buffer over-read and | application crash) via a crafted wav file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-9260 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9260 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: soundtouch Source-Version: 1.9.2-3 We believe that the bug you reported is fixed in the latest version of soundtouch, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 870...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. James Cowgill <jcowg...@debian.org> (supplier of updated soundtouch package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 27 Dec 2017 16:31:50 +0000 Source: soundtouch Binary: libsoundtouch1 libsoundtouch-dev soundstretch Architecture: source Version: 1.9.2-3 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org> Changed-By: James Cowgill <jcowg...@debian.org> Description: libsoundtouch-dev - Development files for the sound stretching library libsoundtouch1 - Sound stretching library soundstretch - Stretches and pitch-shifts sound independently Closes: 870854 870856 870857 Changes: soundtouch (1.9.2-3) unstable; urgency=medium . * Team upload. . [ Gabor Karsay ] * Add patch to fix - CVE-2017-9258 (Closes: #870854) - CVE-2017-9259 (Closes: #870856) - CVE-2017-9260 (Closes: #870857) . [ James Cowgill ] * Use secure URLs where possible * debian/changelog: - Trim trailing whitespace in d/changelog. * debian/compat: - Use debhelper compat 11. * debian/control: - Drop manual debug packages. - Fix spelling mistake in soundstretch package description. - Bump standards version to 4.1.2. - Set Rules-Requires-Root: no. - Use canonical Vcs-* URLs. Checksums-Sha1: 8b81a1b6091613dac4608a231fd95ecba0a6af13 2141 soundtouch_1.9.2-3.dsc e882c55a555ffdd3c7d170c51724b9006ec9eb11 8720 soundtouch_1.9.2-3.debian.tar.xz 1d65abfe7bf83d2122a044feccdfdf29faf4e685 5349 soundtouch_1.9.2-3_source.buildinfo Checksums-Sha256: 262a7227ac77d6eb55b1715aeae668144a1b6221ff0cd7726d14443706310afc 2141 soundtouch_1.9.2-3.dsc 1b0103463df1bac5d86adc401970047727f1a98c6a026477715bb0f167d07691 8720 soundtouch_1.9.2-3.debian.tar.xz 2f4c5b2c87a25be6e44891099dc4bf9606773eaa4e9634b3275320d619a8ca10 5349 soundtouch_1.9.2-3_source.buildinfo Files: ad6805646d446dd59bffc583e2d4cb67 2141 libs optional soundtouch_1.9.2-3.dsc 856bca864ee62e13e5c5a5728a8afb28 8720 libs optional soundtouch_1.9.2-3.debian.tar.xz 19f2afbfb5cdc8ab6a8d0b01726e28ae 5349 libs optional soundtouch_1.9.2-3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAlpD0PAUHGpjb3dnaWxs QGRlYmlhbi5vcmcACgkQx/FnbeotAe/CHxAArElCncUx7coW0faJhHPigbDm4RPs Jn6y2jKgd7cRXADE1xItdG7oCR4i/xNG8mQlV2C5fQXpe9ZKmvaHP5wSx1a2liEp PapmVJH3kALi3tHUmHhBtsY15TCqkKabWY8ScLOzRh/oeq8Xk3W6xeHbBCJ6b+cQ bdvvDF3FALuZsGSvWM7MurEj0Yjo+aBgRgN6aumD5UfrDxXNmO2nnW2HPW+/TDKq V8TyT7ak+Bn49m02dMHc0pevY34MQkVQR4ZGj5yfQhsxzAOOHgcnSAoAL8hOl4Qp b25G0FhJ6Sx4AYqnVyI2+aSsCn0lMJCGgGRKSaCo83JEpUXtFIy8gaLM3wkYAWLZ 0NLXD2QAgYEmStYHYQvTntE8DdSxYr9ybnvKm1Rm7rSR+2gOS+bi9FnknjR/Wgs9 aY3WjZ51I+iDdbstEcXDBcNRzxsluGyv06wEEBesrxtBffr4/5+oiZb9M6BDal/W JanvYRcZ/mTfNfNgFxvPw62CcHDByMGONiw2zcwUzqY5i+N/d/1u319K8DHW20G6 ikUfNqxEIivgAyGcgCoojvOG84S+ctqi2BYcl+FryPBdGZ37yeu35XOldu5Lrg3P EY+bW3KcZ7/evLKdPo2pijOR3OLmd0xO9wLPJJgQeK7zcxwFJZMy+tVXtRurjzvl R49N7Z99sOZxDss= =OCYL -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
