vlc 2.2.6-3 MIGRATED to testing

2017-07-16 Thread Debian testing watch 
FYI: The status of the vlc source package
in Debian's testing distribution has changed.

  Previous version: 2.2.6-2
  Current version:  2.2.6-3

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

liblivemedia 2017.06.04-2 MIGRATED to testing

2017-07-16 Thread Debian testing watch 
FYI: The status of the liblivemedia source package
in Debian's testing distribution has changed.

  Previous version: 2016.11.28-1
  Current version:  2017.06.04-2

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#868612: mixxx FTBFS with libsqlite3-dev 3.19.3-3

2017-07-16 Thread Adrian Bunk 
Source: mixxx
Version: 2.0.0~dfsg-7
Severity: serious
Tags: buster sid

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/mixxx.html

...
In file included from src/library/trackcollection.cpp:7:0:
/usr/include/sqlite3.h:3712:16: error: using typedef-name 'sqlite3_value' after 
'struct'
 typedef struct sqlite3_value sqlite3_value;
^
In file included from src/library/trackcollection.cpp:4:0:
src/library/trackcollection.h:38:20: note: 'sqlite3_value' has a previous 
declaration here
 typedef struct Mem sqlite3_value;
^
In file included from src/library/trackcollection.cpp:7:0:
/usr/include/sqlite3.h:3712:30: error: conflicting declaration 'typedef int 
sqlite3_value'
 typedef struct sqlite3_value sqlite3_value;
  ^
In file included from src/library/trackcollection.cpp:4:0:
src/library/trackcollection.h:38:20: note: previous declaration as 'typedef 
struct Mem sqlite3_value'
 typedef struct Mem sqlite3_value;
^
scons: *** [lin64_build/library/trackcollection.o] Error 1
scons: building terminated because of errors.
debian/rules:46: recipe for target 'override_dh_auto_build' failed
make[1]: *** [override_dh_auto_build] Error 2

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#864664: marked as done (CVE-2017-9122 CVE-2017-9123 CVE-2017-9124 CVE-2017-9125 CVE-2017-9126 CVE-2017-9127 CVE-2017-9128)

2017-07-16 Thread Debian Bug Tracking System 
Your message dated Sun, 16 Jul 2017 21:17:08 +
with message-id 
and subject line Bug#864664: fixed in libquicktime 2:1.2.4-10+deb9u1
has caused the Debian Bug report #864664,
regarding CVE-2017-9122 CVE-2017-9123 CVE-2017-9124 CVE-2017-9125 CVE-2017-9126 
CVE-2017-9127 CVE-2017-9128
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
864664: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864664
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libquicktime
Severity: grave
Tags: security

Please see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9123
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9128

Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: libquicktime
Source-Version: 2:1.2.4-10+deb9u1

We believe that the bug you reported is fixed in the latest version of
libquicktime, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 864...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Mühlenhoff  (supplier of updated libquicktime package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 13 Jul 2017 20:29:10 +0200
Source: libquicktime
Binary: libquicktime2 libquicktime-dev libquicktime-doc quicktime-utils 
quicktime-x11utils
Architecture: source
Version: 2:1.2.4-10+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Debian Multimedia Maintainers 

Changed-By: Moritz Mühlenhoff 
Closes: 864664
Description: 
 libquicktime-dev - library for reading and writing Quicktime files 
(development)
 libquicktime-doc - library for reading and writing Quicktime files 
(documentation)
 libquicktime2 - library for reading and writing Quicktime files
 quicktime-utils - library for reading and writing Quicktime files (utilities)
 quicktime-x11utils - library for reading and writing Quicktime files (x11 
utilities)
Changes:
 libquicktime (2:1.2.4-10+deb9u1) stretch; urgency=medium
 .
   * Fix CVE-2017-9122 to CVE-2017-9128, patch from 1.2.4-11 in unstable
 (Closes: #864664)
Checksums-Sha1: 
 bb517402940d37b91e6e102e3a5a928524d38a32 2883 libquicktime_1.2.4-10+deb9u1.dsc
 ceae5ac2b461037679f5cd389a09a557b1da9db7 22456 
libquicktime_1.2.4-10+deb9u1.debian.tar.xz
Checksums-Sha256: 
 42646521721a56906f8360a4f9ade4de647049069e641be8ca31b33d665e0fe8 2883 
libquicktime_1.2.4-10+deb9u1.dsc
 f2508b02ae26aaf6f147374c31b3f23e3557c0e94fbd17553af393e634c3ef71 22456 
libquicktime_1.2.4-10+deb9u1.debian.tar.xz
Files: 
 bba6a44311d4a7bfde18c25720812614 2883 devel optional 
libquicktime_1.2.4-10+deb9u1.dsc
 817e72bd9ba5e42068d20993d2232aff 22456 devel optional 
libquicktime_1.2.4-10+deb9u1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllrur1fFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E8n0P/R7WAzV6BNkHmT4yI41vrMhZz/T1jdzn
RE+FTWpWnUtf2ZPtm8R2S5lDbOltfM4QLXB/IrVrbx2r1Sn4Iz0tII/jGpGQqYUt
LGigDUEDJ9SbhbZO6/vw/aBPHrI/bQrCifKZESGLJ71jJipH6XT09HXdyy10N/NQ
k2X9xzh19lrsStIXOGIBI0q+ntlk4U7IaDuHFYcJ7WqqHIbZT6vaB/2kTeguSBXv
0/+4SVCvJKMoF8pK2dNgwZPR3dGpwsraLdsuD9ooMekbYukrn1NghDpA7FDLPm+t
36pWEB2oJbaIyy3XEoFVRvoEul2G2O+L5fRqZSmd8JcTJGV3eJ5CAu7xdk/uoQyO
gxMctE0Qp88hY/8etaqtGVDOnaJZM4H8OMKCs1nafXiD30pu0uw0E6n7qJyuoKXU
atiur4ZN6hNa5YAUbT+vloFNaYd1GmSTSbyPV80zoB3sYe+426fiuEyOcER4eFhh
JIaA4XiFu9S5VUjVRVRA52Be+7eXxPCzWuAJc3UbnBrj5K/zTVWu6hnTDpeI9Uz+
VLw1F4ZWSf+ghCzvHghVp2P40kbIp5yK10Dg5JGjfzww7Li0l2WEQ1lLpvvMI5Z0
Y1CmUqa7ggf6ogPdJ7fbzSf7yqLm7B8DfeCVtz0nijh4311CElAgL0IUCLJ9+AJx
3FrBG2qmvvMb
=etDp
-END PGP SIGNATURE End Message ---
___

libquicktime_1.2.4-10+deb9u1_multi.changes ACCEPTED into proposed-updates->stable-new, proposed-updates

2017-07-16 Thread Debian FTP Masters 


Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 13 Jul 2017 20:29:10 +0200
Source: libquicktime
Binary: libquicktime2 libquicktime-dev libquicktime-doc quicktime-utils 
quicktime-x11utils
Architecture: source
Version: 2:1.2.4-10+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Debian Multimedia Maintainers 

Changed-By: Moritz Mühlenhoff 
Closes: 864664
Description: 
 libquicktime-dev - library for reading and writing Quicktime files 
(development)
 libquicktime-doc - library for reading and writing Quicktime files 
(documentation)
 libquicktime2 - library for reading and writing Quicktime files
 quicktime-utils - library for reading and writing Quicktime files (utilities)
 quicktime-x11utils - library for reading and writing Quicktime files (x11 
utilities)
Changes:
 libquicktime (2:1.2.4-10+deb9u1) stretch; urgency=medium
 .
   * Fix CVE-2017-9122 to CVE-2017-9128, patch from 1.2.4-11 in unstable
 (Closes: #864664)
Checksums-Sha1: 
 bb517402940d37b91e6e102e3a5a928524d38a32 2883 libquicktime_1.2.4-10+deb9u1.dsc
 ceae5ac2b461037679f5cd389a09a557b1da9db7 22456 
libquicktime_1.2.4-10+deb9u1.debian.tar.xz
Checksums-Sha256: 
 42646521721a56906f8360a4f9ade4de647049069e641be8ca31b33d665e0fe8 2883 
libquicktime_1.2.4-10+deb9u1.dsc
 f2508b02ae26aaf6f147374c31b3f23e3557c0e94fbd17553af393e634c3ef71 22456 
libquicktime_1.2.4-10+deb9u1.debian.tar.xz
Files: 
 bba6a44311d4a7bfde18c25720812614 2883 devel optional 
libquicktime_1.2.4-10+deb9u1.dsc
 817e72bd9ba5e42068d20993d2232aff 22456 devel optional 
libquicktime_1.2.4-10+deb9u1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllrur1fFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E8n0P/R7WAzV6BNkHmT4yI41vrMhZz/T1jdzn
RE+FTWpWnUtf2ZPtm8R2S5lDbOltfM4QLXB/IrVrbx2r1Sn4Iz0tII/jGpGQqYUt
LGigDUEDJ9SbhbZO6/vw/aBPHrI/bQrCifKZESGLJ71jJipH6XT09HXdyy10N/NQ
k2X9xzh19lrsStIXOGIBI0q+ntlk4U7IaDuHFYcJ7WqqHIbZT6vaB/2kTeguSBXv
0/+4SVCvJKMoF8pK2dNgwZPR3dGpwsraLdsuD9ooMekbYukrn1NghDpA7FDLPm+t
36pWEB2oJbaIyy3XEoFVRvoEul2G2O+L5fRqZSmd8JcTJGV3eJ5CAu7xdk/uoQyO
gxMctE0Qp88hY/8etaqtGVDOnaJZM4H8OMKCs1nafXiD30pu0uw0E6n7qJyuoKXU
atiur4ZN6hNa5YAUbT+vloFNaYd1GmSTSbyPV80zoB3sYe+426fiuEyOcER4eFhh
JIaA4XiFu9S5VUjVRVRA52Be+7eXxPCzWuAJc3UbnBrj5K/zTVWu6hnTDpeI9Uz+
VLw1F4ZWSf+ghCzvHghVp2P40kbIp5yK10Dg5JGjfzww7Li0l2WEQ1lLpvvMI5Z0
Y1CmUqa7ggf6ogPdJ7fbzSf7yqLm7B8DfeCVtz0nijh4311CElAgL0IUCLJ9+AJx
3FrBG2qmvvMb
=etDp
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

libquicktime_1.2.4-10+deb9u1_multi.changes ACCEPTED into proposed-updates->stable-new

2017-07-16 Thread Debian FTP Masters 
Mapping stretch to stable.
Mapping stable to proposed-updates.

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 13 Jul 2017 20:29:10 +0200
Source: libquicktime
Binary: libquicktime2 libquicktime-dev libquicktime-doc quicktime-utils 
quicktime-x11utils
Architecture: source
Version: 2:1.2.4-10+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Debian Multimedia Maintainers 

Changed-By: Moritz Mühlenhoff 
Closes: 864664
Description: 
 libquicktime-dev - library for reading and writing Quicktime files 
(development)
 libquicktime-doc - library for reading and writing Quicktime files 
(documentation)
 libquicktime2 - library for reading and writing Quicktime files
 quicktime-utils - library for reading and writing Quicktime files (utilities)
 quicktime-x11utils - library for reading and writing Quicktime files (x11 
utilities)
Changes:
 libquicktime (2:1.2.4-10+deb9u1) stretch; urgency=medium
 .
   * Fix CVE-2017-9122 to CVE-2017-9128, patch from 1.2.4-11 in unstable
 (Closes: #864664)
Checksums-Sha1: 
 bb517402940d37b91e6e102e3a5a928524d38a32 2883 libquicktime_1.2.4-10+deb9u1.dsc
 ceae5ac2b461037679f5cd389a09a557b1da9db7 22456 
libquicktime_1.2.4-10+deb9u1.debian.tar.xz
Checksums-Sha256: 
 42646521721a56906f8360a4f9ade4de647049069e641be8ca31b33d665e0fe8 2883 
libquicktime_1.2.4-10+deb9u1.dsc
 f2508b02ae26aaf6f147374c31b3f23e3557c0e94fbd17553af393e634c3ef71 22456 
libquicktime_1.2.4-10+deb9u1.debian.tar.xz
Files: 
 bba6a44311d4a7bfde18c25720812614 2883 devel optional 
libquicktime_1.2.4-10+deb9u1.dsc
 817e72bd9ba5e42068d20993d2232aff 22456 devel optional 
libquicktime_1.2.4-10+deb9u1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllrur1fFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E8n0P/R7WAzV6BNkHmT4yI41vrMhZz/T1jdzn
RE+FTWpWnUtf2ZPtm8R2S5lDbOltfM4QLXB/IrVrbx2r1Sn4Iz0tII/jGpGQqYUt
LGigDUEDJ9SbhbZO6/vw/aBPHrI/bQrCifKZESGLJ71jJipH6XT09HXdyy10N/NQ
k2X9xzh19lrsStIXOGIBI0q+ntlk4U7IaDuHFYcJ7WqqHIbZT6vaB/2kTeguSBXv
0/+4SVCvJKMoF8pK2dNgwZPR3dGpwsraLdsuD9ooMekbYukrn1NghDpA7FDLPm+t
36pWEB2oJbaIyy3XEoFVRvoEul2G2O+L5fRqZSmd8JcTJGV3eJ5CAu7xdk/uoQyO
gxMctE0Qp88hY/8etaqtGVDOnaJZM4H8OMKCs1nafXiD30pu0uw0E6n7qJyuoKXU
atiur4ZN6hNa5YAUbT+vloFNaYd1GmSTSbyPV80zoB3sYe+426fiuEyOcER4eFhh
JIaA4XiFu9S5VUjVRVRA52Be+7eXxPCzWuAJc3UbnBrj5K/zTVWu6hnTDpeI9Uz+
VLw1F4ZWSf+ghCzvHghVp2P40kbIp5yK10Dg5JGjfzww7Li0l2WEQ1lLpvvMI5Z0
Y1CmUqa7ggf6ogPdJ7fbzSf7yqLm7B8DfeCVtz0nijh4311CElAgL0IUCLJ9+AJx
3FrBG2qmvvMb
=etDp
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Processing of libquicktime_1.2.4-10+deb9u1_multi.changes

2017-07-16 Thread Debian FTP Masters 
libquicktime_1.2.4-10+deb9u1_multi.changes uploaded successfully to localhost
along with the files:
  libquicktime_1.2.4-10+deb9u1.dsc
  libquicktime_1.2.4-10+deb9u1.debian.tar.xz

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

libquicktime_1.2.4-10+deb9u1_amd64.changes REJECTED

2017-07-16 Thread Debian FTP Masters 

libquicktime - depends on libschroedinger-1.0-0, which isn't in stretch




===

Please feel free to respond to this email if you don't understand why
your files were rejected, or if you upload new files which address our
concerns.


___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

libquicktime_1.2.4-10+deb9u1_amd64.changes ACCEPTED into proposed-updates->stable-new

2017-07-16 Thread Debian FTP Masters 
Mapping stretch to stable.
Mapping stable to proposed-updates.

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Thu, 13 Jul 2017 20:29:10 +0200
Source: libquicktime
Binary: libquicktime2 libquicktime-dev libquicktime-doc quicktime-utils 
quicktime-x11utils
Architecture: source amd64 all
Version: 2:1.2.4-10+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Debian Multimedia Maintainers 

Changed-By: Moritz Mühlenhoff 
Description:
 libquicktime-dev - library for reading and writing Quicktime files 
(development)
 libquicktime-doc - library for reading and writing Quicktime files 
(documentation)
 libquicktime2 - library for reading and writing Quicktime files
 quicktime-utils - library for reading and writing Quicktime files (utilities)
 quicktime-x11utils - library for reading and writing Quicktime files (x11 
utilities)
Closes: 864664
Changes:
 libquicktime (2:1.2.4-10+deb9u1) stretch; urgency=medium
 .
   * Fix CVE-2017-9122 to CVE-2017-9128, patch from 1.2.4-11 in unstable
 (Closes: #864664)
Checksums-Sha1:
 2ab70f7796cae3ae687fa17dc82fa0e16d21f979 2728 libquicktime_1.2.4-10+deb9u1.dsc
 7008b2dc27b9b40965bd2df42d39ff4cb8b6305e 1028626 libquicktime_1.2.4.orig.tar.gz
 42503cbc3c06637eb36765f10cfedeb7ce7cacac 22460 
libquicktime_1.2.4-10+deb9u1.debian.tar.xz
 58fde8e3cdb90825d38eabbdc23bb4a7f1985a2e 45772 
libquicktime-dev_1.2.4-10+deb9u1_amd64.deb
 a35c714535cb82508ea8bd477d50f2e50bf60090 131348 
libquicktime-doc_1.2.4-10+deb9u1_all.deb
 307e870b95ed357521bddc38440c826cbf910a1f 1276530 
libquicktime2-dbgsym_1.2.4-10+deb9u1_amd64.deb
 10ebb172f06082393225f5f99dc1a6d16d9a8ded 278262 
libquicktime2_1.2.4-10+deb9u1_amd64.deb
 3cce1978da90fc910b6156aaf6afbcf77dc9d943 16353 
libquicktime_1.2.4-10+deb9u1_amd64.buildinfo
 375b066f23cd61a6870f56e52690ead7e6cca777 118490 
quicktime-utils-dbgsym_1.2.4-10+deb9u1_amd64.deb
 5d00f837de3530ce1f4307e823ff8aa65f150626 39852 
quicktime-utils_1.2.4-10+deb9u1_amd64.deb
 4fea596cc0467bd4f3f0feaaa4eac79b6ac110e4 74624 
quicktime-x11utils-dbgsym_1.2.4-10+deb9u1_amd64.deb
 30c6a22d780f1ea001349636dc7e956533689217 47430 
quicktime-x11utils_1.2.4-10+deb9u1_amd64.deb
Checksums-Sha256:
 a3dec3944521d67be56156c878a168278f5fcf53fbbc1a20e9e65650cf8c3669 2728 
libquicktime_1.2.4-10+deb9u1.dsc
 1c53359c33b31347b4d7b00d3611463fe5e942cae3ec0fefe0d2fd413fd47368 1028626 
libquicktime_1.2.4.orig.tar.gz
 f4c46021e9d4b525dd393ae3e26006df23888e787a44184c557d382008dac5a3 22460 
libquicktime_1.2.4-10+deb9u1.debian.tar.xz
 d3647293ca5eb01d435a30b4451314b498bb5db68f352986b2616739fc15f874 45772 
libquicktime-dev_1.2.4-10+deb9u1_amd64.deb
 8cbf992b1dff551b6a6d0638eaf6822625db5c2e3e284ca7ad20d9e51773a48e 131348 
libquicktime-doc_1.2.4-10+deb9u1_all.deb
 635c087a0575878ea3b89c9ecf8a78614d6eac154e49e555c111b4a95665a5ac 1276530 
libquicktime2-dbgsym_1.2.4-10+deb9u1_amd64.deb
 248defc04cde8a43964c57f191137dabf08370b3d2f1d32b485593dd77fd84d5 278262 
libquicktime2_1.2.4-10+deb9u1_amd64.deb
 974b68a4903f36dd410849e3522ce847952ac87bcf2029341ecdbdcbe9240bfc 16353 
libquicktime_1.2.4-10+deb9u1_amd64.buildinfo
 b5e77992827e9856e2d04d9f5bf285ba9fab533e468ee0a57abd8ab4e4687c4b 118490 
quicktime-utils-dbgsym_1.2.4-10+deb9u1_amd64.deb
 1355c1a228ebe4fa35856a06d7fe8b835e50d0fbc80ab5a831bc7e39712f142d 39852 
quicktime-utils_1.2.4-10+deb9u1_amd64.deb
 23e816a7c3f786841cfd6ca6aa224e96d704cdce79e09ca9345186b12e6a4f4f 74624 
quicktime-x11utils-dbgsym_1.2.4-10+deb9u1_amd64.deb
 a6bee331d8ab07d2e22922d1ca55d7afb11d702f76be686a3d7c93edc054f3bf 47430 
quicktime-x11utils_1.2.4-10+deb9u1_amd64.deb
Files:
 ccfe56e1ca33f9c6004a2523b7819dcb 2728 devel optional 
libquicktime_1.2.4-10+deb9u1.dsc
 81cfcebad9b7ee7e7cfbefc861d6d61b 1028626 devel optional 
libquicktime_1.2.4.orig.tar.gz
 4b3a67d40832e85de0e1d8860f0c445f 22460 devel optional 
libquicktime_1.2.4-10+deb9u1.debian.tar.xz
 005e691cd1295612172278645cfa7534 45772 libdevel optional 
libquicktime-dev_1.2.4-10+deb9u1_amd64.deb
 ab143e485d636037be5e2d6208637233 131348 doc optional 
libquicktime-doc_1.2.4-10+deb9u1_all.deb
 f479cd967d4b83a93103632346ea3edd 1276530 debug extra 
libquicktime2-dbgsym_1.2.4-10+deb9u1_amd64.deb
 ba9c183f6a2d3742da142d83de8a67f4 278262 libs optional 
libquicktime2_1.2.4-10+deb9u1_amd64.deb
 7c46bc73ad32b34d087df63c5b4bbdd2 16353 devel optional 
libquicktime_1.2.4-10+deb9u1_amd64.buildinfo
 c5cfc9f01b2ec7f1be33d5487b43d165 118490 debug extra 
quicktime-utils-dbgsym_1.2.4-10+deb9u1_amd64.deb
 b70332051971c3c6a9d1cfa2888967c9 39852 utils extra 
quicktime-utils_1.2.4-10+deb9u1_amd64.deb
 74f33f528623eecf12e2960a31623669 74624 debug extra 
quicktime-x11utils-dbgsym_1.2.4-10+deb9u1_amd64.deb
 0d6502a2e6abea0bda82aedd36fd2e00 47430 utils extra 
quicktime-x11utils_1.2.4-10+deb9u1_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAllrlugACgkQEMKTtsN8
TjZHLQ/6A0Ci3xPxpafZfdx9pqOAMkIJumr0CuCy2gPkv0eYUNyv+fNzn54bVCPy

Processing of libquicktime_1.2.4-10+deb9u1_amd64.changes

2017-07-16 Thread Debian FTP Masters 
libquicktime_1.2.4-10+deb9u1_amd64.changes uploaded successfully to localhost
along with the files:
  libquicktime_1.2.4-10+deb9u1.dsc
  libquicktime_1.2.4.orig.tar.gz
  libquicktime_1.2.4-10+deb9u1.debian.tar.xz
  libquicktime-dev_1.2.4-10+deb9u1_amd64.deb
  libquicktime-doc_1.2.4-10+deb9u1_all.deb
  libquicktime2-dbgsym_1.2.4-10+deb9u1_amd64.deb
  libquicktime2_1.2.4-10+deb9u1_amd64.deb
  libquicktime_1.2.4-10+deb9u1_amd64.buildinfo
  quicktime-utils-dbgsym_1.2.4-10+deb9u1_amd64.deb
  quicktime-utils_1.2.4-10+deb9u1_amd64.deb
  quicktime-x11utils-dbgsym_1.2.4-10+deb9u1_amd64.deb
  quicktime-x11utils_1.2.4-10+deb9u1_amd64.deb

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#867579: marked as done (libopenmpt: CVE-2017-11311)

2017-07-16 Thread Debian Bug Tracking System 
Your message dated Sun, 16 Jul 2017 12:17:08 +
with message-id 
and subject line Bug#867579: fixed in libopenmpt 0.2.7386~beta20.3-3+deb9u2
has caused the Debian Bug report #867579,
regarding libopenmpt: CVE-2017-11311
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
867579: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867579
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libopenmpt
Version: 0.2.7386~beta20.3-3
Severity: important
Tags: upstream

Dear Maintainer,


A couple of security-related fixes have been released upstream as
version 0.2.7386-beta20.3-p10. See
https://lib.openmpt.org/libopenmpt/md_announce-2017-07-07.html .

p10 fixes a heap buffer overflow which allows an attacker to write
arbitrary data to an arbitrarily choosen offset. It can be triggered
with a maliciously modified PSM file. This needs to be fixed ASAP via
a security update in Stretch. The bug happens due to 2 samples in a
PSM file using the same sample slot in libopenmpt, whereby the second
sample uses an invalid offset inside the file. That way, the second
sample did not re-allocate (via
sampleHeader.GetSampleFormat().ReadSample(Samples[smp], file); deeper
down the call chain in SampleIO.cpp:73) the sample buffer itself but
only set the sample size metadata
(sampleHeader.ConvertToMPT(Samples[smp]);, ultimately at
Load_psm.cpp:1054). Later, as a loading post-processing step,
Sndfile.cpp:411 calls PrecomputeLoops() which writes a couple of
samples before and after the actual sample data (the amount is
statically known (InterpolationMaxLookahead) and accounted for when
allocating the sample buffer). However, due to the sample buffer and
sample length mismatch caused by the bug, this can write extrapolated
sample data to an arbitary location offset from the first sample's
buffer (PrecomputeLoopsImpl() in modsmp_ctrl.cpp:263).

p8 is an out-of-bounds read directly after a heap-allocated allocated
buffer. It is difficult to trigger in practice because std::vector
does grow its buffer exponentially.

p9 fixes another potential race condition due to the use of non
thread-safe  functions. As discussed previously in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864195#67 , this
again can at worst cause wrong data to be returned for date metadata
in libopenmpt. However, please note that the same, now rewritten code
path, could also trigger an assertion failure in glibc under memory
pressure (which probably is a glibc bug, see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867283 ), thereby
causing the application to crash.


-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Source: libopenmpt
Source-Version: 0.2.7386~beta20.3-3+deb9u2

We believe that the bug you reported is fixed in the latest version of
libopenmpt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 867...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
James Cowgill  (supplier of updated libopenmpt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 15 Jul 2017 18:33:57 +0100
Source: libopenmpt
Binary: openmpt123 libopenmpt0 libopenmpt-dev libopenmpt-doc 
libopenmpt-modplug1 libopenmpt-modplug-dev
Architecture: source
Version: 0.2.7386~beta20.3-3+deb9u2
Distribution: stretch
Urgency: medium
Maintainer: Debian Multimedia Maintainers 

Changed-By: James Cowgill 
Description:
 libopenmpt-dev - module music library based on OpenMPT -- development files
 libopenmpt-doc - module music library based on OpenMPT -- documentation
 libopenmpt-modplug-dev - module music library based on OpenMPT -- modplug 
compat developme
 libopenmpt-modplug1 - module music

libopenmpt_0.2.7386~beta20.3-3+deb9u2_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates

2017-07-16 Thread Debian FTP Masters 


Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 15 Jul 2017 18:33:57 +0100
Source: libopenmpt
Binary: openmpt123 libopenmpt0 libopenmpt-dev libopenmpt-doc 
libopenmpt-modplug1 libopenmpt-modplug-dev
Architecture: source
Version: 0.2.7386~beta20.3-3+deb9u2
Distribution: stretch
Urgency: medium
Maintainer: Debian Multimedia Maintainers 

Changed-By: James Cowgill 
Description:
 libopenmpt-dev - module music library based on OpenMPT -- development files
 libopenmpt-doc - module music library based on OpenMPT -- documentation
 libopenmpt-modplug-dev - module music library based on OpenMPT -- modplug 
compat developme
 libopenmpt-modplug1 - module music library based on OpenMPT -- modplug compat 
library
 libopenmpt0 - module music library based on OpenMPT -- shared library
 openmpt123 - module music library based on OpenMPT -- music player
Closes: 867579
Changes:
 libopenmpt (0.2.7386~beta20.3-3+deb9u2) stretch; urgency=medium
 .
   * Add security patches (Closes: #867579).
 - up8: Out-of-bounds read while loading a malfomed PLM file.
 - up10: CVE-2017-11311: Arbitrary code execution by a crafted PSM file.
Checksums-Sha1:
 1ae2a6b831007c4ad1b3797766ebf491c66e5497 2721 
libopenmpt_0.2.7386~beta20.3-3+deb9u2.dsc
 702ac4b948eac1893ee42bdea4adf846ce759581 15224 
libopenmpt_0.2.7386~beta20.3-3+deb9u2.debian.tar.xz
 b72d2c7f60ab2006aeb2caf27ed8b3bbc3d8eae2 7824 
libopenmpt_0.2.7386~beta20.3-3+deb9u2_source.buildinfo
Checksums-Sha256:
 093256d212de75fc608b1ab83d83b3a2cf2e5fb169a4f2318db4cf69176c09c3 2721 
libopenmpt_0.2.7386~beta20.3-3+deb9u2.dsc
 34baba5847acaef01b3c25143e3bf3a4f4e83aa6a2ad4cd4f34faadef94af58c 15224 
libopenmpt_0.2.7386~beta20.3-3+deb9u2.debian.tar.xz
 a8843454132e3781a2b55d1a8c1770d3ad06095c5e4087f49de5893c911a1f6b 7824 
libopenmpt_0.2.7386~beta20.3-3+deb9u2_source.buildinfo
Files:
 9580b25a4c0657809baabe826aa9bab5 2721 libs optional 
libopenmpt_0.2.7386~beta20.3-3+deb9u2.dsc
 b0d3445c04833100e9f706e434d467eb 15224 libs optional 
libopenmpt_0.2.7386~beta20.3-3+deb9u2.debian.tar.xz
 a79b0a456f73330b58e773716bcf3e3d 7824 libs optional 
libopenmpt_0.2.7386~beta20.3-3+deb9u2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJIBAEBCgAyFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAllqjxsUHGpjb3dnaWxs
QGRlYmlhbi5vcmcACgkQx/FnbeotAe/K4Q/+MVg4kbtTfst5F2esc1gtGbGr0iGW
VwpYhXK1y4IoWHtDZFStT3nMyH+8v7YeD2yg4B16ShhHnuyZtLzR7qORvMvM1Rxd
pFlEMpo6/t4zDEewbmjuaNUjfF7pxeU0+33H8apPO1GJeT1o16P8qFBI54Wj0T5i
Zp0541uP4ZczxdDEyBpUsAgAw9Sth6rSYDDC0qAu8mdYvmbQ8CxJ4Mz4PqqUt4Eg
QqxVST8P73Zqbo1XzHR/pIZ38K7tdHY29WDbxUXg/LsPcIgUbRYvZOCTjry3JSta
dM+NFvNIMHejTokFnGD7hii/tpDy9iZt5LAFBj/wN19WeIpRIvfZ2hSvAGts74aD
R+JM4Z2MTaHYvpXzh96Y0UpxAfW7QbHrBVi5xI9ebl+Q6r2ZzNJK0zzFtbIQgy+s
0jdc/knAr//I1UKRzdUiqGJ46tptCKFTTM91yzD6V2MyP+b8f8I1uBksIoNbUums
5vezAbIxFi7gwm3h1Fv1X/GVsUHyxCr6SJEBlBdr5g2etaahGrt42aDqi/crYCed
NSBqYyfaMRgBpuUu5JmiF4fnSDqt1f7/Zlm/eCa4tt/Urqx85+BLUqB+rHmZtuGj
7a3t7BGViF108xLmY2KaTDewqcLgoFdIXbnbkxN0ntqXBBeeK5U6zYgMtm2QRr07
KzHTyRv3Q1N5OcA=
=TZXL
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers