vlc 2.2.6-3 MIGRATED to testing
FYI: The status of the vlc source package in Debian's testing distribution has changed. Previous version: 2.2.6-2 Current version: 2.2.6-3 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
liblivemedia 2017.06.04-2 MIGRATED to testing
FYI: The status of the liblivemedia source package in Debian's testing distribution has changed. Previous version: 2016.11.28-1 Current version: 2017.06.04-2 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#868612: mixxx FTBFS with libsqlite3-dev 3.19.3-3
Source: mixxx Version: 2.0.0~dfsg-7 Severity: serious Tags: buster sid https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/mixxx.html ... In file included from src/library/trackcollection.cpp:7:0: /usr/include/sqlite3.h:3712:16: error: using typedef-name 'sqlite3_value' after 'struct' typedef struct sqlite3_value sqlite3_value; ^ In file included from src/library/trackcollection.cpp:4:0: src/library/trackcollection.h:38:20: note: 'sqlite3_value' has a previous declaration here typedef struct Mem sqlite3_value; ^ In file included from src/library/trackcollection.cpp:7:0: /usr/include/sqlite3.h:3712:30: error: conflicting declaration 'typedef int sqlite3_value' typedef struct sqlite3_value sqlite3_value; ^ In file included from src/library/trackcollection.cpp:4:0: src/library/trackcollection.h:38:20: note: previous declaration as 'typedef struct Mem sqlite3_value' typedef struct Mem sqlite3_value; ^ scons: *** [lin64_build/library/trackcollection.o] Error 1 scons: building terminated because of errors. debian/rules:46: recipe for target 'override_dh_auto_build' failed make[1]: *** [override_dh_auto_build] Error 2 ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#864664: marked as done (CVE-2017-9122 CVE-2017-9123 CVE-2017-9124 CVE-2017-9125 CVE-2017-9126 CVE-2017-9127 CVE-2017-9128)
Your message dated Sun, 16 Jul 2017 21:17:08 + with message-idand subject line Bug#864664: fixed in libquicktime 2:1.2.4-10+deb9u1 has caused the Debian Bug report #864664, regarding CVE-2017-9122 CVE-2017-9123 CVE-2017-9124 CVE-2017-9125 CVE-2017-9126 CVE-2017-9127 CVE-2017-9128 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 864664: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864664 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libquicktime Severity: grave Tags: security Please see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9122 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9123 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9124 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9125 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9126 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9127 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9128 Cheers, Moritz --- End Message --- --- Begin Message --- Source: libquicktime Source-Version: 2:1.2.4-10+deb9u1 We believe that the bug you reported is fixed in the latest version of libquicktime, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 864...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Moritz Mühlenhoff (supplier of updated libquicktime package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 13 Jul 2017 20:29:10 +0200 Source: libquicktime Binary: libquicktime2 libquicktime-dev libquicktime-doc quicktime-utils quicktime-x11utils Architecture: source Version: 2:1.2.4-10+deb9u1 Distribution: stretch Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: Moritz Mühlenhoff Closes: 864664 Description: libquicktime-dev - library for reading and writing Quicktime files (development) libquicktime-doc - library for reading and writing Quicktime files (documentation) libquicktime2 - library for reading and writing Quicktime files quicktime-utils - library for reading and writing Quicktime files (utilities) quicktime-x11utils - library for reading and writing Quicktime files (x11 utilities) Changes: libquicktime (2:1.2.4-10+deb9u1) stretch; urgency=medium . * Fix CVE-2017-9122 to CVE-2017-9128, patch from 1.2.4-11 in unstable (Closes: #864664) Checksums-Sha1: bb517402940d37b91e6e102e3a5a928524d38a32 2883 libquicktime_1.2.4-10+deb9u1.dsc ceae5ac2b461037679f5cd389a09a557b1da9db7 22456 libquicktime_1.2.4-10+deb9u1.debian.tar.xz Checksums-Sha256: 42646521721a56906f8360a4f9ade4de647049069e641be8ca31b33d665e0fe8 2883 libquicktime_1.2.4-10+deb9u1.dsc f2508b02ae26aaf6f147374c31b3f23e3557c0e94fbd17553af393e634c3ef71 22456 libquicktime_1.2.4-10+deb9u1.debian.tar.xz Files: bba6a44311d4a7bfde18c25720812614 2883 devel optional libquicktime_1.2.4-10+deb9u1.dsc 817e72bd9ba5e42068d20993d2232aff 22456 devel optional libquicktime_1.2.4-10+deb9u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllrur1fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E8n0P/R7WAzV6BNkHmT4yI41vrMhZz/T1jdzn RE+FTWpWnUtf2ZPtm8R2S5lDbOltfM4QLXB/IrVrbx2r1Sn4Iz0tII/jGpGQqYUt LGigDUEDJ9SbhbZO6/vw/aBPHrI/bQrCifKZESGLJ71jJipH6XT09HXdyy10N/NQ k2X9xzh19lrsStIXOGIBI0q+ntlk4U7IaDuHFYcJ7WqqHIbZT6vaB/2kTeguSBXv 0/+4SVCvJKMoF8pK2dNgwZPR3dGpwsraLdsuD9ooMekbYukrn1NghDpA7FDLPm+t 36pWEB2oJbaIyy3XEoFVRvoEul2G2O+L5fRqZSmd8JcTJGV3eJ5CAu7xdk/uoQyO gxMctE0Qp88hY/8etaqtGVDOnaJZM4H8OMKCs1nafXiD30pu0uw0E6n7qJyuoKXU atiur4ZN6hNa5YAUbT+vloFNaYd1GmSTSbyPV80zoB3sYe+426fiuEyOcER4eFhh JIaA4XiFu9S5VUjVRVRA52Be+7eXxPCzWuAJc3UbnBrj5K/zTVWu6hnTDpeI9Uz+ VLw1F4ZWSf+ghCzvHghVp2P40kbIp5yK10Dg5JGjfzww7Li0l2WEQ1lLpvvMI5Z0 Y1CmUqa7ggf6ogPdJ7fbzSf7yqLm7B8DfeCVtz0nijh4311CElAgL0IUCLJ9+AJx 3FrBG2qmvvMb =etDp -END PGP SIGNATURE End Message --- ___
libquicktime_1.2.4-10+deb9u1_multi.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 13 Jul 2017 20:29:10 +0200 Source: libquicktime Binary: libquicktime2 libquicktime-dev libquicktime-doc quicktime-utils quicktime-x11utils Architecture: source Version: 2:1.2.4-10+deb9u1 Distribution: stretch Urgency: medium Maintainer: Debian Multimedia MaintainersChanged-By: Moritz Mühlenhoff Closes: 864664 Description: libquicktime-dev - library for reading and writing Quicktime files (development) libquicktime-doc - library for reading and writing Quicktime files (documentation) libquicktime2 - library for reading and writing Quicktime files quicktime-utils - library for reading and writing Quicktime files (utilities) quicktime-x11utils - library for reading and writing Quicktime files (x11 utilities) Changes: libquicktime (2:1.2.4-10+deb9u1) stretch; urgency=medium . * Fix CVE-2017-9122 to CVE-2017-9128, patch from 1.2.4-11 in unstable (Closes: #864664) Checksums-Sha1: bb517402940d37b91e6e102e3a5a928524d38a32 2883 libquicktime_1.2.4-10+deb9u1.dsc ceae5ac2b461037679f5cd389a09a557b1da9db7 22456 libquicktime_1.2.4-10+deb9u1.debian.tar.xz Checksums-Sha256: 42646521721a56906f8360a4f9ade4de647049069e641be8ca31b33d665e0fe8 2883 libquicktime_1.2.4-10+deb9u1.dsc f2508b02ae26aaf6f147374c31b3f23e3557c0e94fbd17553af393e634c3ef71 22456 libquicktime_1.2.4-10+deb9u1.debian.tar.xz Files: bba6a44311d4a7bfde18c25720812614 2883 devel optional libquicktime_1.2.4-10+deb9u1.dsc 817e72bd9ba5e42068d20993d2232aff 22456 devel optional libquicktime_1.2.4-10+deb9u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllrur1fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E8n0P/R7WAzV6BNkHmT4yI41vrMhZz/T1jdzn RE+FTWpWnUtf2ZPtm8R2S5lDbOltfM4QLXB/IrVrbx2r1Sn4Iz0tII/jGpGQqYUt LGigDUEDJ9SbhbZO6/vw/aBPHrI/bQrCifKZESGLJ71jJipH6XT09HXdyy10N/NQ k2X9xzh19lrsStIXOGIBI0q+ntlk4U7IaDuHFYcJ7WqqHIbZT6vaB/2kTeguSBXv 0/+4SVCvJKMoF8pK2dNgwZPR3dGpwsraLdsuD9ooMekbYukrn1NghDpA7FDLPm+t 36pWEB2oJbaIyy3XEoFVRvoEul2G2O+L5fRqZSmd8JcTJGV3eJ5CAu7xdk/uoQyO gxMctE0Qp88hY/8etaqtGVDOnaJZM4H8OMKCs1nafXiD30pu0uw0E6n7qJyuoKXU atiur4ZN6hNa5YAUbT+vloFNaYd1GmSTSbyPV80zoB3sYe+426fiuEyOcER4eFhh JIaA4XiFu9S5VUjVRVRA52Be+7eXxPCzWuAJc3UbnBrj5K/zTVWu6hnTDpeI9Uz+ VLw1F4ZWSf+ghCzvHghVp2P40kbIp5yK10Dg5JGjfzww7Li0l2WEQ1lLpvvMI5Z0 Y1CmUqa7ggf6ogPdJ7fbzSf7yqLm7B8DfeCVtz0nijh4311CElAgL0IUCLJ9+AJx 3FrBG2qmvvMb =etDp -END PGP SIGNATURE- Thank you for your contribution to Debian. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
libquicktime_1.2.4-10+deb9u1_multi.changes ACCEPTED into proposed-updates->stable-new
Mapping stretch to stable. Mapping stable to proposed-updates. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 13 Jul 2017 20:29:10 +0200 Source: libquicktime Binary: libquicktime2 libquicktime-dev libquicktime-doc quicktime-utils quicktime-x11utils Architecture: source Version: 2:1.2.4-10+deb9u1 Distribution: stretch Urgency: medium Maintainer: Debian Multimedia MaintainersChanged-By: Moritz Mühlenhoff Closes: 864664 Description: libquicktime-dev - library for reading and writing Quicktime files (development) libquicktime-doc - library for reading and writing Quicktime files (documentation) libquicktime2 - library for reading and writing Quicktime files quicktime-utils - library for reading and writing Quicktime files (utilities) quicktime-x11utils - library for reading and writing Quicktime files (x11 utilities) Changes: libquicktime (2:1.2.4-10+deb9u1) stretch; urgency=medium . * Fix CVE-2017-9122 to CVE-2017-9128, patch from 1.2.4-11 in unstable (Closes: #864664) Checksums-Sha1: bb517402940d37b91e6e102e3a5a928524d38a32 2883 libquicktime_1.2.4-10+deb9u1.dsc ceae5ac2b461037679f5cd389a09a557b1da9db7 22456 libquicktime_1.2.4-10+deb9u1.debian.tar.xz Checksums-Sha256: 42646521721a56906f8360a4f9ade4de647049069e641be8ca31b33d665e0fe8 2883 libquicktime_1.2.4-10+deb9u1.dsc f2508b02ae26aaf6f147374c31b3f23e3557c0e94fbd17553af393e634c3ef71 22456 libquicktime_1.2.4-10+deb9u1.debian.tar.xz Files: bba6a44311d4a7bfde18c25720812614 2883 devel optional libquicktime_1.2.4-10+deb9u1.dsc 817e72bd9ba5e42068d20993d2232aff 22456 devel optional libquicktime_1.2.4-10+deb9u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllrur1fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E8n0P/R7WAzV6BNkHmT4yI41vrMhZz/T1jdzn RE+FTWpWnUtf2ZPtm8R2S5lDbOltfM4QLXB/IrVrbx2r1Sn4Iz0tII/jGpGQqYUt LGigDUEDJ9SbhbZO6/vw/aBPHrI/bQrCifKZESGLJ71jJipH6XT09HXdyy10N/NQ k2X9xzh19lrsStIXOGIBI0q+ntlk4U7IaDuHFYcJ7WqqHIbZT6vaB/2kTeguSBXv 0/+4SVCvJKMoF8pK2dNgwZPR3dGpwsraLdsuD9ooMekbYukrn1NghDpA7FDLPm+t 36pWEB2oJbaIyy3XEoFVRvoEul2G2O+L5fRqZSmd8JcTJGV3eJ5CAu7xdk/uoQyO gxMctE0Qp88hY/8etaqtGVDOnaJZM4H8OMKCs1nafXiD30pu0uw0E6n7qJyuoKXU atiur4ZN6hNa5YAUbT+vloFNaYd1GmSTSbyPV80zoB3sYe+426fiuEyOcER4eFhh JIaA4XiFu9S5VUjVRVRA52Be+7eXxPCzWuAJc3UbnBrj5K/zTVWu6hnTDpeI9Uz+ VLw1F4ZWSf+ghCzvHghVp2P40kbIp5yK10Dg5JGjfzww7Li0l2WEQ1lLpvvMI5Z0 Y1CmUqa7ggf6ogPdJ7fbzSf7yqLm7B8DfeCVtz0nijh4311CElAgL0IUCLJ9+AJx 3FrBG2qmvvMb =etDp -END PGP SIGNATURE- Thank you for your contribution to Debian. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Processing of libquicktime_1.2.4-10+deb9u1_multi.changes
libquicktime_1.2.4-10+deb9u1_multi.changes uploaded successfully to localhost along with the files: libquicktime_1.2.4-10+deb9u1.dsc libquicktime_1.2.4-10+deb9u1.debian.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org) ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
libquicktime_1.2.4-10+deb9u1_amd64.changes REJECTED
libquicktime - depends on libschroedinger-1.0-0, which isn't in stretch === Please feel free to respond to this email if you don't understand why your files were rejected, or if you upload new files which address our concerns. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
libquicktime_1.2.4-10+deb9u1_amd64.changes ACCEPTED into proposed-updates->stable-new
Mapping stretch to stable. Mapping stable to proposed-updates. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 13 Jul 2017 20:29:10 +0200 Source: libquicktime Binary: libquicktime2 libquicktime-dev libquicktime-doc quicktime-utils quicktime-x11utils Architecture: source amd64 all Version: 2:1.2.4-10+deb9u1 Distribution: stretch Urgency: medium Maintainer: Debian Multimedia MaintainersChanged-By: Moritz Mühlenhoff Description: libquicktime-dev - library for reading and writing Quicktime files (development) libquicktime-doc - library for reading and writing Quicktime files (documentation) libquicktime2 - library for reading and writing Quicktime files quicktime-utils - library for reading and writing Quicktime files (utilities) quicktime-x11utils - library for reading and writing Quicktime files (x11 utilities) Closes: 864664 Changes: libquicktime (2:1.2.4-10+deb9u1) stretch; urgency=medium . * Fix CVE-2017-9122 to CVE-2017-9128, patch from 1.2.4-11 in unstable (Closes: #864664) Checksums-Sha1: 2ab70f7796cae3ae687fa17dc82fa0e16d21f979 2728 libquicktime_1.2.4-10+deb9u1.dsc 7008b2dc27b9b40965bd2df42d39ff4cb8b6305e 1028626 libquicktime_1.2.4.orig.tar.gz 42503cbc3c06637eb36765f10cfedeb7ce7cacac 22460 libquicktime_1.2.4-10+deb9u1.debian.tar.xz 58fde8e3cdb90825d38eabbdc23bb4a7f1985a2e 45772 libquicktime-dev_1.2.4-10+deb9u1_amd64.deb a35c714535cb82508ea8bd477d50f2e50bf60090 131348 libquicktime-doc_1.2.4-10+deb9u1_all.deb 307e870b95ed357521bddc38440c826cbf910a1f 1276530 libquicktime2-dbgsym_1.2.4-10+deb9u1_amd64.deb 10ebb172f06082393225f5f99dc1a6d16d9a8ded 278262 libquicktime2_1.2.4-10+deb9u1_amd64.deb 3cce1978da90fc910b6156aaf6afbcf77dc9d943 16353 libquicktime_1.2.4-10+deb9u1_amd64.buildinfo 375b066f23cd61a6870f56e52690ead7e6cca777 118490 quicktime-utils-dbgsym_1.2.4-10+deb9u1_amd64.deb 5d00f837de3530ce1f4307e823ff8aa65f150626 39852 quicktime-utils_1.2.4-10+deb9u1_amd64.deb 4fea596cc0467bd4f3f0feaaa4eac79b6ac110e4 74624 quicktime-x11utils-dbgsym_1.2.4-10+deb9u1_amd64.deb 30c6a22d780f1ea001349636dc7e956533689217 47430 quicktime-x11utils_1.2.4-10+deb9u1_amd64.deb Checksums-Sha256: a3dec3944521d67be56156c878a168278f5fcf53fbbc1a20e9e65650cf8c3669 2728 libquicktime_1.2.4-10+deb9u1.dsc 1c53359c33b31347b4d7b00d3611463fe5e942cae3ec0fefe0d2fd413fd47368 1028626 libquicktime_1.2.4.orig.tar.gz f4c46021e9d4b525dd393ae3e26006df23888e787a44184c557d382008dac5a3 22460 libquicktime_1.2.4-10+deb9u1.debian.tar.xz d3647293ca5eb01d435a30b4451314b498bb5db68f352986b2616739fc15f874 45772 libquicktime-dev_1.2.4-10+deb9u1_amd64.deb 8cbf992b1dff551b6a6d0638eaf6822625db5c2e3e284ca7ad20d9e51773a48e 131348 libquicktime-doc_1.2.4-10+deb9u1_all.deb 635c087a0575878ea3b89c9ecf8a78614d6eac154e49e555c111b4a95665a5ac 1276530 libquicktime2-dbgsym_1.2.4-10+deb9u1_amd64.deb 248defc04cde8a43964c57f191137dabf08370b3d2f1d32b485593dd77fd84d5 278262 libquicktime2_1.2.4-10+deb9u1_amd64.deb 974b68a4903f36dd410849e3522ce847952ac87bcf2029341ecdbdcbe9240bfc 16353 libquicktime_1.2.4-10+deb9u1_amd64.buildinfo b5e77992827e9856e2d04d9f5bf285ba9fab533e468ee0a57abd8ab4e4687c4b 118490 quicktime-utils-dbgsym_1.2.4-10+deb9u1_amd64.deb 1355c1a228ebe4fa35856a06d7fe8b835e50d0fbc80ab5a831bc7e39712f142d 39852 quicktime-utils_1.2.4-10+deb9u1_amd64.deb 23e816a7c3f786841cfd6ca6aa224e96d704cdce79e09ca9345186b12e6a4f4f 74624 quicktime-x11utils-dbgsym_1.2.4-10+deb9u1_amd64.deb a6bee331d8ab07d2e22922d1ca55d7afb11d702f76be686a3d7c93edc054f3bf 47430 quicktime-x11utils_1.2.4-10+deb9u1_amd64.deb Files: ccfe56e1ca33f9c6004a2523b7819dcb 2728 devel optional libquicktime_1.2.4-10+deb9u1.dsc 81cfcebad9b7ee7e7cfbefc861d6d61b 1028626 devel optional libquicktime_1.2.4.orig.tar.gz 4b3a67d40832e85de0e1d8860f0c445f 22460 devel optional libquicktime_1.2.4-10+deb9u1.debian.tar.xz 005e691cd1295612172278645cfa7534 45772 libdevel optional libquicktime-dev_1.2.4-10+deb9u1_amd64.deb ab143e485d636037be5e2d6208637233 131348 doc optional libquicktime-doc_1.2.4-10+deb9u1_all.deb f479cd967d4b83a93103632346ea3edd 1276530 debug extra libquicktime2-dbgsym_1.2.4-10+deb9u1_amd64.deb ba9c183f6a2d3742da142d83de8a67f4 278262 libs optional libquicktime2_1.2.4-10+deb9u1_amd64.deb 7c46bc73ad32b34d087df63c5b4bbdd2 16353 devel optional libquicktime_1.2.4-10+deb9u1_amd64.buildinfo c5cfc9f01b2ec7f1be33d5487b43d165 118490 debug extra quicktime-utils-dbgsym_1.2.4-10+deb9u1_amd64.deb b70332051971c3c6a9d1cfa2888967c9 39852 utils extra quicktime-utils_1.2.4-10+deb9u1_amd64.deb 74f33f528623eecf12e2960a31623669 74624 debug extra quicktime-x11utils-dbgsym_1.2.4-10+deb9u1_amd64.deb 0d6502a2e6abea0bda82aedd36fd2e00 47430 utils extra quicktime-x11utils_1.2.4-10+deb9u1_amd64.deb -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAllrlugACgkQEMKTtsN8 TjZHLQ/6A0Ci3xPxpafZfdx9pqOAMkIJumr0CuCy2gPkv0eYUNyv+fNzn54bVCPy
Processing of libquicktime_1.2.4-10+deb9u1_amd64.changes
libquicktime_1.2.4-10+deb9u1_amd64.changes uploaded successfully to localhost along with the files: libquicktime_1.2.4-10+deb9u1.dsc libquicktime_1.2.4.orig.tar.gz libquicktime_1.2.4-10+deb9u1.debian.tar.xz libquicktime-dev_1.2.4-10+deb9u1_amd64.deb libquicktime-doc_1.2.4-10+deb9u1_all.deb libquicktime2-dbgsym_1.2.4-10+deb9u1_amd64.deb libquicktime2_1.2.4-10+deb9u1_amd64.deb libquicktime_1.2.4-10+deb9u1_amd64.buildinfo quicktime-utils-dbgsym_1.2.4-10+deb9u1_amd64.deb quicktime-utils_1.2.4-10+deb9u1_amd64.deb quicktime-x11utils-dbgsym_1.2.4-10+deb9u1_amd64.deb quicktime-x11utils_1.2.4-10+deb9u1_amd64.deb Greetings, Your Debian queue daemon (running on host usper.debian.org) ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#867579: marked as done (libopenmpt: CVE-2017-11311)
Your message dated Sun, 16 Jul 2017 12:17:08 + with message-idand subject line Bug#867579: fixed in libopenmpt 0.2.7386~beta20.3-3+deb9u2 has caused the Debian Bug report #867579, regarding libopenmpt: CVE-2017-11311 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 867579: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867579 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libopenmpt Version: 0.2.7386~beta20.3-3 Severity: important Tags: upstream Dear Maintainer, A couple of security-related fixes have been released upstream as version 0.2.7386-beta20.3-p10. See https://lib.openmpt.org/libopenmpt/md_announce-2017-07-07.html . p10 fixes a heap buffer overflow which allows an attacker to write arbitrary data to an arbitrarily choosen offset. It can be triggered with a maliciously modified PSM file. This needs to be fixed ASAP via a security update in Stretch. The bug happens due to 2 samples in a PSM file using the same sample slot in libopenmpt, whereby the second sample uses an invalid offset inside the file. That way, the second sample did not re-allocate (via sampleHeader.GetSampleFormat().ReadSample(Samples[smp], file); deeper down the call chain in SampleIO.cpp:73) the sample buffer itself but only set the sample size metadata (sampleHeader.ConvertToMPT(Samples[smp]);, ultimately at Load_psm.cpp:1054). Later, as a loading post-processing step, Sndfile.cpp:411 calls PrecomputeLoops() which writes a couple of samples before and after the actual sample data (the amount is statically known (InterpolationMaxLookahead) and accounted for when allocating the sample buffer). However, due to the sample buffer and sample length mismatch caused by the bug, this can write extrapolated sample data to an arbitary location offset from the first sample's buffer (PrecomputeLoopsImpl() in modsmp_ctrl.cpp:263). p8 is an out-of-bounds read directly after a heap-allocated allocated buffer. It is difficult to trigger in practice because std::vector does grow its buffer exponentially. p9 fixes another potential race condition due to the use of non thread-safe functions. As discussed previously in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864195#67 , this again can at worst cause wrong data to be returned for date metadata in libopenmpt. However, please note that the same, now rewritten code path, could also trigger an assertion failure in glibc under memory pressure (which probably is a glibc bug, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867283 ), thereby causing the application to crash. -- System Information: Debian Release: 9.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) --- End Message --- --- Begin Message --- Source: libopenmpt Source-Version: 0.2.7386~beta20.3-3+deb9u2 We believe that the bug you reported is fixed in the latest version of libopenmpt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 867...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. James Cowgill (supplier of updated libopenmpt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 15 Jul 2017 18:33:57 +0100 Source: libopenmpt Binary: openmpt123 libopenmpt0 libopenmpt-dev libopenmpt-doc libopenmpt-modplug1 libopenmpt-modplug-dev Architecture: source Version: 0.2.7386~beta20.3-3+deb9u2 Distribution: stretch Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: James Cowgill Description: libopenmpt-dev - module music library based on OpenMPT -- development files libopenmpt-doc - module music library based on OpenMPT -- documentation libopenmpt-modplug-dev - module music library based on OpenMPT -- modplug compat developme libopenmpt-modplug1 - module music
libopenmpt_0.2.7386~beta20.3-3+deb9u2_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 15 Jul 2017 18:33:57 +0100 Source: libopenmpt Binary: openmpt123 libopenmpt0 libopenmpt-dev libopenmpt-doc libopenmpt-modplug1 libopenmpt-modplug-dev Architecture: source Version: 0.2.7386~beta20.3-3+deb9u2 Distribution: stretch Urgency: medium Maintainer: Debian Multimedia MaintainersChanged-By: James Cowgill Description: libopenmpt-dev - module music library based on OpenMPT -- development files libopenmpt-doc - module music library based on OpenMPT -- documentation libopenmpt-modplug-dev - module music library based on OpenMPT -- modplug compat developme libopenmpt-modplug1 - module music library based on OpenMPT -- modplug compat library libopenmpt0 - module music library based on OpenMPT -- shared library openmpt123 - module music library based on OpenMPT -- music player Closes: 867579 Changes: libopenmpt (0.2.7386~beta20.3-3+deb9u2) stretch; urgency=medium . * Add security patches (Closes: #867579). - up8: Out-of-bounds read while loading a malfomed PLM file. - up10: CVE-2017-11311: Arbitrary code execution by a crafted PSM file. Checksums-Sha1: 1ae2a6b831007c4ad1b3797766ebf491c66e5497 2721 libopenmpt_0.2.7386~beta20.3-3+deb9u2.dsc 702ac4b948eac1893ee42bdea4adf846ce759581 15224 libopenmpt_0.2.7386~beta20.3-3+deb9u2.debian.tar.xz b72d2c7f60ab2006aeb2caf27ed8b3bbc3d8eae2 7824 libopenmpt_0.2.7386~beta20.3-3+deb9u2_source.buildinfo Checksums-Sha256: 093256d212de75fc608b1ab83d83b3a2cf2e5fb169a4f2318db4cf69176c09c3 2721 libopenmpt_0.2.7386~beta20.3-3+deb9u2.dsc 34baba5847acaef01b3c25143e3bf3a4f4e83aa6a2ad4cd4f34faadef94af58c 15224 libopenmpt_0.2.7386~beta20.3-3+deb9u2.debian.tar.xz a8843454132e3781a2b55d1a8c1770d3ad06095c5e4087f49de5893c911a1f6b 7824 libopenmpt_0.2.7386~beta20.3-3+deb9u2_source.buildinfo Files: 9580b25a4c0657809baabe826aa9bab5 2721 libs optional libopenmpt_0.2.7386~beta20.3-3+deb9u2.dsc b0d3445c04833100e9f706e434d467eb 15224 libs optional libopenmpt_0.2.7386~beta20.3-3+deb9u2.debian.tar.xz a79b0a456f73330b58e773716bcf3e3d 7824 libs optional libopenmpt_0.2.7386~beta20.3-3+deb9u2_source.buildinfo -BEGIN PGP SIGNATURE- iQJIBAEBCgAyFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAllqjxsUHGpjb3dnaWxs QGRlYmlhbi5vcmcACgkQx/FnbeotAe/K4Q/+MVg4kbtTfst5F2esc1gtGbGr0iGW VwpYhXK1y4IoWHtDZFStT3nMyH+8v7YeD2yg4B16ShhHnuyZtLzR7qORvMvM1Rxd pFlEMpo6/t4zDEewbmjuaNUjfF7pxeU0+33H8apPO1GJeT1o16P8qFBI54Wj0T5i Zp0541uP4ZczxdDEyBpUsAgAw9Sth6rSYDDC0qAu8mdYvmbQ8CxJ4Mz4PqqUt4Eg QqxVST8P73Zqbo1XzHR/pIZ38K7tdHY29WDbxUXg/LsPcIgUbRYvZOCTjry3JSta dM+NFvNIMHejTokFnGD7hii/tpDy9iZt5LAFBj/wN19WeIpRIvfZ2hSvAGts74aD R+JM4Z2MTaHYvpXzh96Y0UpxAfW7QbHrBVi5xI9ebl+Q6r2ZzNJK0zzFtbIQgy+s 0jdc/knAr//I1UKRzdUiqGJ46tptCKFTTM91yzD6V2MyP+b8f8I1uBksIoNbUums 5vezAbIxFi7gwm3h1Fv1X/GVsUHyxCr6SJEBlBdr5g2etaahGrt42aDqi/crYCed NSBqYyfaMRgBpuUu5JmiF4fnSDqt1f7/Zlm/eCa4tt/Urqx85+BLUqB+rHmZtuGj 7a3t7BGViF108xLmY2KaTDewqcLgoFdIXbnbkxN0ntqXBBeeK5U6zYgMtm2QRr07 KzHTyRv3Q1N5OcA= =TZXL -END PGP SIGNATURE- Thank you for your contribution to Debian. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers