Processed: Re: Bug#870809: lame: CVE-2017-11720: duplicate, already fixed in all versions
Processing control commands: > notfound -1 3.99.5+repack1-7 Bug #870809 [src:lame] lame: CVE-2017-11720 No longer marked as found in versions lame/3.99.5+repack1-7. > found -1 3.99.5+repack1-3 Bug #870809 [src:lame] lame: CVE-2017-11720 Marked as found in versions lame/3.99.5+repack1-3. > fixed -1 3.99.5+repack1-3+deb7u1 Bug #870809 [src:lame] lame: CVE-2017-11720 Marked as fixed in versions lame/3.99.5+repack1-3+deb7u1. > fixed -1 3.99.5+repack1-6 Bug #870809 [src:lame] lame: CVE-2017-11720 Marked as fixed in versions lame/3.99.5+repack1-6. -- 870809: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870809 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#870809: lame: CVE-2017-11720: duplicate, already fixed in all versions
Control: notfound -1 3.99.5+repack1-7 Control: found -1 3.99.5+repack1-3 Control: fixed -1 3.99.5+repack1-3+deb7u1 Control: fixed -1 3.99.5+repack1-6 Hi On Tue, Aug 08, 2017 at 03:53:35PM -0400, Hugo Lefeuvre wrote: > Hi, > > This bug is a duplicate of #777159, which is already fixed in all debian > versions of lame. In meanwhile the reporter indeed has provided the password for the report_poc.zip in public (was unfortunately not the case until 2 days ago ...), so that could be verified and you are correct. Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#870809: lame: CVE-2017-11720: duplicate, already fixed in all versions
Hi, This bug is a duplicate of #777159, which is already fixed in all debian versions of lame. Regards, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E signature.asc Description: PGP signature ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#870809: lame: CVE-2017-11720
Source: lame Version: 3.99.5+repack1-7 Severity: important Tags: security upstream Forwarded: https://sourceforge.net/p/lame/bugs/460/ Hi, the following vulnerability was published for lame. CVE-2017-11720[0]: | There is a division-by-zero vulnerability in LAME 3.99.5, caused by a | malformed input file. This should be/is almost surely a the same as reported in [2]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-11720 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11720 [1] https://sourceforge.net/p/lame/bugs/460/ [2] https://blogs.gentoo.org/ago/2017/06/17/lame-divide-by-zero-in-parse_wave_header-get_audio-c/ Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers