Your message dated Sat, 10 Nov 2018 10:42:56 +0000 with message-id <1541846576.3542.38.ca...@adam-barratt.org.uk> and subject line Closing bugs for updates included in 9.6 has caused the Debian Bug report #895537, regarding stretch-pu: package libopenmpt/0.2.7386~beta20.3-3+deb9u3 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 895537: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895537 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: release.debian.org User: release.debian....@packages.debian.org Usertags: pu Tags: stretch Severity: normal Hi, This fixes CVE-2018-10017 which is a security bug tagged as "no-DSA" by the security team. The fix is quite simple and looks correct to me. I've done some testing to make sure things still work after this update. Thanks, James -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.15.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enableddiff -Nru libopenmpt-0.2.7386~beta20.3/debian/changelog libopenmpt-0.2.7386~beta20.3/debian/changelog --- libopenmpt-0.2.7386~beta20.3/debian/changelog 2017-07-15 18:33:57.000000000 +0100 +++ libopenmpt-0.2.7386~beta20.3/debian/changelog 2018-04-12 10:14:53.000000000 +0100 @@ -1,3 +1,10 @@ +libopenmpt (0.2.7386~beta20.3-3+deb9u3) stretch; urgency=medium + + * Add patch to fix CVE-2018-10017 (Closes: #895406). + - up11: Out-of-bounds read loading IT / MO3 files with many pattern loops. + + -- James Cowgill <jcowg...@debian.org> Thu, 12 Apr 2018 10:14:53 +0100 + libopenmpt (0.2.7386~beta20.3-3+deb9u2) stretch; urgency=medium * Add security patches (Closes: #867579). diff -Nru libopenmpt-0.2.7386~beta20.3/debian/patches/series libopenmpt-0.2.7386~beta20.3/debian/patches/series --- libopenmpt-0.2.7386~beta20.3/debian/patches/series 2017-07-15 16:49:37.000000000 +0100 +++ libopenmpt-0.2.7386~beta20.3/debian/patches/series 2018-04-12 10:13:10.000000000 +0100 @@ -6,3 +6,4 @@ up6-invalid-memory-read-when-applying-nnas-to-effect-plugins.patch up8-out-of-bounds-read-plm.patch up10-heap-buffer-overflow-in-sample-loading-from-malformed-files-psm.patch +up11-out-of-bounds-read-it-itp-mo3.patch diff -Nru libopenmpt-0.2.7386~beta20.3/debian/patches/up11-out-of-bounds-read-it-itp-mo3.patch libopenmpt-0.2.7386~beta20.3/debian/patches/up11-out-of-bounds-read-it-itp-mo3.patch --- libopenmpt-0.2.7386~beta20.3/debian/patches/up11-out-of-bounds-read-it-itp-mo3.patch 1970-01-01 01:00:00.000000000 +0100 +++ libopenmpt-0.2.7386~beta20.3/debian/patches/up11-out-of-bounds-read-it-itp-mo3.patch 2018-04-12 10:14:53.000000000 +0100 @@ -0,0 +1,20 @@ +Description: Fix CVE-2018-10017 + See https://lib.openmpt.org/libopenmpt/2018/04/08/security-updates-0.3.8-0.2-beta31-0.2.7561-beta20.5-p8-0.2.7386-beta20.3-p11/ + Fix possible out-of-bounds memory read with IT and MO3 files containing many + nested pattern loops. +Origin: upstream, https://source.openmpt.org/browse/openmpt?op=revision&rev=10042 +Bug-Debian: https://bugs.debian.org/895406 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/soundlib/Snd_fx.cpp ++++ b/soundlib/Snd_fx.cpp +@@ -1042,7 +1042,8 @@ std::vector<GetLengthType> CSoundFile::G + if(GetType() == MOD_TYPE_IT) + { + // IT pattern loop start row update - at the end of a pattern loop, set pattern loop start to next row (for upcoming pattern loops with missing SB0) +- for(CHANNELINDEX nChn = 0; nChn < GetNumChannels(); nChn++) ++ pChn = memory.state.Chn; ++ for(CHANNELINDEX nChn = 0; nChn < GetNumChannels(); nChn++, pChn++) + { + if((pChn->rowCommand.command == CMD_S3MCMDEX && pChn->rowCommand.param >= 0xB1 && pChn->rowCommand.param <= 0xBF)) + {signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---Version: 9.6 Hi, The update referenced by each of these bugs was included in this morning's stretch point release. Regards, Adam
--- End Message ---