Your message dated Mon, 05 Feb 2007 23:32:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#409296: fixed in mpg123 0.61-5
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: mpg123
Version: 0.61-4
Severity: important
Tags: security
It is possible mpg123 is affected by this vulnerability.
"The http_open function in httpget.c in mpg123 before 0.64 allows remote
attackers to cause a denial of service (infinite loop) by closing the
HTTP connection early."
http://www.mpg123.de/cgi-bin/news.cgi
Version 0.64 was released to solve this problem.
--
Kees Cook @outflux.net
--- End Message ---
--- Begin Message ---
Source: mpg123
Source-Version: 0.61-5
We believe that the bug you reported is fixed in the latest version of
mpg123, which is due to be installed in the Debian FTP archive:
mpg123-alsa_0.61-5_i386.deb
to pool/main/m/mpg123/mpg123-alsa_0.61-5_i386.deb
mpg123-esd_0.61-5_i386.deb
to pool/main/m/mpg123/mpg123-esd_0.61-5_i386.deb
mpg123-nas_0.61-5_i386.deb
to pool/main/m/mpg123/mpg123-nas_0.61-5_i386.deb
mpg123-oss-3dnow_0.61-5_i386.deb
to pool/main/m/mpg123/mpg123-oss-3dnow_0.61-5_i386.deb
mpg123-oss-i486_0.61-5_i386.deb
to pool/main/m/mpg123/mpg123-oss-i486_0.61-5_i386.deb
mpg123_0.61-5.diff.gz
to pool/main/m/mpg123/mpg123_0.61-5.diff.gz
mpg123_0.61-5.dsc
to pool/main/m/mpg123/mpg123_0.61-5.dsc
mpg123_0.61-5_i386.deb
to pool/main/m/mpg123/mpg123_0.61-5_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Kobras <[EMAIL PROTECTED]> (supplier of updated mpg123 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 5 Feb 2007 23:18:31 +0100
Source: mpg123
Binary: mpg123-esd mpg123-oss-3dnow mpg123-nas mpg123-oss-i486 mpg123-alsa
mpg123
Architecture: source i386
Version: 0.61-5
Distribution: unstable
Urgency: high
Maintainer: Daniel Kobras <[EMAIL PROTECTED]>
Changed-By: Daniel Kobras <[EMAIL PROTECTED]>
Description:
mpg123 - MPEG layer 1/2/3 audio player
mpg123-alsa - MPEG layer 1/2/3 audio player with ALSA support
mpg123-esd - MPEG layer 1/2/3 audio player with Esound support
mpg123-nas - MPEG layer 1/2/3 audio player with NAS support
mpg123-oss-3dnow - MPEG layer 1/2/3 audio player for 3DNow! machines - dummy
package
mpg123-oss-i486 - MPEG layer 1/2/3 audio player for i486 machines
Closes: 409296
Changes:
mpg123 (0.61-5) unstable; urgency=high
.
* src/httpget.c: Fix potential denial of service attack on premature
end-of-file from HTTP server (CVE-2007-0578). Patch taken from upstream's
0.64 release. Closes: #409296
Files:
e3db0e6254ca33aebbb7c891ad18878c 734 sound optional mpg123_0.61-5.dsc
d477d90c567051827daa00a4df05fe69 12809 sound optional mpg123_0.61-5.diff.gz
9d9b0baf85edce6b7a6b022482ed34c4 140096 sound optional mpg123_0.61-5_i386.deb
14de2ddf2c282ffc805f0b47f9c34302 139622 sound optional
mpg123-esd_0.61-5_i386.deb
c77f4ce34059c18cfb833a356660525c 141750 sound optional
mpg123-nas_0.61-5_i386.deb
162d48df02a8a9a883114a829f53cfd9 140936 sound optional
mpg123-oss-i486_0.61-5_i386.deb
776e248f28ad796203be27880aad7005 141554 sound optional
mpg123-alsa_0.61-5_i386.deb
1178c627f0a42db7c48c329dbc2f7626 38188 sound optional
mpg123-oss-3dnow_0.61-5_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
iD8DBQFFx7p8pOKIA4m/fisRAlssAJ0YtvHBGhV3Rnl6YRkYwkjUjVEFQgCgxZnJ
qKdTIJ4WkMq6egJ967x6CJo=
=4J6U
-----END PGP SIGNATURE-----
--- End Message ---
