Your message dated Tue, 25 May 2010 02:07:46 +0000
with message-id <[email protected]>
and subject line Bug#572950: fixed in libtheora 1.0~beta3-1+lenny1
has caused the Debian Bug report #572950,
regarding libtheora: multiple vulnerabilities in lenny
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
572950: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572950
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
package: libtheora
version: 1.0~beta3-1
severity: serious
tags: security
Hi,
I have prepared a lenny package for the theora issues that are
were recently addressed in xulrunner. Note that two of them never got a
CVE (one should probably be requested), but have been fixed ever since
the first release of firefox 3.5. The package is at
http://alioth.debian.org/~gilbert-guest/libtheora and the debdiff is
attached.
These issues are already fixed in unstable. Please coordinate with the
security team to release a DSA for lenny.
Thanks,
Mike
libtheora-lenny.debdiff
Description: Binary data
--- End Message ---
--- Begin Message ---
Source: libtheora
Source-Version: 1.0~beta3-1+lenny1
We believe that the bug you reported is fixed in the latest version of
libtheora, which is due to be installed in the Debian FTP archive:
libtheora-bin_1.0~beta3-1+lenny1_i386.deb
to main/libt/libtheora/libtheora-bin_1.0~beta3-1+lenny1_i386.deb
libtheora-dev_1.0~beta3-1+lenny1_i386.deb
to main/libt/libtheora/libtheora-dev_1.0~beta3-1+lenny1_i386.deb
libtheora0_1.0~beta3-1+lenny1_i386.deb
to main/libt/libtheora/libtheora0_1.0~beta3-1+lenny1_i386.deb
libtheora_1.0~beta3-1+lenny1.diff.gz
to main/libt/libtheora/libtheora_1.0~beta3-1+lenny1.diff.gz
libtheora_1.0~beta3-1+lenny1.dsc
to main/libt/libtheora/libtheora_1.0~beta3-1+lenny1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Gilbert <[email protected]> (supplier of updated libtheora
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 16 Jan 2010 14:53:59 -0500
Source: libtheora
Binary: libtheora0 libtheora-dev libtheora-bin
Architecture: source i386
Version: 1.0~beta3-1+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Debian Xiph.org Maintainers <[email protected]>
Changed-By: Michael Gilbert <[email protected]>
Description:
libtheora-bin - The Theora Video Compression Codec (example encoder, decoder)
libtheora-dev - The Theora Video Compression Codec (development files)
libtheora0 - The Theora Video Compression Codec
Closes: 572950
Changes:
libtheora (1.0~beta3-1+lenny1) stable-security; urgency=high
.
* Non-maintainer upload by the security team (Closes: #572950).
* Fixes potential arbitrary code execution vulnerability: CVE-2009-3389.
* Fixes two other potential vulnerabilities as applied to xulrunner
since version 1.9.1.
Checksums-Sha1:
de2c4ea51078af9471e43162e9c3e99821770d35 1419 libtheora_1.0~beta3-1+lenny1.dsc
02c7bc20eb41ee6c33ad9909a31c206e46249ed5 1891923
libtheora_1.0~beta3.orig.tar.gz
33dc42908345b6ea4e1fc51f3c389ab129d82097 9211
libtheora_1.0~beta3-1+lenny1.diff.gz
9c8b6b75783489b04fe15b83c07f966d96497107 275724
libtheora0_1.0~beta3-1+lenny1_i386.deb
85dec5d5e22541febdaca9939a1cc7bffcc0ca9f 335386
libtheora-dev_1.0~beta3-1+lenny1_i386.deb
4c8c4b9d6d4ce92145888b4032476cfa5a510a5e 41506
libtheora-bin_1.0~beta3-1+lenny1_i386.deb
Checksums-Sha256:
f06dc5539856f039465edd4281f6440b2e8c81280d151ea8a45cde3fa947fe61 1419
libtheora_1.0~beta3-1+lenny1.dsc
20d41310c7547634c2b38f37b332c8ccce58df7c5c2e673164f8d136960b184f 1891923
libtheora_1.0~beta3.orig.tar.gz
85112d383f3310a107ec6ad33ea600477639dd1fb32bcd86dcbefff22f3b6a74 9211
libtheora_1.0~beta3-1+lenny1.diff.gz
927a5425a1df33f57674655dc5d639a4be1857358f4999a2c2ff2ac90f6d1c29 275724
libtheora0_1.0~beta3-1+lenny1_i386.deb
164d30857d0411c8baee8899158348d76862d506f8b5d8bfbabd775cc764a9b3 335386
libtheora-dev_1.0~beta3-1+lenny1_i386.deb
b6c5a5b788b6ed7c09ffed06d5eee29f3f509bb6e3d72051fd6fcfa58736ef4a 41506
libtheora-bin_1.0~beta3-1+lenny1_i386.deb
Files:
0495edbda8fc19ba77366666b52b3f96 1419 libs optional
libtheora_1.0~beta3-1+lenny1.dsc
8bdc4b8586b78ddd19afd7eec90dbaf0 1891923 libs optional
libtheora_1.0~beta3.orig.tar.gz
4adde5563c493eb45e1db52ceda77873 9211 libs optional
libtheora_1.0~beta3-1+lenny1.diff.gz
2559a2649e90a42a727ea69d4198370f 275724 libs optional
libtheora0_1.0~beta3-1+lenny1_i386.deb
05fe606ecc411f6b3fe37423d74c8623 335386 libdevel optional
libtheora-dev_1.0~beta3-1+lenny1_i386.deb
8911aa359d16fc2a2680995100e85a7d 41506 utils optional
libtheora-bin_1.0~beta3-1+lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvhWPYACgkQiZgNKcDdyD+CwgCgjIhwkL/4Q8N2mj89IdbCQCOA
KWcAnjyux5ouf4MxxGgM6XXAbuADtCVS
=HHZR
-----END PGP SIGNATURE-----
--- End Message ---
