Your message dated Mon, 30 Nov 2015 13:19:52 +0000
with message-id <[email protected]>
and subject line Bug#804447: fixed in libsndfile 1.0.21-3+squeeze2
has caused the Debian Bug report #804447,
regarding libsndfile: CVE-2014-9756: division by zero leading to denial of
service in psf_fwrite()
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
804447: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804447
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libsndfile
Version: 1.0.25-5
Severity: normal
Tags: security upstream
Forwarded: https://github.com/erikd/libsndfile/issues/92
Hi,
the following vulnerability was published for libsndfile.
CVE-2014-9756[0]:
division by zero leading to denial of service in psf_fwrite()
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-9756
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1177254
[2]
https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6
[3] https://github.com/erikd/libsndfile/issues/92
[4] https://bugzilla.novell.com/show_bug.cgi?id=953521
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libsndfile
Source-Version: 1.0.21-3+squeeze2
We believe that the bug you reported is fixed in the latest version of
libsndfile, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thorsten Alteholz <[email protected]> (supplier of updated libsndfile package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 30 Sep 2015 11:03:02 +0100
Source: libsndfile
Binary: libsndfile1-dev libsndfile1 sndfile-programs
Architecture: source i386
Version: 1.0.21-3+squeeze2
Distribution: squeeze-lts
Urgency: high
Maintainer: Erik de Castro Lopo <[email protected]>
Changed-By: Thorsten Alteholz <[email protected]>
Description:
libsndfile1 - Library for reading/writing audio files
libsndfile1-dev - Development files for libsndfile; a library for
reading/writing a
sndfile-programs - Sample programs that use libsndfile
Closes: 774162 804445 804447
Changes:
libsndfile (1.0.21-3+squeeze2) squeeze-lts; urgency=high
.
* Non-maintainer upload by the Squeeze LTS Team.
* debian/patches :
- Add 102_sd2_buffer_read_overflow.diff (CVE-2014-9496, closes: #774162).
- Add 103_file_io_divide_by_zero.diff (CVE-2014-9756, closes: #804447).
- Add 104_fix_aiff_heap_overflow.diff (CVE-2015-7805, closes: #804445).
Checksums-Sha1:
4ee7de4aa13d8b743395a52f3b78e60e9056afeb 2056 libsndfile_1.0.21-3+squeeze2.dsc
136845a8bb5679e033f8f53fb98ddeb5ee8f1d97 1014722 libsndfile_1.0.21.orig.tar.gz
6ca902f8c6e3069e111f18078f60fed40fb392bf 12160
libsndfile_1.0.21-3+squeeze2.debian.tar.gz
9440b09c7473fba04e8c9f16a8f73a3b7954c94a 366168
libsndfile1-dev_1.0.21-3+squeeze2_i386.deb
f49f3da8ff65662ab5f8b9ee3fafa8a402b3d9f8 237374
libsndfile1_1.0.21-3+squeeze2_i386.deb
c0716d0b52fa4388b32b5b0bdfcebcfc0e8b8658 107182
sndfile-programs_1.0.21-3+squeeze2_i386.deb
Checksums-Sha256:
adc5b0b11d5c4c8c2954bbc579a07f13a409486c005f15a710360173affa283f 2056
libsndfile_1.0.21-3+squeeze2.dsc
7e9083a2551ff347276d82cdb61f2b4f9cd137c0b76433800e991583ded8ea67 1014722
libsndfile_1.0.21.orig.tar.gz
d2dc253b243ee12e0e3701e3b0e0880e5793ea4691fc30825a1afea4b4a9fec3 12160
libsndfile_1.0.21-3+squeeze2.debian.tar.gz
3cd3fcecdc9e7821ba98a897f5ee7fabc8e2d3e1e176533a1de3bc39d2271b27 366168
libsndfile1-dev_1.0.21-3+squeeze2_i386.deb
f325c5aaaaa45d03eea89694a4660d02c26eeb2a603dd2701cb697881ec54a99 237374
libsndfile1_1.0.21-3+squeeze2_i386.deb
c4543c03a3f281c7b2495ec43e69f4286950acda02456f5d6847b5f124ef0f42 107182
sndfile-programs_1.0.21-3+squeeze2_i386.deb
Files:
4b8528f7f287428c7ae5c79f5380f900 2056 devel optional
libsndfile_1.0.21-3+squeeze2.dsc
880a40ec636ab2185b97f8927299b292 1014722 devel optional
libsndfile_1.0.21.orig.tar.gz
0320ecab5d382b40a8bbe732530f2319 12160 devel optional
libsndfile_1.0.21-3+squeeze2.debian.tar.gz
92059eb05e48c84c09ca77f71523dc99 366168 libdevel optional
libsndfile1-dev_1.0.21-3+squeeze2_i386.deb
5136622747052c47cf0a1281d335d07c 237374 libs optional
libsndfile1_1.0.21-3+squeeze2_i386.deb
9782e906da5fd503a5ee05f8c57a6d15 107182 utils optional
sndfile-programs_1.0.21-3+squeeze2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJWXEnjXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHVjoQAIxBB8wINi9qatc9muO5+p9k
Q4IqZQDZ/mkVuvUrfyQhmWvUwFr0N6sGg0TiYrULygANi56tR/NDIkamQ0hahqKw
ewn5Qvq9UheDV0kq5mJT+b0XcideptG6WdeQv/6wPZ/1Cwp95nydyQFnvldn38T6
nIPzERM3m8oaxxz/jkhWy282GRrCUOtXn19+/1il/dimxe64Plv4mRD5VFZ7nPF9
CX35AtEFz2mczxqMr0CRlUg0MK1cXHXzb4KRKiCLtomwKDdkaNw/+2qPb5NblU+b
LCY+huBpWIwVFihpRt8VxFpkQR4Ib15ckX71Ecq08LPi5sygCvzoqdo3/oSl/wVi
CX7PGg55mWgSH95rKkAYDZAteTo5IknR93fJ0XLT4709wMmSTj9xDpbNRmMq1iOY
1WJTQpWdYQJrYjdSZMZ+2ZS3nJ2buSCJi53IZDqRUeIsrqImlCIsCZMale2es8jI
dao/eLVsm2RIX9+3ZOW/h4MmopN6dYRR4JtJfpqgHtO//hE7js9KyCuNCQC0ZXEF
dVg5ZEGykp9cQOkIxsxHdo0a3sCRh41R+2souYiA1NXzZxkCudlUe2Be2JDV+P0b
Z8Pwe4bshEgBUVRbYeYyJXBVrzCqO859GbfpVOYNEclyC7KsYQls0OXNS6LOtzSB
TgVJJ0Dx9ZxYuh3wyuwW
=olp3
-----END PGP SIGNATURE-----
--- End Message ---
