Bug#776086: marked as done (CVE-2014-9638 CVE-2014-9639)

Debian Bug Tracking System Fri, 23 Sep 2016 23:21:21 -0700

Your message dated Sat, 24 Sep 2016 07:55:14 +0200
with message-id <[email protected]>
and subject line Bug fixed in Jessie
has caused the Debian Bug report #776086,
regarding CVE-2014-9638 CVE-2014-9639
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
776086: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776086
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Source: vorbis-tools
Version: 1.4.0-1
Severity: important
Tags: security upstream

Hi,

the following vulnerabilities were published for vorbis-tools.

CVE-2014-9638[0]:
Oggenc division by zero issue

CVE-2014-9639[1]:
Oggenc channel integer overflow

CVE-2014-9640[2]:
segfault when trying to encode trivial raw input

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2014-9638
    https://trac.xiph.org/ticket/2137
[1] https://security-tracker.debian.org/tracker/CVE-2014-9639
    https://trac.xiph.org/ticket/2136
[2] https://security-tracker.debian.org/tracker/CVE-2014-9640
    https://trac.xiph.org/ticket/2009

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Version: 1.4.0-6+deb8u1

This issue was fixed in Jessue with this upload:

 vorbis-tools (1.4.0-6+deb8u1) jessie; urgency=low
 .
   [ Petter Reinholdtsen ]
   * Add gbp.conf file documenting git branch to use for updates to Jessie.
   * oggenc: Fix large alloca on bad AIFF input to oggenc (CVE-2015-6749).
     (Closes: 797461)
   * oggenc: Validate count of channels in the header (CVE-2014-9638,
CVE-2014-9639).
     (Closes: 776086)
 .
   [ Martin Steghöfer ]
   * Fix segmentation fault in vcut (Closes: #818037)

No idea why the BTS have not noticed yet, but I close the bugs manually
to have the fact properly recorded.

-- 
Happy hacking
Petter Reinholdtsen

--- End Message ---

Bug#776086: marked as done (CVE-2014-9638 CVE-2014-9639)

Reply via email to