Your message dated Thu, 20 Jun 2019 14:38:57 +0000
with message-id <[email protected]>
and subject line Bug#930186: fixed in aubio 0.4.9-1
has caused the Debian Bug report #930186,
regarding aubio: CVE-2018-19800 CVE-2018-19801 CVE-2018-19802
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
930186: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930186
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: aubio
Version: 0.4.6-2
Severity: important
Tags: security upstream
Control: found -1 0.4.3-4
Hi,
The following vulnerabilities were published for aubio.
CVE-2018-19800[0]:
| aubio v0.4.0 to v0.4.8 has a Buffer Overflow (issue 1 of 3).
CVE-2018-19801[1]:
| aubio v0.4.0 to v0.4.8 has a NULL pointer dereference (issue 1 of 6).
CVE-2018-19802[2]:
| aubio v0.4.0 to v0.4.8 has a Buffer Overflow (issue 2 of 3).
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-19800
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19800
[1] https://security-tracker.debian.org/tracker/CVE-2018-19801
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19801
[2] https://security-tracker.debian.org/tracker/CVE-2018-19802
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19802
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: aubio
Source-Version: 0.4.9-1
We believe that the bug you reported is fixed in the latest version of
aubio, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Paul Brossier <[email protected]> (supplier of updated aubio package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 20 Jun 2019 12:01:41 +0200
Source: aubio
Binary: libaubio-dev libaubio5 aubio-tools libaubio-doc python-aubio
python3-aubio
Architecture: source
Version: 0.4.9-1
Distribution: unstable
Urgency: medium
Maintainer: Paul Brossier <[email protected]>
Changed-By: Paul Brossier <[email protected]>
Description:
aubio-tools - library for audio segmentation -- utilities
libaubio-dev - library for audio and music analysis, synthesis, and effects
libaubio-doc - library for audio segmentation -- documentation
libaubio5 - library for audio segmentation
python-aubio - Python interface for aubio, a library for audio segmentation
python3-aubio - Python 3 interface for aubio, a library for audio segmentation
Closes: 480018 930186
Changes:
aubio (0.4.9-1) unstable; urgency=medium
.
* New upstream version 0.4.9 (closes: #480018, #930186)
* Fixes security issues (CVE-2018-19800, CVE-2018-19801, CVE-2018-19802)
* debian/tests/control: also install built binaries
* debian/patches: remove patches integrated upstream
* debian/control: bump to S-V 4.3.0
* debian/control, debian/tests: switch b-d from nose2 to pytest
* debian/rules: switch to pytest, update clean target
* debian/patches/fixtypos.patch: fix typos
* debian/patches/series: remove patches integrated upstream
* debian/libaubio-doc.dob-base: move documentation to api folder
* debian/libaubio5.symbols: add new symbols since 0.4.8, remove unused
symbols previously exported, add Build-Depends-Package field
* debian/upstream/signing-key.asc: minimize key export
Checksums-Sha1:
563d9ad00ecb1e80faed3b39eaac9456ed5b3068 2937 aubio_0.4.9-1.dsc
ab9c4f853e74dd7774d6325da9c9840e6d50a6d6 397604 aubio_0.4.9.orig.tar.bz2
51d956854bada1bbe64a874d3f7e51a617e3d79e 963 aubio_0.4.9.orig.tar.bz2.asc
8b7dd66f5a451f17d2d5e81a803b96769f237ea5 16116 aubio_0.4.9-1.debian.tar.xz
f5b0873b9975e24e7bcfc3d3b08819603aae7980 10936 aubio_0.4.9-1_source.buildinfo
Checksums-Sha256:
4b62896e4cd43b378f0280ced73af45762695f15076fb83dddb4d414d71dda1e 2937
aubio_0.4.9-1.dsc
d48282ae4dab83b3dc94c16cf011bcb63835c1c02b515490e1883049c3d1f3da 397604
aubio_0.4.9.orig.tar.bz2
72586926badf3c90945f25a54b3a0d68feddbcadc984ba2a92218f27c075ccb3 963
aubio_0.4.9.orig.tar.bz2.asc
5fb59a0538ae1a37a1c0c57052d1642ebfde9ea9bb7f848e37b13cc5227e84e8 16116
aubio_0.4.9-1.debian.tar.xz
18076d70d3fb3455f9a1c2a9eacf7955ee6aa005e88c6a7648d70afd564014e8 10936
aubio_0.4.9-1_source.buildinfo
Files:
600001b9b63c30b8d10deaa7ba8a4b6a 2937 sound optional aubio_0.4.9-1.dsc
50c9c63b15a2692378af5d602892f16a 397604 sound optional aubio_0.4.9.orig.tar.bz2
9acb62478eb5167c10c0b80bc71171e0 963 sound optional
aubio_0.4.9.orig.tar.bz2.asc
6b31f808d51e6025d22f0dec16c8ee57 16116 sound optional
aubio_0.4.9-1.debian.tar.xz
14e34abbe35729425b8d7f5dcb2ff4e0 10936 sound optional
aubio_0.4.9-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEuIpQctSRWuz4GiQ0akmxlyir3ZIFAl0Lj9JfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEI4
OEE1MDcyRDQ5MTVBRUNGODFBMjQzNDZBNDlCMTk3MjhBQkREOTIACgkQakmxlyir
3ZJ0Dg/+LbpWoUrlF9troz+82xdgG3830JAHsc7ZOqymzwb2Fm/L3L6chRn3tdAU
MImgo3WHi/0igJHNilhXXJ1K6MDB+XKUx/KEOFN5Ua/ZRYH1CkwWB2EQrBII9K8W
0oLyXZtbysxwOYxgJE/31otxE8jaBga70HP9joVyY6GUWx2vkJUcAnUDhFJ95u68
iUmwQTt6/xd2a3rglfo7wEdYYFTi4iGqKmXs0aqA5y7600G1X5QORr7RMMI0lWuQ
JVFyux03nS9qR6gqdEnzaBprxDY7JiNk1FlQZhEBm0T2CT6iDzjQ9qCXAZziTgEj
02FS781OsemhUS3qiuAZAg4N/JLFjt1RvZDrvItgS3e1d4en4YbCpX3nKk9J2BFy
lyYMponUDEBLlblfWq8ExK1v73uZv6zfH2VGfnPCjqWltFREwSLedj+zBfS+MyoG
TM+GngMo+HMoABo1mhj05t4SO9Cz7+8BRZfKSkj33pcBlWCKBO6ClhjlTx5CQFxE
RJiPhwZ0yYx7GYCkYeLPnpr38/K+Rcnqra6ON6vYfRhuXk7iYtJZkMzFH5MjUzsi
qs/Tt4iy1VBxje2MtJrM71wu+dY3iHlC1Bv0shIN1ABakbrKJLqWZv0jOnfkGz2i
KqcX09algwaosTnhkbmx9ctRmLuWOvWprCdvHuJgv9G+zXBoSRQ=
=Cn4v
-----END PGP SIGNATURE-----
--- End Message ---
