Your message dated Wed, 10 Oct 2007 22:02:03 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#446034: fixed in alsaplayer 0.99.80~rc4-1 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: alsaplayer Severity: grave Tags: security Hi, The following was released on: http://secunia.com/advisories/27117/ | Some vulnerabilities have been reported in AlsaPlayer, which potentially can be | exploited by malicious people to compromise a user's system. | | The vulnerabilities are caused due to boundary errors in the vorbis input | plug-in when processing .OGG files. These can be exploited to cause buffer | overflows via a specially crafted .OGG file with overly long comments. | | Successful exploitation may allow execution of arbitrary code. Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.pgp0x3P4pY430.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: alsaplayer Source-Version: 0.99.80~rc4-1 We believe that the bug you reported is fixed in the latest version of alsaplayer, which is due to be installed in the Debian FTP archive: alsaplayer-alsa_0.99.80~rc4-1_i386.deb to pool/main/a/alsaplayer/alsaplayer-alsa_0.99.80~rc4-1_i386.deb alsaplayer-common_0.99.80~rc4-1_i386.deb to pool/main/a/alsaplayer/alsaplayer-common_0.99.80~rc4-1_i386.deb alsaplayer-daemon_0.99.80~rc4-1_i386.deb to pool/main/a/alsaplayer/alsaplayer-daemon_0.99.80~rc4-1_i386.deb alsaplayer-esd_0.99.80~rc4-1_i386.deb to pool/main/a/alsaplayer/alsaplayer-esd_0.99.80~rc4-1_i386.deb alsaplayer-gtk_0.99.80~rc4-1_i386.deb to pool/main/a/alsaplayer/alsaplayer-gtk_0.99.80~rc4-1_i386.deb alsaplayer-jack_0.99.80~rc4-1_i386.deb to pool/main/a/alsaplayer/alsaplayer-jack_0.99.80~rc4-1_i386.deb alsaplayer-nas_0.99.80~rc4-1_i386.deb to pool/main/a/alsaplayer/alsaplayer-nas_0.99.80~rc4-1_i386.deb alsaplayer-oss_0.99.80~rc4-1_i386.deb to pool/main/a/alsaplayer/alsaplayer-oss_0.99.80~rc4-1_i386.deb alsaplayer-text_0.99.80~rc4-1_i386.deb to pool/main/a/alsaplayer/alsaplayer-text_0.99.80~rc4-1_i386.deb alsaplayer-xosd_0.99.80~rc4-1_i386.deb to pool/main/a/alsaplayer/alsaplayer-xosd_0.99.80~rc4-1_i386.deb alsaplayer_0.99.80~rc4-1.diff.gz to pool/main/a/alsaplayer/alsaplayer_0.99.80~rc4-1.diff.gz alsaplayer_0.99.80~rc4-1.dsc to pool/main/a/alsaplayer/alsaplayer_0.99.80~rc4-1.dsc alsaplayer_0.99.80~rc4.orig.tar.gz to pool/main/a/alsaplayer/alsaplayer_0.99.80~rc4.orig.tar.gz libalsaplayer-dev_0.99.80~rc4-1_i386.deb to pool/main/a/alsaplayer/libalsaplayer-dev_0.99.80~rc4-1_i386.deb libalsaplayer0_0.99.80~rc4-1_i386.deb to pool/main/a/alsaplayer/libalsaplayer0_0.99.80~rc4-1_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hubert Chathi <[EMAIL PROTECTED]> (supplier of updated alsaplayer package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Format: 1.7 Date: Wed, 10 Oct 2007 15:33:10 -0400 Source: alsaplayer Binary: alsaplayer-daemon alsaplayer-xosd libalsaplayer-dev alsaplayer-jack alsaplayer-esd alsaplayer-text alsaplayer-nas alsaplayer-oss alsaplayer-alsa alsaplayer-gtk libalsaplayer0 alsaplayer-common Architecture: source i386 Version: 0.99.80~rc4-1 Distribution: unstable Urgency: low Maintainer: Hubert Chathi <[EMAIL PROTECTED]> Changed-By: Hubert Chathi <[EMAIL PROTECTED]> Description: alsaplayer-alsa - PCM player designed for ALSA (ALSA output module) alsaplayer-common - PCM player designed for ALSA (common files) alsaplayer-daemon - PCM player designed for ALSA (non-interactive version) alsaplayer-esd - PCM player designed for ALSA (EsounD output module) alsaplayer-gtk - PCM player designed for ALSA (GTK version) alsaplayer-jack - PCM player designed for ALSA (JACK output module) alsaplayer-nas - PCM player designed for ALSA (NAS output module) alsaplayer-oss - PCM player designed for ALSA (OSS output module) alsaplayer-text - PCM player designed for ALSA (text version) alsaplayer-xosd - PCM player designed for ALSA (osd version) libalsaplayer-dev - PCM player designed for ALSA (interface library, development file libalsaplayer0 - PCM player designed for ALSA (interface library) Closes: 444584 446034 Changes: alsaplayer (0.99.80~rc4-1) unstable; urgency=low . * New upstream release. * Fixes buffer overflow in vorbis plugin. (closes: #446034) * Remove patches already added by upstream. * debian patches/05_madglib.dpatch: Link mad plugin against glib only, instead of gtk. (closes: #444584) * debian/control: Update file to use binary:Version. * debian/rules: Don't ignore errors in clean target. * debian/*.menu: s/Apps/Applications/g. * debian/alsaplayer-gtk.menu: s/-i gtk/-i gtk2/ Files: 9a9a3c97061cd44829370577a15b0a90 1111 sound optional alsaplayer_0.99.80~rc4-1.dsc c17d8d4ae20ba97684ae501c3caf391a 1012126 sound optional alsaplayer_0.99.80~rc4.orig.tar.gz 08e685e61c5bbfa5ae854c0c5ee0371e 19385 sound optional alsaplayer_0.99.80~rc4-1.diff.gz 5e3fabae25c811bde002d93e8d40d22d 167466 sound optional alsaplayer-common_0.99.80~rc4-1_i386.deb a052f89b0d039d079aaf02594ffec277 190770 sound optional alsaplayer-gtk_0.99.80~rc4-1_i386.deb ae2149d7f9c2e878b8ee86a2bf4b256a 32064 sound optional alsaplayer-text_0.99.80~rc4-1_i386.deb 0b070e78df740f3cb7512dc856ad026a 31166 sound optional alsaplayer-daemon_0.99.80~rc4-1_i386.deb 97521a0ad13625cdb1296f5a1f99dcfe 31774 sound optional alsaplayer-xosd_0.99.80~rc4-1_i386.deb 16e30a2d1f407b8c9fcca53cf271a1e8 29084 sound optional alsaplayer-oss_0.99.80~rc4-1_i386.deb a8aed29beb6cc5b3bb49af42e32897e7 30672 sound optional alsaplayer-alsa_0.99.80~rc4-1_i386.deb c3235615dd03db978c794e8fc38b9bfb 28974 sound optional alsaplayer-esd_0.99.80~rc4-1_i386.deb 6c5a6ccef9ce086efb7388057694bc74 30830 sound optional alsaplayer-nas_0.99.80~rc4-1_i386.deb 1bfe8d8a73c18d7a89e6033da99945fa 32890 sound optional alsaplayer-jack_0.99.80~rc4-1_i386.deb 8a346031c6073e8589422668bf6ef12e 35036 libs optional libalsaplayer0_0.99.80~rc4-1_i386.deb b412718a1531f631f443bc42696a81ae 82202 libdevel optional libalsaplayer-dev_0.99.80~rc4-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHDUoarynHGRJLYfoRA0kTAJ4zt2rmB5nen5/bIOXeBwDSwlcjNQCgkWZ9 TqUgoLnuLMo9l2kcZh55uyM= =ioWW -----END PGP SIGNATURE-----
--- End Message ---