Your message dated Wed, 10 Oct 2007 22:02:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#446034: fixed in alsaplayer 0.99.80~rc4-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: alsaplayer
Severity: grave
Tags: security
Hi,
The following was released on:
http://secunia.com/advisories/27117/
| Some vulnerabilities have been reported in AlsaPlayer, which potentially can
be
| exploited by malicious people to compromise a user's system.
|
| The vulnerabilities are caused due to boundary errors in the vorbis input
| plug-in when processing .OGG files. These can be exploited to cause buffer
| overflows via a specially crafted .OGG file with overly long comments.
|
| Successful exploitation may allow execution of arbitrary code.
Kind regards
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp0x3P4pY430.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: alsaplayer
Source-Version: 0.99.80~rc4-1
We believe that the bug you reported is fixed in the latest version of
alsaplayer, which is due to be installed in the Debian FTP archive:
alsaplayer-alsa_0.99.80~rc4-1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-alsa_0.99.80~rc4-1_i386.deb
alsaplayer-common_0.99.80~rc4-1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-common_0.99.80~rc4-1_i386.deb
alsaplayer-daemon_0.99.80~rc4-1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-daemon_0.99.80~rc4-1_i386.deb
alsaplayer-esd_0.99.80~rc4-1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-esd_0.99.80~rc4-1_i386.deb
alsaplayer-gtk_0.99.80~rc4-1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-gtk_0.99.80~rc4-1_i386.deb
alsaplayer-jack_0.99.80~rc4-1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-jack_0.99.80~rc4-1_i386.deb
alsaplayer-nas_0.99.80~rc4-1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-nas_0.99.80~rc4-1_i386.deb
alsaplayer-oss_0.99.80~rc4-1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-oss_0.99.80~rc4-1_i386.deb
alsaplayer-text_0.99.80~rc4-1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-text_0.99.80~rc4-1_i386.deb
alsaplayer-xosd_0.99.80~rc4-1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-xosd_0.99.80~rc4-1_i386.deb
alsaplayer_0.99.80~rc4-1.diff.gz
to pool/main/a/alsaplayer/alsaplayer_0.99.80~rc4-1.diff.gz
alsaplayer_0.99.80~rc4-1.dsc
to pool/main/a/alsaplayer/alsaplayer_0.99.80~rc4-1.dsc
alsaplayer_0.99.80~rc4.orig.tar.gz
to pool/main/a/alsaplayer/alsaplayer_0.99.80~rc4.orig.tar.gz
libalsaplayer-dev_0.99.80~rc4-1_i386.deb
to pool/main/a/alsaplayer/libalsaplayer-dev_0.99.80~rc4-1_i386.deb
libalsaplayer0_0.99.80~rc4-1_i386.deb
to pool/main/a/alsaplayer/libalsaplayer0_0.99.80~rc4-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hubert Chathi <[EMAIL PROTECTED]> (supplier of updated alsaplayer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Format: 1.7
Date: Wed, 10 Oct 2007 15:33:10 -0400
Source: alsaplayer
Binary: alsaplayer-daemon alsaplayer-xosd libalsaplayer-dev alsaplayer-jack
alsaplayer-esd alsaplayer-text alsaplayer-nas alsaplayer-oss alsaplayer-alsa
alsaplayer-gtk libalsaplayer0 alsaplayer-common
Architecture: source i386
Version: 0.99.80~rc4-1
Distribution: unstable
Urgency: low
Maintainer: Hubert Chathi <[EMAIL PROTECTED]>
Changed-By: Hubert Chathi <[EMAIL PROTECTED]>
Description:
alsaplayer-alsa - PCM player designed for ALSA (ALSA output module)
alsaplayer-common - PCM player designed for ALSA (common files)
alsaplayer-daemon - PCM player designed for ALSA (non-interactive version)
alsaplayer-esd - PCM player designed for ALSA (EsounD output module)
alsaplayer-gtk - PCM player designed for ALSA (GTK version)
alsaplayer-jack - PCM player designed for ALSA (JACK output module)
alsaplayer-nas - PCM player designed for ALSA (NAS output module)
alsaplayer-oss - PCM player designed for ALSA (OSS output module)
alsaplayer-text - PCM player designed for ALSA (text version)
alsaplayer-xosd - PCM player designed for ALSA (osd version)
libalsaplayer-dev - PCM player designed for ALSA (interface library,
development file
libalsaplayer0 - PCM player designed for ALSA (interface library)
Closes: 444584 446034
Changes:
alsaplayer (0.99.80~rc4-1) unstable; urgency=low
.
* New upstream release.
* Fixes buffer overflow in vorbis plugin. (closes: #446034)
* Remove patches already added by upstream.
* debian patches/05_madglib.dpatch: Link mad plugin against glib only,
instead of gtk. (closes: #444584)
* debian/control: Update file to use binary:Version.
* debian/rules: Don't ignore errors in clean target.
* debian/*.menu: s/Apps/Applications/g.
* debian/alsaplayer-gtk.menu: s/-i gtk/-i gtk2/
Files:
9a9a3c97061cd44829370577a15b0a90 1111 sound optional
alsaplayer_0.99.80~rc4-1.dsc
c17d8d4ae20ba97684ae501c3caf391a 1012126 sound optional
alsaplayer_0.99.80~rc4.orig.tar.gz
08e685e61c5bbfa5ae854c0c5ee0371e 19385 sound optional
alsaplayer_0.99.80~rc4-1.diff.gz
5e3fabae25c811bde002d93e8d40d22d 167466 sound optional
alsaplayer-common_0.99.80~rc4-1_i386.deb
a052f89b0d039d079aaf02594ffec277 190770 sound optional
alsaplayer-gtk_0.99.80~rc4-1_i386.deb
ae2149d7f9c2e878b8ee86a2bf4b256a 32064 sound optional
alsaplayer-text_0.99.80~rc4-1_i386.deb
0b070e78df740f3cb7512dc856ad026a 31166 sound optional
alsaplayer-daemon_0.99.80~rc4-1_i386.deb
97521a0ad13625cdb1296f5a1f99dcfe 31774 sound optional
alsaplayer-xosd_0.99.80~rc4-1_i386.deb
16e30a2d1f407b8c9fcca53cf271a1e8 29084 sound optional
alsaplayer-oss_0.99.80~rc4-1_i386.deb
a8aed29beb6cc5b3bb49af42e32897e7 30672 sound optional
alsaplayer-alsa_0.99.80~rc4-1_i386.deb
c3235615dd03db978c794e8fc38b9bfb 28974 sound optional
alsaplayer-esd_0.99.80~rc4-1_i386.deb
6c5a6ccef9ce086efb7388057694bc74 30830 sound optional
alsaplayer-nas_0.99.80~rc4-1_i386.deb
1bfe8d8a73c18d7a89e6033da99945fa 32890 sound optional
alsaplayer-jack_0.99.80~rc4-1_i386.deb
8a346031c6073e8589422668bf6ef12e 35036 libs optional
libalsaplayer0_0.99.80~rc4-1_i386.deb
b412718a1531f631f443bc42696a81ae 82202 libdevel optional
libalsaplayer-dev_0.99.80~rc4-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHDUoarynHGRJLYfoRA0kTAJ4zt2rmB5nen5/bIOXeBwDSwlcjNQCgkWZ9
TqUgoLnuLMo9l2kcZh55uyM=
=ioWW
-----END PGP SIGNATURE-----
--- End Message ---
