Your message dated Thu, 24 Jul 2008 07:47:08 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#475152: fixed in libfishsound 0.9.1-2
has caused the Debian Bug report #475152,
regarding libfishsound: CVE-2008-1686 code execution via crafted header
containing negative offsets
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
475152: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475152
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: libfishsound1
Version: 0.7.0-2
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libfishsound1.
CVE-2008-1686[0]:
| Uncontrolled array index in Speex 1.1.12 and earlier, as used in
| libfishsound 0.9.0 and earlier, including Illiminable DirectShow
| Filters and Annodex Plugins for Firefox, allows remote attackers to
| execute arbitrary code via a header structure containing a negative
| offset, which is used to dereference a function pointer.
A patch is on:
http://trac.annodex.net/changeset/3536
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
http://security-tracker.debian.net/tracker/CVE-2008-1686
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp65ZyAyKlFo.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: libfishsound
Source-Version: 0.9.1-2
We believe that the bug you reported is fixed in the latest version of
libfishsound, which is due to be installed in the Debian FTP archive:
libfishsound1-dbg_0.9.1-2_i386.deb
to pool/main/libf/libfishsound/libfishsound1-dbg_0.9.1-2_i386.deb
libfishsound1-dev_0.9.1-2_i386.deb
to pool/main/libf/libfishsound/libfishsound1-dev_0.9.1-2_i386.deb
libfishsound1_0.9.1-2_i386.deb
to pool/main/libf/libfishsound/libfishsound1_0.9.1-2_i386.deb
libfishsound_0.9.1-2.diff.gz
to pool/main/libf/libfishsound/libfishsound_0.9.1-2.diff.gz
libfishsound_0.9.1-2.dsc
to pool/main/libf/libfishsound/libfishsound_0.9.1-2.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
John Ferlito <[EMAIL PROTECTED]> (supplier of updated libfishsound package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 16 Jul 2008 20:23:53 +1000
Source: libfishsound
Binary: libfishsound1 libfishsound1-dev libfishsound1-dbg
Architecture: source i386
Version: 0.9.1-2
Distribution: unstable
Urgency: low
Maintainer: John Ferlito <[EMAIL PROTECTED]>
Changed-By: John Ferlito <[EMAIL PROTECTED]>
Description:
libfishsound1 - simple API that wraps Xiph.Org audio codecs
libfishsound1-dbg - simple API that wraps Xiph.Org audio codecs (debugging
informatio
libfishsound1-dev - simple API that wraps Xiph.Org audio codecs (development
files)
Closes: 475152
Changes:
libfishsound (0.9.1-2) unstable; urgency=low
.
* CVE-2008-1686 code execution via crafted header containing negative
offsets, should have been closed in 0.9.1-1 (Closes: #475152)
* Add DM-Upload-Allowed: yes to debian/control
* Update standards version to 3.8.0 (no changes)
Checksums-Sha1:
ee9f9de128652c95721d68b90881869aa0266605 1074 libfishsound_0.9.1-2.dsc
3fa52d56cc132c16be2b026cec99130969321373 3384 libfishsound_0.9.1-2.diff.gz
3db82150a0127ede45578890161b1a35475227d8 17404 libfishsound1_0.9.1-2_i386.deb
6e83ec0a481c4b9b5d279b60942ce684d2523d03 35566
libfishsound1-dev_0.9.1-2_i386.deb
1ed69fe2ebade17fa63d7f380e084c6fe4624747 28608
libfishsound1-dbg_0.9.1-2_i386.deb
Checksums-Sha256:
f04ee1f39f4f3c26c61980a98030ecd75f5c9c1b356ca3b8c6c60b3bf7299657 1074
libfishsound_0.9.1-2.dsc
10dd21ce7488ad4e4c267c956c67142386e2471b7bda12b5ea27644370d85ba4 3384
libfishsound_0.9.1-2.diff.gz
f2b43251eca8bcfa2eee72c81273dc84a3c129a383f00584f7f8ef14ab81dca8 17404
libfishsound1_0.9.1-2_i386.deb
5ca2b222582e05c4a24075181062672d834871222275994db526fcb12b8f0a3c 35566
libfishsound1-dev_0.9.1-2_i386.deb
acbd9083186114958c986279519e1309af18f78a5bc24749b6ba532e9fb0d0a3 28608
libfishsound1-dbg_0.9.1-2_i386.deb
Files:
55940eee15313182feae016c8aac199d 1074 unknown optional libfishsound_0.9.1-2.dsc
635393a410943665c07af44bbce50cd0 3384 unknown optional
libfishsound_0.9.1-2.diff.gz
69f7c877606e8deb2b4785b085f01c03 17404 libs optional
libfishsound1_0.9.1-2_i386.deb
449a5ec466fdee672bc48b47a4497f39 35566 libdevel optional
libfishsound1-dev_0.9.1-2_i386.deb
4b969ab584abc86ae6deffcb63af63ed 28608 libdevel extra
libfishsound1-dbg_0.9.1-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkiIMr8ACgkQ5u9oNyz9HDiOGgCgnkcwvg2DEqcJo/hMr/KtvJxv
d4IAoMyuuHD5N2/a1fn4xXCFKOtFbd/8
=xo8t
-----END PGP SIGNATURE-----
--- End Message ---
