Your message dated Sat, 12 Dec 2009 04:34:19 +0000
with message-id <e1njjgr-0000nv...@ries.debian.org>
and subject line Bug#552743: fixed in liboggplay 0.2.1~git20091120-1
has caused the Debian Bug report #552743,
regarding CVE-2009-3378: liboggplay issue discovered by Mozilla
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
552743: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552743
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: liboggplay
Severity: grave
Tags: security
Firefox 3.5.4 fixed a security issue in the embedded liboggplay
copy: http://www.mozilla.org/security/announce/2009/mfsa2009-63.html
I checked the patch from https://bugzilla.mozilla.org/show_bug.cgi?id=500311
and it is missing in the version from unstable.
BTW, the fixes for liboggz and libvorbis (also from Firefox
3.5.4) are already fixed in unstable, but still need to be fixed
for stable-security. If you can prepare updated packages, please
contact t...@security.debian.org
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.30-2-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
--- End Message ---
--- Begin Message ---
Source: liboggplay
Source-Version: 0.2.1~git20091120-1
We believe that the bug you reported is fixed in the latest version of
liboggplay, which is due to be installed in the Debian FTP archive:
liboggplay1-dbg_0.2.1~git20091120-1_i386.deb
to main/libo/liboggplay/liboggplay1-dbg_0.2.1~git20091120-1_i386.deb
liboggplay1-dev_0.2.1~git20091120-1_i386.deb
to main/libo/liboggplay/liboggplay1-dev_0.2.1~git20091120-1_i386.deb
liboggplay1_0.2.1~git20091120-1_i386.deb
to main/libo/liboggplay/liboggplay1_0.2.1~git20091120-1_i386.deb
liboggplay_0.2.1~git20091120-1.diff.gz
to main/libo/liboggplay/liboggplay_0.2.1~git20091120-1.diff.gz
liboggplay_0.2.1~git20091120-1.dsc
to main/libo/liboggplay/liboggplay_0.2.1~git20091120-1.dsc
liboggplay_0.2.1~git20091120.orig.tar.gz
to main/libo/liboggplay/liboggplay_0.2.1~git20091120.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 552...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
John Francesco Ferlito <jo...@inodes.org> (supplier of updated liboggplay
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 12 Dec 2009 13:45:51 +1100
Source: liboggplay
Binary: liboggplay1 liboggplay1-dev liboggplay1-dbg
Architecture: source i386
Version: 0.2.1~git20091120-1
Distribution: unstable
Urgency: low
Maintainer: John Francesco Ferlito <jo...@inodes.org>
Changed-By: John Francesco Ferlito <jo...@inodes.org>
Description:
liboggplay1 - A library for playing OGG multimedia
liboggplay1-dbg - A library for playing OGG multimedia (debugging symbols)
liboggplay1-dev - A library for playing OGG multimedia (development files)
Closes: 552743 557774
Changes:
liboggplay (0.2.1~git20091120-1) unstable; urgency=low
.
* Use latest git version.
* Move to debhelper dh.
* Add ${misc:Depends}.
* Patch for CVE-2009-3378 (Closes: #552743).
* Fix missing files in -dev package (Closes: #557774).
* Add README.source as we are now using quilt.
Checksums-Sha1:
d88889fb76ad38a777ce1736ece85f4c1cf50aee 1207
liboggplay_0.2.1~git20091120-1.dsc
4ac2a16654d4811d8e0f074c909975e3fa16bcb5 735539
liboggplay_0.2.1~git20091120.orig.tar.gz
3a336129cc7ecf360934e72222f59b57711eccc6 3633
liboggplay_0.2.1~git20091120-1.diff.gz
beeba76f8d1ea503ea7f80bf8671bc6beb78a9a2 31398
liboggplay1_0.2.1~git20091120-1_i386.deb
cf29a7dacec95980c0474594b68429d92171d010 38790
liboggplay1-dev_0.2.1~git20091120-1_i386.deb
a63e3eb83df7184418dcd4c4c1dfe27e436e69eb 60098
liboggplay1-dbg_0.2.1~git20091120-1_i386.deb
Checksums-Sha256:
3a5b66457973385507d7f37444ee77e10ce2007c618a0c675ff1794ac2ee0349 1207
liboggplay_0.2.1~git20091120-1.dsc
e77df037d0b08e3f2b71c359123e354e63acca67fa36ca333853cb3cab6b86e5 735539
liboggplay_0.2.1~git20091120.orig.tar.gz
4beea9e09ee44ffe4914080774472682d54296e719d327389cfb13ad5c85cbdb 3633
liboggplay_0.2.1~git20091120-1.diff.gz
3756afd34a1db69efdf705a48ba41bdbd0da13cad7432efe2769e72b8f90da71 31398
liboggplay1_0.2.1~git20091120-1_i386.deb
07df63c859a4001ffe1678aa1a093a116a4df3040b464a2f29163115b161f8ad 38790
liboggplay1-dev_0.2.1~git20091120-1_i386.deb
2e9859d48b5a935757c9d213ea305d8731081f16138dc90498c93effc7a2d19a 60098
liboggplay1-dbg_0.2.1~git20091120-1_i386.deb
Files:
0a72239c3c2344309aa819158b9a2f49 1207 libs extra
liboggplay_0.2.1~git20091120-1.dsc
ca95a426111d4593e2e09ca406b77604 735539 libs extra
liboggplay_0.2.1~git20091120.orig.tar.gz
2775f479d924a050be9ffb9490a77a83 3633 libs extra
liboggplay_0.2.1~git20091120-1.diff.gz
c7160c02d4dd770800e8330490a68509 31398 libs extra
liboggplay1_0.2.1~git20091120-1_i386.deb
d93fb0655266afcd44e1dfffa82e2ea1 38790 libdevel extra
liboggplay1-dev_0.2.1~git20091120-1_i386.deb
b4d3c669d9f140083ef6dfbfe07cae1d 60098 debug extra
liboggplay1-dbg_0.2.1~git20091120-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAksjFI0ACgkQYcdJscd4KNQ+rgCeKUAGT86AHmaknbuoXHH3QOYd
qIAAnioBez+HTe1p52Rt3qn1mJOS79QW
=3mSG
-----END PGP SIGNATURE-----
--- End Message ---
