Bug#622091: marked as done (libmodplug ReadS3M stack overflow)

Fri, 29 Apr 2011 03:45:35 -0700 

Your message dated Fri, 29 Apr 2011 12:43:31 +0200
with message-id <1304073811.4158.3.camel@localhost>
and subject line Re: 0.8.8.2-1 uploaded to unstable
has caused the Debian Bug report #622091,
regarding libmodplug ReadS3M stack overflow
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
622091: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622091
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: libmodplug
Version: 1:0.8.8.1-2
Severity: grave
Tags: security upstream
Justification: user security hole


        Hello,

An exploitable memory corruption vulnerability has been publicized
against libmodplug 0.8.8.1:
http://seclists.org/fulldisclosure/2011/Apr/113

Upstream version 0.8.8.2 fixes the issue.

Best regards,

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.38-2-686 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---
--- Begin Message --- 
Version: 1:0.8.8.2-1

On Thu, 2011-04-14 at 14:57 -0400, Zed Pobre wrote:
> The fixed version has been uploaded to unstable.  I have extracted the
> minimal portion of the changes relevant to this bug and have sent that
> diff to the security team for backport.  I'm also attaching it here.

libmodplug (1:0.8.8.2-1) unstable; urgency=high

   * New upstream version
     * Fixes buffer overflow in ReadS3M function
       (SEC Consult SA-20110407-0)
 -- Zed Pobre <z...@debian.org>  Thu, 14 Apr 2011 14:05:13 -0400

I'm closing this bug so it won't block migration to testing. Feel free
to reopen if necessary.

Best regards

Alexander Kurtz

Attachment: signature.asc
Description: This is a digitally signed message part


--- End Message ---

Reply via email to