Your message dated Fri, 29 Apr 2011 12:43:31 +0200 with message-id <1304073811.4158.3.camel@localhost> and subject line Re: 0.8.8.2-1 uploaded to unstable has caused the Debian Bug report #622091, regarding libmodplug ReadS3M stack overflow to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 622091: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622091 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libmodplug Version: 1:0.8.8.1-2 Severity: grave Tags: security upstream Justification: user security hole Hello, An exploitable memory corruption vulnerability has been publicized against libmodplug 0.8.8.1: http://seclists.org/fulldisclosure/2011/Apr/113 Upstream version 0.8.8.2 fixes the issue. Best regards, -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (100, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.38-2-686 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---Version: 1:0.8.8.2-1 On Thu, 2011-04-14 at 14:57 -0400, Zed Pobre wrote: > The fixed version has been uploaded to unstable. I have extracted the > minimal portion of the changes relevant to this bug and have sent that > diff to the security team for backport. I'm also attaching it here. libmodplug (1:0.8.8.2-1) unstable; urgency=high * New upstream version * Fixes buffer overflow in ReadS3M function (SEC Consult SA-20110407-0) -- Zed Pobre <z...@debian.org> Thu, 14 Apr 2011 14:05:13 -0400 I'm closing this bug so it won't block migration to testing. Feel free to reopen if necessary. Best regards Alexander Kurtzsignature.asc
Description: This is a digitally signed message part
--- End Message ---