Your message dated Fri, 25 Apr 2014 15:34:42 +0000 with message-id <e1wdi9c-0000zz...@franck.debian.org> and subject line Bug#745301: fixed in libmms 0.6.2-4 has caused the Debian Bug report #745301, regarding libmms: CVE-2014-2892: heap-based buffer overflow to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 745301: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745301 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libmms Version: 0.6-1 Severity: grave Tags: security upstream fixed-upstream Hi, the following vulnerability was published for libmms. CVE-2014-2892[0]: heap-based buffer overflow If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2892 https://security-tracker.debian.org/tracker/CVE-2014-2892 [1] http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libmms Source-Version: 0.6.2-4 We believe that the bug you reported is fixed in the latest version of libmms, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 745...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sebastian Ramacher <sramac...@debian.org> (supplier of updated libmms package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 25 Apr 2014 15:43:03 +0200 Source: libmms Binary: libmms-dev libmms0 Architecture: source amd64 Version: 0.6.2-4 Distribution: unstable Urgency: high Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintain...@lists.alioth.debian.org> Changed-By: Sebastian Ramacher <sramac...@debian.org> Description: libmms-dev - MMS stream protocol library - development files libmms0 - MMS stream protocol library - shared library Closes: 745301 Changes: libmms (0.6.2-4) unstable; urgency=high . * Team upload. . [ Fabian Greffrath ] * Remove myself from Uploaders. . [ Sebastian Ramacher ] * Use urgency=high for security fix. * debian/patches/0002-CVE-2014-2892.patch: Apply upstream patch for CVE-2014-2892. (Closes: #745301) * debian/control: - Bump Standards-Version to 3.9.5. - Add dh-autoreconf to Depends and bump debhelper to >= 9. - Vcs-*: Ue canonical URLs. - Remove obsolete Dm-Upload-Allowed. * debian/rules: Run dh with --with autoreconf. Checksums-Sha1: 56a54742a28c599141229b9a6c7401657ae31cad 2003 libmms_0.6.2-4.dsc 07a5708d9d99aac1ffd2e03a858a3c0185ed5eb9 7088 libmms_0.6.2-4.debian.tar.xz bd17540325a8714739bcab8470b7ad720d8bc23e 38372 libmms-dev_0.6.2-4_amd64.deb bf49af2235a0110073b7a29a03f189eb5ca14a43 35414 libmms0_0.6.2-4_amd64.deb Checksums-Sha256: 0ed9646d509716f139f3eed0ed09365dc81ef896aa9f0b5ccf06c2ec878ac841 2003 libmms_0.6.2-4.dsc e82d08c84358e2da83c4f83740a7e719facfe5adaf67717c219affd99c5fb2d0 7088 libmms_0.6.2-4.debian.tar.xz 8af9f86b49059b80372245342eb8272e6dcb3c7709dc12ab5d4c843c895cd560 38372 libmms-dev_0.6.2-4_amd64.deb 4de5819852f695f7a1dd96661654960dfd7171f6d82ab64c93dc6db173ab4156 35414 libmms0_0.6.2-4_amd64.deb Files: cf26af39a592ae411db462be0d34397d 38372 libdevel optional libmms-dev_0.6.2-4_amd64.deb ac9ef11225026fc418ab8bf8cc3c2990 35414 libs optional libmms0_0.6.2-4_amd64.deb c0bb25e397281ae560f3708d56f0ee4c 2003 libs optional libmms_0.6.2-4.dsc 7ed2f50aa9b258a103604e0b1eadfcc7 7088 libs optional libmms_0.6.2-4.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJTWmbuAAoJEGny/FFupxmThXgP/RvEEei2NeweFH6RDozzaDuY BZXi/AkUEQVk7DOmiQ9Cu7IgfIhmWJEkdMlz7ZvvYCTQZZYFKODpiw6R/tbzAq6W T+VzlWXMzOmfguEBs2TGKuEAaWujxGOoyXICG0P2DcBTwBjFcij2R53zHFs/Dapt +z8TwhrHYh14Hpn1U8qjQumO6jTVoVP/02zVb/SL/OKBlJwxu39tCtVl1JY3NfxK goj2Lvp1Jyw/TX083bl25aC9KQcByXm/u8+2ACEPAttI3R3pxI+zFnkdC6OXCWkh PezQS1VNQaEOv2uLVX6bDc1ebApaA1y8Tj6ekKxoY95xswFlG1gM526L0SxOT2eT T81GbvY6T+hfGNSojcsTYxHogZIHa8DhBZQ+U0JyD64vm+ykikndfJw//yHOo0cj nkIn13Z2VXqD37D53NJfuEXdQZH63ot+1LswX5m8mJJGGTYeTwZnPCDDfic8GSl/ ql3LFMCDw2WNtlBBKQvFknPibl0w6tWbUx+lXIlhD7xvgOf/5uFwdFSGVMRNFBOg PQwd630dzoSqQdJ9whKvszU9NX8sI3xO+IGaRT10B5yhRqb1ergZaziKfdRagKWo ZnUlxh8HJk10DqXEC+iLxFqqAHdNiGtLkjFBcPudndE5b0boBukPpz9d3AJCU/Nd WoqOdiad50pU7MqePwC6 =zMCn -----END PGP SIGNATURE-----
--- End Message ---
