Your message dated Mon, 01 Apr 2019 21:49:04 +0000
with message-id <[email protected]>
and subject line Bug#926125: fixed in libmysofa 0.6~dfsg0-3
has caused the Debian Bug report #926125,
regarding libmysofa: CVE-2019-10672
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
926125: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926125
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libmysofa
Version: 0.6~dfsg0-2
Severity: grave
Tags: security upstream
Hi,
The following vulnerability was published for libmysofa.
CVE-2019-10672[0]:
| treeRead in hdf/btree.c in libmysofa before 0.7 does not properly
| validate multiplications and additions.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-10672
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10672
[1]
https://github.com/hoene/libmysofa/commit/d39a171e9c6a1c44dbdf43f9db6c3fbd887e38c1
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libmysofa
Source-Version: 0.6~dfsg0-3
We believe that the bug you reported is fixed in the latest version of
libmysofa, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
IOhannes m zmölnig (Debian/GNU) <[email protected]> (supplier of updated
libmysofa package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 01 Apr 2019 23:25:15 +0200
Source: libmysofa
Architecture: source
Version: 0.6~dfsg0-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <[email protected]>
Changed-By: IOhannes m zmölnig (Debian/GNU) <[email protected]>
Closes: 926125
Changes:
libmysofa (0.6~dfsg0-3) unstable; urgency=medium
.
[ IOhannes m zmölnig ]
* Backport fix for CVE-2019-10672 (Closes: #926125)
.
[ Ondřej Nový ]
* d/control: Set Vcs-* to salsa.debian.org
.
[ Felipe Sateler ]
* Change maintainer address to [email protected]
Checksums-Sha1:
4072317322ddccd6b4b7d0bb604092a9b9cf8368 2162 libmysofa_0.6~dfsg0-3.dsc
e304e6be26532e399cd26069874f744be2f37478 16124
libmysofa_0.6~dfsg0-3.debian.tar.xz
acf52a65acc3708f7bb43bca96955f6910e7ccf6 7569
libmysofa_0.6~dfsg0-3_amd64.buildinfo
Checksums-Sha256:
3fa5bc7eb3aef588469581ab6f21ba03eb92c37c9ba7d9f2c015dcb025506038 2162
libmysofa_0.6~dfsg0-3.dsc
eab8bd4f496624ae00ebe7fc6437fe3f871d12eb9438939587ce3ea5f86d3176 16124
libmysofa_0.6~dfsg0-3.debian.tar.xz
f5b0ae3a1b7f22019dd23409c51251683c9c9c1e59d5c4c71b79464450dcdda9 7569
libmysofa_0.6~dfsg0-3_amd64.buildinfo
Files:
ec89173dda122c0198f61effaab83769 2162 devel optional libmysofa_0.6~dfsg0-3.dsc
6ec3e56a1ff473af2f65e86222b3dd2b 16124 devel optional
libmysofa_0.6~dfsg0-3.debian.tar.xz
8c026a529466ede6d0064ddab2e26b2f 7569 devel optional
libmysofa_0.6~dfsg0-3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEdAXnRVdICXNIABVttlAZxH96NvgFAlyigh4ACgkQtlAZxH96
Nvg6Bw//cXrVXE1Nzxp9WHwSWlhcH8Fzkszqxazl4MIcM18kiqHpW6OdtDDI5ZRv
Of3TKBjweytRXzcbPrESxjGOwdvlyV9E01+q3O/LGXHoZUu1Ms9VLv5Lodq2Ttq7
Qn3uj7f0oCMWRmC0ncI1ciCPNYeTfg1ueWlxrXY9/ew7fpChjG5ptMexEOv2ZIG/
cmKYTDdsOYy4cPrGB+dLzDinrGE9TawXSV5xHMCGXXD4Byy4VWwp4ZP9W9EQv9Ov
vNCBuUBIy56SOiSRn0qCeUqyce6CyQ/yriZIv7pv+QQTSvRHsZQXKREz8GgHhLqn
XbRB+iq3Leo2STc8Rotg+qaclv9q+l84GfaSHudGuRqSk6s6pPDQlgr6KX9C3wYD
0L8t5GfwZ0WnDyq2qc1kn2ahMU+NpSgkQglnAGGu73gqYcrSB4UNJKjT41dNsxsa
mKzMmyzjpu3PPacdKbiNLiX/y6UYFGrjXCkFMwl+7/yXKQbqImkhDRRHyA0Lsa/5
20tUgX+EC+fyrqlfgjAHxM9czuQuL3psKABVJpwdCNmTiMZQ4eKqJJOnXCZ4IQPo
BaM0PzZFRNjj2FlUwzYlEo0acSHvPLdqQnVNsOmYlvCK1qjRy9s/erHNwaO52Gee
xkP60NBc8SgJGDht32bTGRLTACupQKIOyuO6EN8Ljxa2dZFqLpY=
=KGtA
-----END PGP SIGNATURE-----
--- End Message ---
