Your message dated Sun, 30 Jul 2023 12:41:54 +0000 with message-id <e1qq5ka-008oy1...@fasolo.debian.org> and subject line Bug#1016578: fixed in milkytracker 1.04.00+dfsg-1 has caused the Debian Bug report #1016578, regarding milkytracker: CVE-2022-34927 - stack overflow via the component LoaderXM::load to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1016578: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016578 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: milkytracker Version: 1.03.00+dfsg-2 Severity: important Tags: security upstream X-Debbugs-Cc: codeh...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for milkytracker. CVE-2022-34927[0]: | MilkyTracker v1.03.00 was discovered to contain a stack overflow via | the component LoaderXM::load. This vulnerability is triggered when the | program is supplied a crafted XM module file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-34927 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34927 Please adjust the affected versions in the BTS as needed. -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 5.18.0-2-amd64 (SMP w/6 CPU threads; PREEMPT) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---Source: milkytracker Source-Version: 1.04.00+dfsg-1 Done: Gürkan Myczko <t...@debian.org> We believe that the bug you reported is fixed in the latest version of milkytracker, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1016...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Gürkan Myczko <t...@debian.org> (supplier of updated milkytracker package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 30 Jul 2023 13:44:04 +0200 Source: milkytracker Architecture: source Version: 1.04.00+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org> Changed-By: Gürkan Myczko <t...@debian.org> Closes: 1016578 Changes: milkytracker (1.04.00+dfsg-1) unstable; urgency=medium . * New upstream version. (Closes: #1016578) CVE-2022-34927 - stack overflow via the component LoaderXM::load * Bump standards version to 4.6.2. * d/control: update maintainer address. Checksums-Sha1: da855221274d6cd50b1af9b47d61e47e4d6acbeb 2178 milkytracker_1.04.00+dfsg-1.dsc e6d5a0d0fc68ada6f8572de978b36eb57efea3ba 2968108 milkytracker_1.04.00+dfsg.orig.tar.xz 84f236bc6ec6d3a40ab1e50f5a64f1f77c045763 9592 milkytracker_1.04.00+dfsg-1.debian.tar.xz 2d6a06501048d8f2f634ef43284f36b362de074a 12088 milkytracker_1.04.00+dfsg-1_source.buildinfo Checksums-Sha256: 47edd451f3abe742927fe17da7926e150b5c7081b39764e8f8ab7dcb6d7fd248 2178 milkytracker_1.04.00+dfsg-1.dsc a113e146f5c3084e789b1cce26cd808655931edff494e2768aaa75770fad1a0d 2968108 milkytracker_1.04.00+dfsg.orig.tar.xz 50f08ec4cbea4cdba1205de718a6635e349a8ecc4db1e48ce996f7474fbcfe2b 9592 milkytracker_1.04.00+dfsg-1.debian.tar.xz d8f1fed4ca4519e09cd4197ae96e44e423718b69ce5685b9980906ee9eb41a9a 12088 milkytracker_1.04.00+dfsg-1_source.buildinfo Files: d68274c7e2292eb4b2507ad05eac1d16 2178 sound optional milkytracker_1.04.00+dfsg-1.dsc 982758c13c6228427c005c6d4872c668 2968108 sound optional milkytracker_1.04.00+dfsg.orig.tar.xz 5955b8905425d9518ef0896ca812f227 9592 sound optional milkytracker_1.04.00+dfsg-1.debian.tar.xz 6fc6f03bcb67cbbf8a86abd7fee13d19 12088 sound optional milkytracker_1.04.00+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtgob82PcExn/Co6JEWhSvN91FcAFAmTGTkAACgkQEWhSvN91 FcANAg//UA9O+lpLgNmMeFTJXeITkb5Es8dTI2qMUS6PCTdARQMh+A6RRJ7IwQ5g h+u8BchEfCbzhtP57tqF5w7nekG2WJoaA9HUVbD2Z+bjCIvFZSEbe/E9be4TzFrI wOXjYtDMSgVP0mR5wq0lSKhYqqWp9iQB9I/1xHqHhq8gN5BBT/KPb98PsIJkcft+ 0Ix18lwR+9FpqQPzo6oLeecO/qoLeOxQ3i47Fmb911XXpLLALIoqLbcJ0Wa1qAbF GK2VuhcZIGN9hv72LhCvrtwf8X66Tyb5SaYHx5ey95yUtOecWuKIeev1VrW25iT7 kPXNLLKX/17z0aSZxLoSO2p832E5o5kpl0gNPDKH83z0ssAQ8N0ZcxT2oIz+b606 LtT1d+scWgcxXT7f+8eC4PsVq+qxGKzoszd6JsvlpQjE7aPIDk/+e6hP5eWkogYe lu17+RMpP/NstcjFGm861/DAcb+qxCJ3rdSPbJAaS4wx42O6Uhd1buM2kdBtxEHg rbFbjl6vA7uBoM7KMvnAJrFBvC8t2mslz1sDCwXC2guLMaFcgdrryRYaxO7ROtYG qOlZzH5j+DgUoRUAki4SUjk9jxKEPRcL/KMcNbZV7LFD5dnfhhfjy44kKvkqDCUW 9h0ZgQJSDp3ZRu31vWWvEVo4hAlNbq6lEgRuy7dDriErwb5rb5U= =aomV -----END PGP SIGNATURE-----
--- End Message ---
