Bug#931343: marked as done (audiofile: CVE-2019-13147)
Your message dated Sun, 19 Nov 2023 11:48:59 +0000
with message-id <E1r4gIN-004VY2-Qv@fasolo.debian.org>
and subject line Bug#931343: fixed in audiofile 0.3.6-6
has caused the Debian Bug report #931343,
regarding audiofile: CVE-2019-13147
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
931343: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931343
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: audiofile: CVE-2019-13147
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Tue, 02 Jul 2019 16:54:07 +0200
- Message-id: <156207924725.31982.4800947727268019569.reportbug@eldamar.local>
Source: audiofile
Version: 0.3.6-5
Severity: important
Tags: security upstream
Forwarded: https://github.com/mpruett/audiofile/issues/54
Control: found -1 0.3.6-5
Control: found -1 0.3.6-4
Control: found -1 0.3.6-4+deb9u1
Hi,
The following vulnerability was published for audiofile.
CVE-2019-13147[0]:
| In Audio File Library (aka audiofile) 0.3.6, there exists one NULL
| pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a
| that allows an attacker to cause a denial of service via a crafted
| file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-13147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13147
[1] https://github.com/mpruett/audiofile/issues/54
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: audiofile
Source-Version: 0.3.6-6
Done: Bastien Roucariès <rouca@debian.org>
We believe that the bug you reported is fixed in the latest version of
audiofile, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 931343@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <rouca@debian.org> (supplier of updated audiofile package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 12 Nov 2023 10:40:24 +0000
Source: audiofile
Architecture: source
Version: 0.3.6-6
Distribution: unstable
Urgency: high
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 931343 1008017
Changes:
audiofile (0.3.6-6) unstable; urgency=high
.
* Team upload
.
[ Debian Janitor ]
* Trim trailing whitespace.
* Use secure URI in Homepage field.
* Bump debhelper from old 9 to 10.
* Set upstream metadata fields: Bug-Database, Repository, Repository-
Browse.
* Drop unnecessary dependency on dh-autoreconf.
* Drop unnecessary dh arguments: --parallel
* Fix day-of-week for changelog entry 0.1.5-3.
* Drop transition for old debug package migration.
.
[ Bastien Roucariès ]
* Fix CVE-2019-13147: Fix a DOS due integer overflow.
Bail out early if NeXT audiofile.
support allocate more than INT_MAX/8 channels.
(Closes: #931343).
* Fix CVE-2022-24599: Fix a memory leak by reading not null
terminated copyright field (Closes: #1008017).
Checksums-Sha1:
fc0d390df294d2794aa3e3463ca75222298de3fc 2130 audiofile_0.3.6-6.dsc
2140736eef87ea48f17b06246e7c4d564ace3a32 20120 audiofile_0.3.6-6.debian.tar.xz
762d03dee8c4d018a1706c671d2261eacb5415b8 7551 audiofile_0.3.6-6_amd64.buildinfo
Checksums-Sha256:
6d9ffb4b4de6397f0e553b783b6f0647d0970ee76143c4388bf755253d7f1d3e 2130 audiofile_0.3.6-6.dsc
a92e33a198e323506b020d0c3015f756af579710af7c641bc90c21434b6f07be 20120 audiofile_0.3.6-6.debian.tar.xz
f8c76fd0a44507c0ff33043e6cc3a615754e3dae020c6dd4bd93fc6037bd5c88 7551 audiofile_0.3.6-6_amd64.buildinfo
Files:
a1e25c7150c32aeca647d885d807e8fa 2130 libs optional audiofile_0.3.6-6.dsc
ceeccfef52a6849c63dab49fe1d7dd6a 20120 libs optional audiofile_0.3.6-6.debian.tar.xz
be9e92a619ade249a710e325e846fc4f 7551 libs optional audiofile_0.3.6-6_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmVQszcRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF8NBhAAtyJqhTsh81yuEMJnmX7vSbRhyke9FwVx
y+CGx84HEGsJ3FvM1hEPEpyo/S962tAlzU3/3b8NO2rA8BZJMbIWXYawyv/Y5olH
OjxmwfaM2EGSkRFSJJxi6eTO8Zr6t27FzEjKtL4C75cJUC8I5ToO2aHtpZuDzjF5
xZiBYCo6A7QFu0Nm1oW20cGG8Tp6tuunrhFaxxKDXZBUwHgYvarVV9OM8EpE6awZ
tfAowK5xRyCkc7dbU5O6jmOsj/HWuHGIYhSYqe6aMg9QowXLBjpZCKAPIb+uOxmS
PM9iFYixTI931MfzypGVlcCuFfmCSeiekQAhrPP3DjikzEOkAfbU0jBEJ/LBZB0v
LMtLIBH/gzMsj+GTR6Ws7h8EcsekB/XjaJK13jM3T1BNNLi/4nj3vVK/Yr8H4MXK
GBegm9T8entStFzfrj8UC8AOzEgxq10ccIKnsZhVvPdfy6WfNNcf6q8hktuubQcX
dJbzu6IZ8W5gD3Kq88FfTPI9khw5AyoC95jczjMAOtNTo3t9H0m1/j5YRl47DBPq
Y1wI1hYTZVSXXLen1fvjd4Yy4DR/xr9Bs3hWoiGDJ5c3BvKKRjS/rWUZTJW65Mw2
M5spBphkSoHSWercFZ1BlJqKNIIVgB0E1xT1pKc8IZufT4nwhAS0ZapaiTb+Tw+t
kIA50VUCM3c=
=ZkYt
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: