Your message dated Sun, 29 Jul 2018 05:49:05 +0000 with message-id <E1fjeZl-0000Q1-8f@fasolo.debian.org> and subject line Bug#904874: fixed in libopenmpt 0.3.11-1 has caused the Debian Bug report #904874, regarding libopenmpt: Crash with some malformed custom tunings in MPTM files to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 904874: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904874 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: libopenmpt: Crash with some malformed custom tunings in MPTM files
- From: James Cowgill <jcowgill@debian.org>
- Date: Sun, 29 Jul 2018 12:34:21 +0800
- Message-id: <[🔎] d44dbce5-fc7e-d037-a998-03240d31cc6a@debian.org>
Source: libopenmpt Version: 0.2.7025~beta20.1-1 Severity: important Tags: upstream A new version of libopempt 0.3.11 was released with a security fix: https://lib.openmpt.org/libopenmpt/2018/07/28/security-updates-0.3.11-0.2.10635-beta34-0.2.7561-beta20.5-p10-0.2.7386-beta20.3-p13/ From SVN log: [Fix] Tuning: Fix integer overflow and division by zero in GetRatio()/GetRatioFine() with out-of-range m_FineStepCount caused by malformed files (caught with afl-fuzz). AFAIKT this is denial of service only, so keeping the severity at important. JamesAttachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
- To: 904874-close@bugs.debian.org
- Subject: Bug#904874: fixed in libopenmpt 0.3.11-1
- From: James Cowgill <jcowgill@debian.org>
- Date: Sun, 29 Jul 2018 05:49:05 +0000
- Message-id: <E1fjeZl-0000Q1-8f@fasolo.debian.org>
Source: libopenmpt Source-Version: 0.3.11-1 We believe that the bug you reported is fixed in the latest version of libopenmpt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 904874@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. James Cowgill <jcowgill@debian.org> (supplier of updated libopenmpt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 29 Jul 2018 13:29:16 +0800 Source: libopenmpt Binary: openmpt123 libopenmpt0 libopenmpt-dev libopenmpt-doc libopenmpt-modplug1 libopenmpt-modplug-dev Architecture: source Version: 0.3.11-1 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org> Changed-By: James Cowgill <jcowgill@debian.org> Description: libopenmpt-dev - module music library based on OpenMPT -- development files libopenmpt-doc - module music library based on OpenMPT -- documentation libopenmpt-modplug-dev - module music library based on OpenMPT -- modplug compat developme libopenmpt-modplug1 - module music library based on OpenMPT -- modplug compat library libopenmpt0 - module music library based on OpenMPT -- shared library openmpt123 - module music library based on OpenMPT -- music player Closes: 904874 Changes: libopenmpt (0.3.11-1) unstable; urgency=medium . * New upstream release. - Fix crash with some malformed custom tunings in MPTM files. (Closes: #904874) Checksums-Sha1: 9b265cda92caed415181ad37741416bde0f7b1bf 2596 libopenmpt_0.3.11-1.dsc 333f811112b703c1369a0633569677606a93fbe5 1412893 libopenmpt_0.3.11.orig.tar.gz b8b5c0976dd8b92ad5d2b5b7ef7ce6c688baa7f4 12432 libopenmpt_0.3.11-1.debian.tar.xz fac3c2d7d58e3599fee797f2999dc67753cdc693 7969 libopenmpt_0.3.11-1_source.buildinfo Checksums-Sha256: 284149f8e40ed471a6326a12b10365ecc26a33ccf987ad602bc1e2726c1c83a1 2596 libopenmpt_0.3.11-1.dsc df1ec44212e9f73b33d5aa4970cf3fb7ce27c9fef88d1d1a8be79271c4c705e6 1412893 libopenmpt_0.3.11.orig.tar.gz 81b63f7412cc3511c76dceb937232d20bbb45a1019a54cd5726d0bd20b5bcf25 12432 libopenmpt_0.3.11-1.debian.tar.xz e8a2dbc5b9683c524cf11e3387509bd6e11217f5c1a4ea1e7579da2031e38a82 7969 libopenmpt_0.3.11-1_source.buildinfo Files: 0683f9659eb4e017f1eb11d36f57d554 2596 libs optional libopenmpt_0.3.11-1.dsc 021a5730a539355bc578911920415159 1412893 libs optional libopenmpt_0.3.11.orig.tar.gz 410f5301c01ae80fd2e6bb5593d2c0e1 12432 libs optional libopenmpt_0.3.11-1.debian.tar.xz 9a384e44591f4d90a6ef8237a9394e28 7969 libs optional libopenmpt_0.3.11-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAltdUY0UHGpjb3dnaWxs QGRlYmlhbi5vcmcACgkQx/FnbeotAe83tw//cVo1DGUf/ILw11C/TlWNOZLo83go hM/sTABI8XgpUPcje9IAtPkFknc3XQtkdnh8dy6l9MzfaFGmRBAJVabS6VMaEksF LYos8PEQoWbydMNHSFIweSkFoaeM60jmy+obP6jOAm6bqUPoAhIfvdmvwX1KbwZm p6vH7vLrqbx9zgMhm7YXXkoqafUm2RAWMMjd4H4JJrEGIfb051LD+f4pEBp/dxgh qnIQ7vEutDvYu+dqbArveYW/cJ5Nb6DXT3pB06nIWKujSwWlpJD1JPyq7iBcXdDT 4kjldaB+naMreo2W3XosCVefzeQ5TkDnq/ghcn/sQ/rNpON7eXxbkC9WLmLzemdA RSaCBg6YI3TVaz6ZnueLC1GdXoI4jfTb0op2OW9qAqjbzDnqGvOJN50YbQTNr0o4 Z15hynGy8xduipKtvWSDq3Spdy/gqe+X4h7Ku7s1V/Jz8FaGxvNm8r2Rbqq5Ofu6 cAMEg+kS5HZWpu91NdHZpv2Rfc7eg2iyOSbmbdubf0C/51OXsfeK2MHn723yD31s kjRXp9ZAkiUfGp/SJKNOIaMEqCHnBRjuP/vWIHWsBI5kX4I3I+TGhLO57WTC9sOx oJrwlQMlt+5CgdSEHj/JJ48oyZBzAoZjL3GYdNIaeco3V7Y2xjzH7GGpIqhqyD+J MTBkvyxGVjZhdrs= =tUgY -----END PGP SIGNATURE-----
--- End Message ---