Bug#911584: marked as done (libopenmpt: out of bounds memory read in MED files)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Mon, 22 Oct 2018 11:05:28 +0000
with message-id <E1gEY1Y-000AgJ-OI@fasolo.debian.org>
and subject line Bug#911584: fixed in libopenmpt 0.3.13-1
has caused the Debian Bug report #911584,
regarding libopenmpt: out of bounds memory read in MED files
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
911584: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911584
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: libopenmpt: out of bounds memory read in MED files
• From: James Cowgill <jcowgill@debian.org>
• Date: Mon, 22 Oct 2018 09:44:27 +0100
• Message-id: <[🔎] 0036beee-de96-b46a-9d73-140fb9f70f39@debian.org>

Source: libopenmpt
Version: 0.2.7025~beta20.1-1
Severity: important
Tags: security upstream fixed-upstream

Hi,

Upstream 0.3.13 released a fix for an out of bound read in malformed MED
files. It affects stretch.

Announcement:
https://lib.openmpt.org/libopenmpt/2018/10/21/security-updates-0.3.13-0.2.10933-beta36-0.2.7561-beta20.5-p11-0.2.7386-beta20.3-p14/

Upstream commit which fixes this:
https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=10903

James

Attachment: signature.asc
Description: OpenPGP digital signature

--- End Message ---

--- Begin Message ---

• To: 911584-close@bugs.debian.org
• Subject: Bug#911584: fixed in libopenmpt 0.3.13-1
• From: James Cowgill <jcowgill@debian.org>
• Date: Mon, 22 Oct 2018 11:05:28 +0000
• Message-id: <E1gEY1Y-000AgJ-OI@fasolo.debian.org>

Source: libopenmpt
Source-Version: 0.3.13-1

We believe that the bug you reported is fixed in the latest version of
libopenmpt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 911584@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
James Cowgill <jcowgill@debian.org> (supplier of updated libopenmpt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 22 Oct 2018 09:46:13 +0100
Source: libopenmpt
Binary: openmpt123 libopenmpt0 libopenmpt-dev libopenmpt-doc libopenmpt-modplug1 libopenmpt-modplug-dev
Architecture: source
Version: 0.3.13-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: James Cowgill <jcowgill@debian.org>
Description:
 libopenmpt-dev - module music library based on OpenMPT -- development files
 libopenmpt-doc - module music library based on OpenMPT -- documentation
 libopenmpt-modplug-dev - module music library based on OpenMPT -- modplug compat developme
 libopenmpt-modplug1 - module music library based on OpenMPT -- modplug compat library
 libopenmpt0 - module music library based on OpenMPT -- shared library
 openmpt123 - module music library based on OpenMPT -- music player
Closes: 911584
Changes:
 libopenmpt (0.3.13-1) unstable; urgency=medium
 .
   * New upstream release.
     - Fixes out of bound read in malformed MED files. (Closes: #911584)
Checksums-Sha1:
 b30ea789bc0412ea6392955f5244a80c4932128f 2713 libopenmpt_0.3.13-1.dsc
 50105b5e1539ad38820c0fe8893aa67a9dbd4875 1414177 libopenmpt_0.3.13.orig.tar.gz
 a70d098f1ca7aaef32b343ef11ba0a16f44696c8 12488 libopenmpt_0.3.13-1.debian.tar.xz
Checksums-Sha256:
 0a419e187624d15b3654775f3fdaf6819ef595580f9f5e24a3b51323bf581933 2713 libopenmpt_0.3.13-1.dsc
 29b7c15d92787d5edcd54f4302be6d40d330478be0b49d934bf976fb192896cd 1414177 libopenmpt_0.3.13.orig.tar.gz
 8250878532849bb3b543f64498cb6748bae8b4f03355d924abbc19a6aed6b015 12488 libopenmpt_0.3.13-1.debian.tar.xz
Files:
 aa6cfa65ecd9fd4adb8f986ff8cb84f3 2713 libs optional libopenmpt_0.3.13-1.dsc
 6ffe5dbb69b57a622fa8d2fa0d9fd8fa 1414177 libs optional libopenmpt_0.3.13.orig.tar.gz
 4ca68197a1f0b5e2268dd168ada6245a 12488 libs optional libopenmpt_0.3.13-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAlvNqv4UHGpjb3dnaWxs
QGRlYmlhbi5vcmcACgkQx/FnbeotAe+CBhAAhvO/4O4lCzVxx0nZylYHnUrkL9xL
+B4Hb0LnGkEw2nSq71uVWq+5gdv36mAPAG2zuAbqbsYfwREle/FQz604IOtRo4XM
cn/Lk8ps4ROHhDf9WJqWKWN5mHRDAnqvoJVASgylfy7D6krCH0LIaxzkT2TVKajS
sLjTC5wsT2NjL479+YN40NOw8vLH/KIkTKfIrphYVPViBAqoIF57QQu86FWsplW2
B83JEnTW9gMMRE32+o5SwDR9G7OLguFPPv5I7hG7axazZJv/4pn7EgIkvladAYbZ
O1+v6fN9F7qa206S/4EtnYu5dMXK7ZUlzk51UIN/aHKrp2+UbIT6Q2M7uhwNYSAa
ABvye9CMoa1MjHFx53fHS0n+YJp9OLcwmEgwuMhySGrSUY/SC54e62YtpenOe1y5
f9KAean5mpzg4BMp6JX/pdt3SRKlpl5g6Dlmod+Qb49yj2PieDpPK1mxBWdojL8G
UDlRcDYKVxH7JnbEa6YKvbAE4AUSDq6oVgJB2zOHR0lJbAmGoWSq0LyGvgnbZMTv
zTk5dd2tTULxM82P8Iy8PdFxqtcpZ814dke+p5iVw+3EJjek5BUbJ9p1POrMkVIs
IAZtufL3xiLc7mZsTk4Nqxxk0n/AceSQV6pFUKlGcaQN2/+GYLVeD8lVEKxujB25
rNKO5NkEsb/I+x0=
=o6fs
-----END PGP SIGNATURE-----

--- End Message ---