Your message dated Fri, 15 Mar 2019 15:35:51 +0100 with message-id <20190315143551.GA15425@ramacher.at> and subject line Re: Bug#924655: liblivemedia: CVE-2019-9215: invalid memory access in parseAuthorizationHeader has caused the Debian Bug report #924655, regarding liblivemedia: CVE-2019-9215: invalid memory access in parseAuthorizationHeader to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 924655: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924655 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: liblivemedia: CVE-2019-9215: invalid memory access in parseAuthorizationHeader
- From: Hugo Lefeuvre <hle@debian.org>
- Date: Fri, 15 Mar 2019 15:05:21 +0100
- Message-id: <[🔎] 20190315140521.GA1483@behemoth.owl.eu.com.local>
Source: liblivemedia Version: 2018.11.26-1 Severity: normal Tags: security upstream Hi, The following vulnerability was published for liblivemedia. CVE-2019-9215[0]: malformed headers lead to invalid memory access in the parseAuthorizationHeader function. I see this vulnerability was fixed in experimental via new upstream release 2019.02.27-1. This is a fairly severe issue so we should probably backport the patch to Buster as well. regards, Hugo [0] https://security-tracker.debian.org/tracker/CVE-2019-9215 -- Hugo Lefeuvre (hle) | www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4CAttachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: Hugo Lefeuvre <hle@debian.org>, 924655-done@bugs.debian.org
- Subject: Re: Bug#924655: liblivemedia: CVE-2019-9215: invalid memory access in parseAuthorizationHeader
- From: Sebastian Ramacher <sramacher@debian.org>
- Date: Fri, 15 Mar 2019 15:35:51 +0100
- Message-id: <20190315143551.GA15425@ramacher.at>
- In-reply-to: <[🔎] 20190315140521.GA1483@behemoth.owl.eu.com.local>
- References: <[🔎] 20190315140521.GA1483@behemoth.owl.eu.com.local>
Version: 2019.02.27-1 On 2019-03-15 15:05:21, Hugo Lefeuvre wrote: > Source: liblivemedia > Version: 2018.11.26-1 > Severity: normal > Tags: security upstream > > Hi, > > The following vulnerability was published for liblivemedia. > > CVE-2019-9215[0]: malformed headers lead to invalid memory access in > the parseAuthorizationHeader function. > > I see this vulnerability was fixed in experimental via new upstream > release 2019.02.27-1. This is a fairly severe issue so we should > probably backport the patch to Buster as well. Unless a CVE affects the client part of the library, I don't think it's worth it. The client part is the only part used by reverse dependencies. Cheers -- Sebastian RamacherAttachment: signature.asc
Description: PGP signature
--- End Message ---