Bug#926666: marked as done (CVE-2019-9718 CVE-2019-9721)

To: Sebastian Ramacher <sramacher@debian.org>
Subject: Bug#926666: marked as done (CVE-2019-9718 CVE-2019-9721)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sun, 19 May 2019 16:21:04 +0000
Message-id: <[🔎] handler.926666.D926666.155828272531408.ackdone@bugs.debian.org>
Reply-to: 926666@bugs.debian.org
References: <E1hSOWJ-0000fl-GP@fasolo.debian.org> <155474830323.30456.1503153698392265673.reportbug@hullmann.westfalen.local>

Your message dated Sun, 19 May 2019 16:18:43 +0000
with message-id <E1hSOWJ-0000fl-GP@fasolo.debian.org>
and subject line Bug#926666: fixed in ffmpeg 7:4.1.3-1
has caused the Debian Bug report #926666,
regarding CVE-2019-9718 CVE-2019-9721
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
926666: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926666
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2019-9718 CVE-2019-9721

From: Moritz Muehlenhoff <jmm@debian.org>

Date: Mon, 08 Apr 2019 20:31:43 +0200

Message-id: <155474830323.30456.1503153698392265673.reportbug@hullmann.westfalen.local>
Package: ffmpeg
Version: 7:4.1.1-1
Severity: important
Tags: security

https://security-tracker.debian.org/tracker/CVE-2019-9718
https://security-tracker.debian.org/tracker/CVE-2019-9721

Both a fixed in the 4.1.3 release, which also fixes a number of
additional issues without a CVE ID.

Cheers,
        Moritz
--- End Message ---

--- Begin Message ---

To: 926666-close@bugs.debian.org
Subject: Bug#926666: fixed in ffmpeg 7:4.1.3-1
From: Sebastian Ramacher <sramacher@debian.org>
Date: Sun, 19 May 2019 16:18:43 +0000
Message-id: <E1hSOWJ-0000fl-GP@fasolo.debian.org>

Source: ffmpeg
Source-Version: 7:4.1.3-1

We believe that the bug you reported is fixed in the latest version of
ffmpeg, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 926666@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Ramacher <sramacher@debian.org> (supplier of updated ffmpeg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 19 May 2019 17:22:10 +0200
Source: ffmpeg
Architecture: source
Version: 7:4.1.3-1
Distribution: unstable
Urgency: high
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Sebastian Ramacher <sramacher@debian.org>
Closes: 926666
Changes:
 ffmpeg (7:4.1.3-1) unstable; urgency=high
 .
   * Team upload.
   * New upstream release. (Closes: #926666)
     - Fix bug in subtitle decoder enabling DoS attacks (CVE-2019-9718,
       CVE-2019-9721)
     - Fix bug in studio profile decoder enabling DoS attacks (CVE-2019-11339)
     - Fix bug mishandling HEVC data enabling DoS attacks (CVE-2019-11338)
Checksums-Sha1:
 fbbe8dfce895ec10ea1d317696e9c0623359d755 5179 ffmpeg_4.1.3-1.dsc
 1c99bfe0323477fc302baec4c825f2e49634c466 8895988 ffmpeg_4.1.3.orig.tar.xz
 df69f4eff63cc54ec03e9a2e414998f6e28156f4 473 ffmpeg_4.1.3.orig.tar.xz.asc
 7fe65dec4a3de0a51575e738672623bbc93930d5 47504 ffmpeg_4.1.3-1.debian.tar.xz
Checksums-Sha256:
 91840eaa390e1fdb3c089ccda6de9d23ad840a5a69b2d75391d8fcee440209dc 5179 ffmpeg_4.1.3-1.dsc
 0c3020452880581a8face91595b239198078645e7d7184273b8bcc7758beb63d 8895988 ffmpeg_4.1.3.orig.tar.xz
 8e88fe42e57d9375a7848c03d5d5a0421dcfe5efade401cda13851bbbfe59a72 473 ffmpeg_4.1.3.orig.tar.xz.asc
 eb0c9fa87a695a883f57e37efaa5a352405751aa53060da06d7fb4add0ac8220 47504 ffmpeg_4.1.3-1.debian.tar.xz
Files:
 ac7612538434cb6a26938e3222053817 5179 video optional ffmpeg_4.1.3-1.dsc
 dcc20dd2682ea01c678b7b8324339d43 8895988 video optional ffmpeg_4.1.3.orig.tar.xz
 be36a4412f6ff92b3b5781b6ec829c6f 473 video optional ffmpeg_4.1.3.orig.tar.xz.asc
 da216ff4b5dbd023a47a4f15a051133f 47504 video optional ffmpeg_4.1.3-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAlzhezwACgkQafL8UW6n
GZN8chAAiC14gaxRqppfpQXyGpKMuCok5gI+HPx9cFIcxDTo0hI8J51omztQV0rm
+D0+KpZbjrA3CFIwNgQFPaYeI7ag5tJspAACpP93N0ecR8JTlVeIuV0zFh8W0ziu
+LhXxEphPEXmsgrqei/F8v1qC1klTck9S2DHtGrIC6FUKYO4lOuEpqSQkfmOqTVO
kDhqUjEJYF31LMUqwX+RCKr/XZQC27Hrd54yZRbYcteJmSvToo4mMJx0eOFRqVz/
OsvvI+s7g3N8m507On7fto0cYJPfb2eHYmqbIhiL8RBbpC9QYWImQ6sQlKTZAVtr
23XcZaTtb2YS+aslopKouNI4ZEnnDEbkwKHyR9MhVVm5sw1op0gBemf9uBVaPNKl
T7AqHb2qMnigOnjQGFHrxGLE0Ozq//cQoFq4lF/UcFazTS53A8XNlSfWbyGyAXwX
efMeQQfSAvV4IWlBHt2HCqqOkYoYhdw82rVHXQ/duRbs8Ssb4QJNgV0xDcot7W4E
PgY0o1YA7D/qkzo6wIGYZjLEcLNlj9H8WihxsB+FYEIztFNyfG4Tk2FaWiFzXxU3
ehqtDdvc3bCGajanWxnTWpsKvWFcG1OpfSfdBO69OjTvye/m0ijrR7D+12jQ5ePI
uUkn1jVYkHojDfFY3SOc1x8JXcUFNVC8C8hs5VRkofEamA2ULK4=
=B/wf
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Processing of ffmpeg_4.1.3-1_source.changes
Next by Date: Processed: Re: Bug#929016: i965-va-driver: Screen is not reenabled after beeing turned off
Previous by thread: Processing of ffmpeg_4.1.3-1_source.changes
Next by thread: ffmpeg_4.1.3-1_source.changes ACCEPTED into unstable
Index(es):
- Date
- Thread