Bug#933964: marked as done (milkytracker: CVE-2019-14464 CVE-2019-14496 CVE-2019-14497)
Your message dated Mon, 28 Oct 2019 17:49:07 +0000
with message-id <E1iP98d-0005Pe-QG@fasolo.debian.org>
and subject line Bug#933964: fixed in milkytracker 1.02.00+dfsg-2
has caused the Debian Bug report #933964,
regarding milkytracker: CVE-2019-14464 CVE-2019-14496 CVE-2019-14497
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
933964: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933964
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: milkytracker: CVE-2019-14464 CVE-2019-14496 CVE-2019-14497
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Mon, 05 Aug 2019 17:12:13 +0200
- Message-id: <156501793382.26079.14846367708674362197.reportbug@eldamar.local>
Source: milkytracker
Version: 1.02.00+dfsg-1
Severity: important
Tags: security upstream
Hi,
The following vulnerabilities were published for milkytracker.
CVE-2019-14464[0]:
| XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a
| heap-based buffer overflow.
CVE-2019-14496[1]:
| LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00
| has a stack-based buffer overflow.
CVE-2019-14497[2]:
| ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in
| MilkyTracker 1.02.00 has a heap-based buffer overflow.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-14464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14464
[1] https://security-tracker.debian.org/tracker/CVE-2019-14496
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14496
[2] https://security-tracker.debian.org/tracker/CVE-2019-14497
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14497
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: milkytracker
Source-Version: 1.02.00+dfsg-2
We believe that the bug you reported is fixed in the latest version of
milkytracker, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 933964@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
James Cowgill <jcowgill@debian.org> (supplier of updated milkytracker package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 28 Oct 2019 17:28:45 +0000
Source: milkytracker
Architecture: source
Version: 1.02.00+dfsg-2
Distribution: unstable
Urgency: high
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: James Cowgill <jcowgill@debian.org>
Closes: 933964
Changes:
milkytracker (1.02.00+dfsg-2) unstable; urgency=high
.
[ Utkarsh Gupta ]
* Add patch to fix heap-based and stack-based buffer overflows.
(Closes: #933964) (Fixes: CVE-2019-14464, CVE-2019-14496, CVE-2019-14497)
.
[ Ondřej Nový ]
* d/control: Unify Maintainer field to Debian Multimedia Maintainers.
* Use debhelper-compat instead of debian/compat.
.
[ Gürkan Myczko ]
* Update list of tracker music applications in d/control and
d/milkytracker.1.
.
[ Olivier Humbert ]
* Update d/control : http -> https + remove 1 useless empty line.
* Update d/copyright : http->https + remove 1 empty line.
* Update d/milkytracker.desktop: add a French comment.
Checksums-Sha1:
8679d0ea6a2788e891bdec28299d4548b78f4355 2345 milkytracker_1.02.00+dfsg-2.dsc
270d87da4a2c0f8c731fafd3c858184bbfa23c0d 8132 milkytracker_1.02.00+dfsg-2.debian.tar.xz
Checksums-Sha256:
c6062c70019ffe1add6f47cebe5d7f1ffa64fd0e0f8a7abf2e39772369543eaa 2345 milkytracker_1.02.00+dfsg-2.dsc
a67d49224fd677a6d19c574c243b2ef758da0b53f24b5c116c0a2d5577588f73 8132 milkytracker_1.02.00+dfsg-2.debian.tar.xz
Files:
e635c2bb7b52d4fc108bf79fb7bad7a4 2345 sound optional milkytracker_1.02.00+dfsg-2.dsc
159c544e26ecea002506d7beb48cf854 8132 sound optional milkytracker_1.02.00+dfsg-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAl23JxwUHGpjb3dnaWxs
QGRlYmlhbi5vcmcACgkQx/FnbeotAe8gWg/9HH8WIllqnpfCqca9JbJSwBZjsLbF
T8I+3IxrbFOKdvIaMRoT/3fvfh+SuwnQEC3bym0V+k1IeVt6VAQ5WZ7hu7GeofMT
Dax6aR9s3647/kiUKzHknQCKpXQnPet1BF5r+gYcDgKdphlk4XwDSwD7na+cobwb
/nCP7jFNdX5/JWVgJxCFTGvaopldPzJmtM78DGuoCm5UD7FFuzyjDGGsYiDEMu//
URvT0NQjVaMd5YPSJDCuwJRxinXLmQCryK2KZRGZzO1N80Gjmw4vQE+4yxDxLADj
dTacxvmX8RNdIt+wM1B/FCR4xl/xTi3SiSLgoUroOe9S0PGwMsyVXJ6jltcBzAND
ohQnozJluBSitz9QN6gq82eGx5l5g2B4H5Y1G9176B+MZfkHTb89LP5CfMQMI2B7
22qXMrNI8dSRGKXJUBZ0Ir3ucHLd+4IbGfugVRPn6gxnEeHqtR5oFY5xcSpRTaTl
orxyYeYucz1W9ugkMSnt/VXgmWE3iY+xeKZ5vWso428koKQM7qs6hZRww/9XoPQ4
hn5AItcm4rrlm87jC91vdCjKIqHXcXWfKvuVMU3O2luI8a+tzbqWYa4rdhtm6pXc
0OZggxvyFjYc2bqtaWLpDCcPizHcrRCjei/o6HO5yu6Hvmf5Q/IDl5A4QHPriEtw
+dmXdVCUXULPjNs=
=FN7B
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: