Bug#922066: marked as done (CVE-2019-1000016)

To: James Cowgill <jcowgill@debian.org>
Subject: Bug#922066: marked as done (CVE-2019-1000016)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Fri, 15 Feb 2019 11:21:07 +0000
Message-id: <[🔎] handler.922066.D922066.155022961712672.ackdone@bugs.debian.org>
Reply-to: 922066@bugs.debian.org
References: <E1gubXS-000HYC-OB@fasolo.debian.org> <[🔎] 154990487746.8947.1024206222572151708.reportbug@hullmann.westfalen.local>

Your message dated Fri, 15 Feb 2019 11:20:14 +0000
with message-id <E1gubXS-000HYC-OB@fasolo.debian.org>
and subject line Bug#922066: fixed in ffmpeg 7:4.1.1-1
has caused the Debian Bug report #922066,
regarding CVE-2019-1000016
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
922066: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922066
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2019-1000016

From: Moritz Muehlenhoff <jmm@debian.org>

Date: Mon, 11 Feb 2019 18:07:57 +0100

Message-id: <[🔎] 154990487746.8947.1024206222572151708.reportbug@hullmann.westfalen.local>
Package: ffmpeg
Version: 7:4.1-1
Severity: important
Tags: security

Please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1000016

Cheers,
        Moritz
--- End Message ---

--- Begin Message ---

To: 922066-close@bugs.debian.org
Subject: Bug#922066: fixed in ffmpeg 7:4.1.1-1
From: James Cowgill <jcowgill@debian.org>
Date: Fri, 15 Feb 2019 11:20:14 +0000
Message-id: <E1gubXS-000HYC-OB@fasolo.debian.org>

Source: ffmpeg
Source-Version: 7:4.1.1-1

We believe that the bug you reported is fixed in the latest version of
ffmpeg, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 922066@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
James Cowgill <jcowgill@debian.org> (supplier of updated ffmpeg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 15 Feb 2019 09:35:05 +0000
Source: ffmpeg
Architecture: source
Version: 7:4.1.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: James Cowgill <jcowgill@debian.org>
Closes: 922066
Changes:
 ffmpeg (7:4.1.1-1) unstable; urgency=medium
 .
   * New upstream release.
     - cbs_av1: Fix reading of overlong uvlc codes (CVE-2019-1000016)
       (Closes: #922066)
Checksums-Sha1:
 f89143a25d29e266ed2a5753b02a8a629035ff31 5208 ffmpeg_4.1.1-1.dsc
 0e4a905c49b9c9bc9d9a057b42c57b9397efc3b4 8893404 ffmpeg_4.1.1.orig.tar.xz
 54a5e5c17a328214e4c092eec03e53899059e41a 473 ffmpeg_4.1.1.orig.tar.xz.asc
 c62e64d12ecfe6b2ef2936bf45be2f5fb5817fb0 47452 ffmpeg_4.1.1-1.debian.tar.xz
 b128edf3bc412bc4c81d9a23734507fab0beacb2 9547 ffmpeg_4.1.1-1_source.buildinfo
Checksums-Sha256:
 9aa25446c1b9668232806099f912638875c5eb4d98e93a253cc29de627733b87 5208 ffmpeg_4.1.1-1.dsc
 373749824dfd334d84e55dff406729edfd1606575ee44dd485d97d45ea4d2d86 8893404 ffmpeg_4.1.1.orig.tar.xz
 43fac7652a7d390c73f0f4b969363ccdabfc028c66faa905e62393888a3d210b 473 ffmpeg_4.1.1.orig.tar.xz.asc
 45950f51f7058d6509de53854df00e8337b2518517c75ac537bd31e4f980619b 47452 ffmpeg_4.1.1-1.debian.tar.xz
 6b26cb86544e654b2c490cb061039fc5bb5d9da5a6269bbcda49d0b49f353887 9547 ffmpeg_4.1.1-1_source.buildinfo
Files:
 dfc12406650364bafc68604aee703a04 5208 video optional ffmpeg_4.1.1-1.dsc
 720fc84617a2c38aeae79aff3689a567 8893404 video optional ffmpeg_4.1.1.orig.tar.xz
 a8f4335aa3eaf1cdeb5822fbe04cbb75 473 video optional ffmpeg_4.1.1.orig.tar.xz.asc
 8df3fac1bf68c7b892ff27308931f4cb 47452 video optional ffmpeg_4.1.1-1.debian.tar.xz
 ca22ed0ae66dfa77b1bb914b0bf1c42c 9547 video optional ffmpeg_4.1.1-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAlxmntkUHGpjb3dnaWxs
QGRlYmlhbi5vcmcACgkQx/FnbeotAe/xNg//cLqwr9yjM8HbvK3Rbtr0UZXJWZPl
D6gmjRPuyUtDR/JPXqtxYNQ8eBKcsAqTxiJQNCHQI7HjDixHhDrfjDTmWoQB9J9q
y7CTQ2nRvecv8VHABWiXlbSkBntwRP4fTm+FfKZ2W1x+L8uJpGEw/PQXC1fxh5zm
AXgZnGTCBUFFY+QEMk202ub/8P8NiHuIZTnZp77BnY0mYZZNdIyiZD0Jo6Mg3pFt
fF1HRab8va+CCpLdTDkgc0RwWirhuy+1lqK9Vb6oCmW7Xh2JZtZ42fPF3QK3Wlc8
1DIp6G3JNhCGqNmHg1sJPQQ6YaLYQpHU9GEgsL9rA6Fa+JodMNzK/e8ekBjFFL28
aQaPd2opotXkDt1LtOuX3gTAXG/NNL2CNd6UOaGFq6A8S27D+U8Hcc9BUAYM1NJq
tWjRRS8h0n/hijhRZOnWD7Zn/wcZI1gQIeHgztmBiRSf+MXYRM727xf9E4GRQ7j4
/w+jt6GgKuzXInpS6WdlmS8MRc6BNZ0NfK9GYde7+PfTDnaVr+Qk8WlficMfI7Oh
Jdf6x556VJmmVHVaTcEJlqHzh/VuTrqvA33IcZzgybkwhyu3WS8MMWBNC1PVjOPR
UG66YWVvY+Ac52a+hnGPaZ22waAGIs93dIGlTYcg717BJ3j3tlHF/EDOK252XZ6e
gQLR2sP9LKkcZJE=
=Lptw
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#922066: CVE-2019-1000016
  - From: Moritz Muehlenhoff <jmm@debian.org>

Prev by Date: libopenmpt_0.4.3-1_source.changes ACCEPTED into unstable
Next by Date: Processing of ffmpeg_4.1.1-1_source.changes
Previous by thread: Bug#922066: CVE-2019-1000016
Next by thread: Processed: tagging 922066
Index(es):
- Date
- Thread