Your message dated Mon, 19 Aug 2019 01:38:51 +0000 with message-id <E1hzWdH-000FMY-Ly@fasolo.debian.org> and subject line Bug#934613: fixed in mpg123 1.25.11-1 has caused the Debian Bug report #934613, regarding New mpg123 1.25.11 version available fixing potential security issues to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 934613: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934613 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: New mpg123 1.25.11 version available fixing potential security issues
- From: Sebastien Bacher <seb128@debian.org>
- Date: Mon, 12 Aug 2019 15:09:56 +0200
- Message-id: <[🔎] 296cf378-d7f8-2133-629b-8adbf8029c55@debian.org>
Package: mpg123
Version: 1.25.10-2
Hey there,
There is a new upstream version available (http://mpg123.org/cgi-bin/news.cgi) that fixes some potential security issue
'
- Fix out-of-bounds reads in ID3 parser for unsynced frames. (oss-fuzz-bug 15852)
- Fix out-of-bounds read for RVA2 frames with non-delimited identifier. (oss-fuzz-bug 15852)
- Fix implementation-defined parsing of RVA2 values. (oss-fuzz-bug 15862)'
Would be nice to have the updated verison uploaded to Debian
Thanks,
--- End Message ---
--- Begin Message ---
- To: 934613-close@bugs.debian.org
- Subject: Bug#934613: fixed in mpg123 1.25.11-1
- From: Sebastian Ramacher <sramacher@debian.org>
- Date: Mon, 19 Aug 2019 01:38:51 +0000
- Message-id: <E1hzWdH-000FMY-Ly@fasolo.debian.org>
Source: mpg123 Source-Version: 1.25.11-1 We believe that the bug you reported is fixed in the latest version of mpg123, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 934613@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sebastian Ramacher <sramacher@debian.org> (supplier of updated mpg123 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 18 Aug 2019 21:24:10 +0200 Source: mpg123 Architecture: source Version: 1.25.11-1 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org> Changed-By: Sebastian Ramacher <sramacher@debian.org> Closes: 934613 Changes: mpg123 (1.25.11-1) unstable; urgency=medium . * Team upload. . [ Ondřej Nový ] * d/watch: Use https protocol * Use debhelper-compat instead of debian/compat . [ Sebastian Ramacher ] * New upstream release. (Closes: #934613) * debian/control: - Bump debhelper compat to 12. - Bump Standards-Version. * debian/libmpg123-0.lintian-overrides: Use architecture-specific overrides. Checksums-Sha1: bad7f90ea3ad918a9484f296f3f18e0d8ec09336 2533 mpg123_1.25.11-1.dsc 25f3e8f8599d3ffc480858799ea6f8620f48543d 909478 mpg123_1.25.11.orig.tar.bz2 a7f810c096f7baa36efddebfb95f33a77b9ae5fe 566 mpg123_1.25.11.orig.tar.bz2.asc bcf7f5c14c33a0e7463b7a68cd3367a058b4a80c 23724 mpg123_1.25.11-1.debian.tar.xz Checksums-Sha256: db91e4ba7164225d6a1a42c52e5daa83e80211f78b48fd49c9e8be7ecdfb88f9 2533 mpg123_1.25.11-1.dsc df063307faa27c7d9efe63d2139b1564cfc7cdbb7c6f449c89ef8faabfa0eab2 909478 mpg123_1.25.11.orig.tar.bz2 0ce10ff37ea8bc377ce7bdc36887e23ee2557754b6e4daa49c24fac984a1317e 566 mpg123_1.25.11.orig.tar.bz2.asc cfd234b584f240fcef3c2efee3d1e67f47611682c182a64c6f82b087eb4baf31 23724 mpg123_1.25.11-1.debian.tar.xz Files: 0e646c88761ba17c8d4890084639f2a5 2533 sound optional mpg123_1.25.11-1.dsc 64749512a6fdc117227abe13fee4cc36 909478 sound optional mpg123_1.25.11.orig.tar.bz2 a9af6733711f82a0242567aca1c70a7d 566 sound optional mpg123_1.25.11.orig.tar.bz2.asc 1e5dd5a50b12793a492783d9a7662655 23724 sound optional mpg123_1.25.11-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAl1ZpkAACgkQafL8UW6n GZN9Lw//YAT/cs/i+x7PKpXEv12HmkVecatqkC4PDDQcPHGorGRYvMI2nJ8agvLQ k4kohPcbyEFn40p9foPgz2uRTtL9mUdbWUVdijnRifO0pNpNskfRBmgwrMas43ce 6c9Ct1h5hgdODO6/EljW1zseQnhMu7vGTUryUK06Q8h2C78bJZGGMmQd8ttrefYy 79yi6vHpgtpZ5hP/kPfa2aZRpQVNDoCzehcaiEtmY0mAsTv/Pv/P6nqAKpZO5vA5 ZdYKeHvl1aY98g2ONwW5TYQO9ZjStL6nXunV2QW7PLHKBW+ZYR1GDhMbEkD3DwkX 86BwmIFCGpIsx5aYZLa3RGyuIGFVVcGk6yZYsZ+jL1JuQfB2Ao3V3YMl3E0PdcCI 6JcMbfQPCzjXU8SivxWBt3BVRbit1T6osWSJv5PsSqlFUPcaIlaAS8bO2v7KbtAa LGArbXeDvkCTaqSa4O31WdIqX1yD4/Sn2b1/gJKk4yQdwGeEdyldZtaJF6Ty34sV bC3s1i4SkC4H9MBFYA3JMuTr/baqyhx6m3u3aIo8OmVEohZKSW86V6YWlkMtOpdC 9qNT4AYt07INAKNq0wFuNOx836QbpUn+93vyyghv5kuB3380N9VWDEO5KzkEJ0xc j/LDkpZ2T9mud4L289AEk4SBghEGwyUykJCHQecieGd/INPnVL8= =l2pZ -----END PGP SIGNATURE-----
--- End Message ---