Bug#934613: marked as done (New mpg123 1.25.11 version available fixing potential security issues)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Mon, 19 Aug 2019 01:38:51 +0000
with message-id <E1hzWdH-000FMY-Ly@fasolo.debian.org>
and subject line Bug#934613: fixed in mpg123 1.25.11-1
has caused the Debian Bug report #934613,
regarding New mpg123 1.25.11 version available fixing potential security issues
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
934613: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934613
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: New mpg123 1.25.11 version available fixing potential security issues
• From: Sebastien Bacher <seb128@debian.org>
• Date: Mon, 12 Aug 2019 15:09:56 +0200
• Message-id: <[🔎] 296cf378-d7f8-2133-629b-8adbf8029c55@debian.org>

Package: mpg123
Version: 1.25.10-2

Hey there,

There is a new upstream version available (http://mpg123.org/cgi-bin/news.cgi) that fixes some potential security issue

'

• Fix out-of-bounds reads in ID3 parser for unsynced frames. (oss-fuzz-bug 15852)
• Fix out-of-bounds read for RVA2 frames with non-delimited identifier. (oss-fuzz-bug 15852)
• Fix implementation-defined parsing of RVA2 values. (oss-fuzz-bug 15862)'

Would be nice to have the updated verison uploaded to Debian

Thanks,

--- End Message ---

--- Begin Message ---

• To: 934613-close@bugs.debian.org
• Subject: Bug#934613: fixed in mpg123 1.25.11-1
• From: Sebastian Ramacher <sramacher@debian.org>
• Date: Mon, 19 Aug 2019 01:38:51 +0000
• Message-id: <E1hzWdH-000FMY-Ly@fasolo.debian.org>

Source: mpg123
Source-Version: 1.25.11-1

We believe that the bug you reported is fixed in the latest version of
mpg123, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 934613@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Ramacher <sramacher@debian.org> (supplier of updated mpg123 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 18 Aug 2019 21:24:10 +0200
Source: mpg123
Architecture: source
Version: 1.25.11-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Sebastian Ramacher <sramacher@debian.org>
Closes: 934613
Changes:
 mpg123 (1.25.11-1) unstable; urgency=medium
 .
   * Team upload.
 .
   [ Ondřej Nový ]
   * d/watch: Use https protocol
   * Use debhelper-compat instead of debian/compat
 .
   [ Sebastian Ramacher ]
   * New upstream release. (Closes: #934613)
   * debian/control:
     - Bump debhelper compat to 12.
     - Bump Standards-Version.
   * debian/libmpg123-0.lintian-overrides: Use architecture-specific overrides.
Checksums-Sha1:
 bad7f90ea3ad918a9484f296f3f18e0d8ec09336 2533 mpg123_1.25.11-1.dsc
 25f3e8f8599d3ffc480858799ea6f8620f48543d 909478 mpg123_1.25.11.orig.tar.bz2
 a7f810c096f7baa36efddebfb95f33a77b9ae5fe 566 mpg123_1.25.11.orig.tar.bz2.asc
 bcf7f5c14c33a0e7463b7a68cd3367a058b4a80c 23724 mpg123_1.25.11-1.debian.tar.xz
Checksums-Sha256:
 db91e4ba7164225d6a1a42c52e5daa83e80211f78b48fd49c9e8be7ecdfb88f9 2533 mpg123_1.25.11-1.dsc
 df063307faa27c7d9efe63d2139b1564cfc7cdbb7c6f449c89ef8faabfa0eab2 909478 mpg123_1.25.11.orig.tar.bz2
 0ce10ff37ea8bc377ce7bdc36887e23ee2557754b6e4daa49c24fac984a1317e 566 mpg123_1.25.11.orig.tar.bz2.asc
 cfd234b584f240fcef3c2efee3d1e67f47611682c182a64c6f82b087eb4baf31 23724 mpg123_1.25.11-1.debian.tar.xz
Files:
 0e646c88761ba17c8d4890084639f2a5 2533 sound optional mpg123_1.25.11-1.dsc
 64749512a6fdc117227abe13fee4cc36 909478 sound optional mpg123_1.25.11.orig.tar.bz2
 a9af6733711f82a0242567aca1c70a7d 566 sound optional mpg123_1.25.11.orig.tar.bz2.asc
 1e5dd5a50b12793a492783d9a7662655 23724 sound optional mpg123_1.25.11-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAl1ZpkAACgkQafL8UW6n
GZN9Lw//YAT/cs/i+x7PKpXEv12HmkVecatqkC4PDDQcPHGorGRYvMI2nJ8agvLQ
k4kohPcbyEFn40p9foPgz2uRTtL9mUdbWUVdijnRifO0pNpNskfRBmgwrMas43ce
6c9Ct1h5hgdODO6/EljW1zseQnhMu7vGTUryUK06Q8h2C78bJZGGMmQd8ttrefYy
79yi6vHpgtpZ5hP/kPfa2aZRpQVNDoCzehcaiEtmY0mAsTv/Pv/P6nqAKpZO5vA5
ZdYKeHvl1aY98g2ONwW5TYQO9ZjStL6nXunV2QW7PLHKBW+ZYR1GDhMbEkD3DwkX
86BwmIFCGpIsx5aYZLa3RGyuIGFVVcGk6yZYsZ+jL1JuQfB2Ao3V3YMl3E0PdcCI
6JcMbfQPCzjXU8SivxWBt3BVRbit1T6osWSJv5PsSqlFUPcaIlaAS8bO2v7KbtAa
LGArbXeDvkCTaqSa4O31WdIqX1yD4/Sn2b1/gJKk4yQdwGeEdyldZtaJF6Ty34sV
bC3s1i4SkC4H9MBFYA3JMuTr/baqyhx6m3u3aIo8OmVEohZKSW86V6YWlkMtOpdC
9qNT4AYt07INAKNq0wFuNOx836QbpUn+93vyyghv5kuB3380N9VWDEO5KzkEJ0xc
j/LDkpZ2T9mud4L289AEk4SBghEGwyUykJCHQecieGd/INPnVL8=
=l2pZ
-----END PGP SIGNATURE-----

--- End Message ---