Bug#939735: marked as done (libmysofa: CVE-2019-16091 CVE-2019-16092 CVE-2019-16093 CVE-2019-16094 CVE-2019-16095)
Your message dated Tue, 17 Sep 2019 09:19:35 +0000
with message-id <E1iA9e3-0003TM-Mu@fasolo.debian.org>
and subject line Bug#939735: fixed in libmysofa 0.8~dfsg0-1
has caused the Debian Bug report #939735,
regarding libmysofa: CVE-2019-16091 CVE-2019-16092 CVE-2019-16093 CVE-2019-16094 CVE-2019-16095
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
939735: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939735
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Source: libmysofa
Version: 0.7~dfsg0-1
Severity: grave
Tags: security upstream
Justification: user security hole
Hi,
The following vulnerabilities were published for libmysofa.
CVE-2019-16091[0]:
| Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in
| hdf/fractalhead.c.
CVE-2019-16092[1]:
| Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in
| hrtf/reader.c.
CVE-2019-16093[2]:
| Symonics libmysofa 0.7 has an invalid write in
| readOHDRHeaderMessageDataLayout in hdf/dataobject.c.
CVE-2019-16094[3]:
| Symonics libmysofa 0.7 has an invalid read in
| readOHDRHeaderMessageDataLayout in hdf/dataobject.c.
CVE-2019-16095[4]:
| Symonics libmysofa 0.7 has an invalid read in getDimension in
| hrtf/reader.c.
Fixes seem all included in the range at [5].
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-16091
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16091
[1] https://security-tracker.debian.org/tracker/CVE-2019-16092
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16092
[2] https://security-tracker.debian.org/tracker/CVE-2019-16093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16093
[3] https://security-tracker.debian.org/tracker/CVE-2019-16094
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16094
[4] https://security-tracker.debian.org/tracker/CVE-2019-16095
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16095
[5] https://github.com/hoene/libmysofa/compare/f571522...e07edb3
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libmysofa
Source-Version: 0.8~dfsg0-1
We believe that the bug you reported is fixed in the latest version of
libmysofa, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 939735@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org> (supplier of updated libmysofa package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 17 Sep 2019 10:42:42 +0200
Source: libmysofa
Architecture: source
Version: 0.8~dfsg0-1
Distribution: unstable
Urgency: high
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>
Closes: 939735
Changes:
libmysofa (0.8~dfsg0-1) unstable; urgency=high
.
* New upstream version 0.8~dfsg0
* Closes: #939735
- CVE-2019-16091
- CVE-2019-16092
- CVE-2019-16093
- CVE-2019-16094
- CVE-2019-16095
* Add new symbols to d/libmysofa0.symbols
* Refresh d/copyright
* Add licensecheck target to d/rules
* Regenerate d/copyright_hints
Checksums-Sha1:
b2094e9f9af4d2ee4f4461bc5b72f6abbd71cb6a 2326 libmysofa_0.8~dfsg0-1.dsc
d06d762e6765c63f0f391ded55f78fe5bda37706 16858840 libmysofa_0.8~dfsg0.orig.tar.xz
151678d4824525ddd8b2904847d2810b08c49660 15024 libmysofa_0.8~dfsg0-1.debian.tar.xz
Checksums-Sha256:
05f29f4bac0adbcaa4405429dc46caa9bd3e5951dd5642590a1706b4efa58d46 2326 libmysofa_0.8~dfsg0-1.dsc
633df5c64a41e4a3ccf91b239a9c9f0dea204e7ed81e9a8cee5779b90d0d41d1 16858840 libmysofa_0.8~dfsg0.orig.tar.xz
1db474d963bc36057a64b4517ae16e88bd79008234598989394fae6e74eda03d 15024 libmysofa_0.8~dfsg0-1.debian.tar.xz
Files:
46a24fe0393a506277b94823f6ee2b35 2326 devel optional libmysofa_0.8~dfsg0-1.dsc
aa704b626b1b1d23bd096c099e824085 16858840 devel optional libmysofa_0.8~dfsg0.orig.tar.xz
d4d951f82cd2b62ef288d575a0600f63 15024 devel optional libmysofa_0.8~dfsg0-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJQBAEBCAA6FiEEdAXnRVdICXNIABVttlAZxH96NvgFAl2AnrYcHGpvaGFubmVz
Lnptb2VsbmlnQGt1Zy5hYy5hdAAKCRC2UBnEf3o2+P49D/0Uzv5S17R+vyLYSGBY
Yrt7Zu1iJxwviLA/ggVvWTWA4hFmXnY2ky82M6Dy5JV3Nbh/x/GzEU+A4ZYq/fxm
K0+Y9bgMGLULeCciXJNAuQ1YF5FDHtvaeQCvsYnnUJyXijgUupSgizxeE83EbkR7
sCCtYsk8QVWHKTDx04bQKeJ+WYt2h6QasuX0ZxmwKaFPZpnjtQgyRJxkumE0RHDe
EjIKE6CHACNoQqAwAWk68wct8Wy+eEqei4F6mLpyPzzIIFFGiID4eSemVZ6rNOwg
kMTTnRsYeawJ482Djj9J7g9S5uymX1u+OTPkFSM8+M/imB7LeBtHzsjo/lq7iFlB
oYrkhdHMaUWClrLeU44lnMiKc1nuV/tYchIXmNV0qfDezHtIi4HCoxbi+csm5kJe
NVmEHyivZJYkUya1ahkqcvKTK0xrE+KpVm4xYEw9ldfkKwh8h7NK1uLIWoa7giy/
xRewARiR7PvX1PRluyxx9DOSeIFW0lFW7O3EpZu1KiJNplsrHntgGwIfyjnIB34i
U/k4ba5jG2a8BeFlS6b2BgSUeEMZOASM9NKakxauMGrK97XmD29VBJN9HxhGQu1C
hEUNP4Hlpi5iCjNykIEs6TgIeieQB91p5IrnG2XNHSnxb8/LDD3EvAkc/dVV678K
UC2u2hYTEjOfSaDLdNKX2hXESA==
=cQN2
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: