Bug#964797: marked as done (milkytracker: CVE-2020-15569)

To: Adrian Bunk <bunk@debian.org>
Subject: Bug#964797: marked as done (milkytracker: CVE-2020-15569)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 01 Aug 2020 21:51:03 +0000
Message-id: <[🔎] handler.964797.D964797.159631856113742.ackdone@bugs.debian.org>
Reply-to: 964797@bugs.debian.org
References: <E1k1zNX-000C0H-Oa@fasolo.debian.org> <159439320317.1777891.6308657323607403960.reportbug@eldamar.local>

Your message dated Sat, 01 Aug 2020 21:49:19 +0000
with message-id <E1k1zNX-000C0H-Oa@fasolo.debian.org>
and subject line Bug#964797: fixed in milkytracker 1.02.00+dfsg-2.1
has caused the Debian Bug report #964797,
regarding milkytracker: CVE-2020-15569
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
964797: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964797
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: milkytracker: CVE-2020-15569
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 10 Jul 2020 17:00:03 +0200
Message-id: <159439320317.1777891.6308657323607403960.reportbug@eldamar.local>

Source: milkytracker
Version: 1.02.00+dfsg-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
Control: found -1 1.02.00+dfsg-1

Hi,

The following vulnerability was published for milkytracker.

CVE-2020-15569[0]:
| PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free
| in the PlayerGeneric destructor.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-15569
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15569
[1] https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

To: 964797-close@bugs.debian.org
Subject: Bug#964797: fixed in milkytracker 1.02.00+dfsg-2.1
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sat, 01 Aug 2020 21:49:19 +0000
Message-id: <E1k1zNX-000C0H-Oa@fasolo.debian.org>
Reply-to: Adrian Bunk <bunk@debian.org>

Source: milkytracker
Source-Version: 1.02.00+dfsg-2.1
Done: Adrian Bunk <bunk@debian.org>

We believe that the bug you reported is fixed in the latest version of
milkytracker, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 964797@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adrian Bunk <bunk@debian.org> (supplier of updated milkytracker package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 27 Jul 2020 16:26:05 +0300
Source: milkytracker
Architecture: source
Version: 1.02.00+dfsg-2.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Adrian Bunk <bunk@debian.org>
Closes: 964797
Changes:
 milkytracker (1.02.00+dfsg-2.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Add upstream fix for use-after-free in the PlayerGeneric
     destructor (CVE-2020-15569) (Closes: #964797)
   * debian/control: Update Homepage to the current one.
Checksums-Sha1:
 a4bfb172a3393ed20e4d2249631182cd26636266 2190 milkytracker_1.02.00+dfsg-2.1.dsc
 2cfac0ee2fd74b5b8a0107f25ff427321bd2ac6e 8612 milkytracker_1.02.00+dfsg-2.1.debian.tar.xz
Checksums-Sha256:
 4f2c8e37906a74ff760f13df6d5ff90abc57169fcdacd8c0f9fd44555f657bac 2190 milkytracker_1.02.00+dfsg-2.1.dsc
 e006b60f8f6397c2a4679271e4bea057f00b9bdd7dfccb508eb0d664c5eaaede 8612 milkytracker_1.02.00+dfsg-2.1.debian.tar.xz
Files:
 fdb06c473f928c3688930ab9532487fd 2190 sound optional milkytracker_1.02.00+dfsg-2.1.dsc
 d4a8dfcdf31f23acb103577e0f30071a 8612 sound optional milkytracker_1.02.00+dfsg-2.1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl8e2YAACgkQiNJCh6LY
mLGBBA/9GbIHmm3OCbx4tnxaViqeI5j4Cr9kcruEjsNX9x2texdNKO99i9X4IOtL
SzIKNjHcCn5B0EjZ+RFmFQaDg2ocRLzGx6P4Q2vzLfRFJteu+0EdwULS3TGRHdxg
LagOWq26dNAR3CF7QyGL3XMjIMt2/M7vNeMaMGWflpDYzh/mhMoKug6+UgK0N/Jw
EN0rJ6lefv8l3QOVs7csTutZMmzbyhX16b9KkIHnIge7QQDcFdGktiTBeTS1m6Nd
0Xzf27qBZGPEUOhMySVmi8FbkYKBhJ9wtssd9BYZp42FlPs7Lxd+0xsGs30wx1CR
6WDZI2dZhsjp9uyiBMRGYZ6zKv6Lo1Srud0lGL5H45fck5O6Y4COof+zMeEk149k
+7cq9qB0jBq1laXkIV+IYtTd2pGu38gWs3THNO4+R68/IQKEJhBCXMrVcVnevA58
fbt9iD/+ZlvD+BZlhxPggzPdNUZgmXw34cQ8ALxQQwyFpNBNy7d/OOvWwqDfllkp
I4sn3xWV1Un7o2Yg3YYLxl+KpZ6GYWPo9zhcO3SpYGovu4fKFMvZvppO4mjh/cY6
eJ/6X7+IJEsfuqp4ZBaHUdg5UOgcwPS3v4q2gxKnWI5idM/VOJ1DdmqJCmBBRB7c
5FnyhFJSs7kkN4Uf6T2jO4ribkJawsZSS0ASQP12TTuB4EDvKOw=
=XJaR
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#964312: Update
Next by Date: milkytracker_1.02.00+dfsg-2.1_source.changes ACCEPTED into unstable
Previous by thread: Bug#964312: Update
Next by thread: milkytracker_1.02.00+dfsg-2.1_source.changes ACCEPTED into unstable
Index(es):
- Date
- Thread