Bug#949325: marked as done (libmysofa: CVE-2020-6860)
Your message dated Sat, 08 Feb 2020 14:15:01 +0000
with message-id <E1j0Qsv-000FsI-PA@fasolo.debian.org>
and subject line Bug#949325: fixed in libmysofa 1.0~dfsg0-1~exp1
has caused the Debian Bug report #949325,
regarding libmysofa: CVE-2020-6860
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
949325: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949325
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: libmysofa: CVE-2020-6860
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Sun, 19 Jan 2020 21:11:20 +0100
- Message-id: <157946468046.1528063.15719266069216898084.reportbug@eldamar.local>
Source: libmysofa
Version: 0.9.1~dfsg0-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/hoene/libmysofa/issues/96
Hi,
The following vulnerability was published for libmysofa.
CVE-2020-6860[0]:
| libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in
| hdf/dataobject.c during the reading of a header message attribute.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-6860
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6860
[1] https://github.com/hoene/libmysofa/issues/96
[2] https://github.com/hoene/libmysofa/commit/c31120a4ddfe3fc705cfdd74da7e884e1866da85
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libmysofa
Source-Version: 1.0~dfsg0-1~exp1
We believe that the bug you reported is fixed in the latest version of
libmysofa, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 949325@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org> (supplier of updated libmysofa package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 06 Feb 2020 14:58:58 +0100
Binary: libmysofa-dev libmysofa-utils libmysofa-utils-dbgsym libmysofa1 libmysofa1-dbgsym
Source: libmysofa
Architecture: amd64 source
Version: 1.0~dfsg0-1~exp1
Distribution: experimental
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>
Closes: 949325
Description:
libmysofa-dev - library to read HRTFs stored in the AES69-2015 SOFA format - deve
libmysofa-utils - library to read HRTFs stored in the AES69-2015 SOFA format - util
libmysofa1 - library to read HRTFs stored in the AES69-2015 SOFA format
Changes:
libmysofa (1.0~dfsg0-1~exp1) experimental; urgency=medium
.
* New upstream version 1.0~dfsg0
* Fixes CVE-2020-6860 (Closes: #949325)
* Bump soname to libmysofa1
* Regenerate d/copyright_hints
* Add salsa CI configuration
* Bump standards-version to 4.5.0
Checksums-Sha1:
d2397f95eadcb1985eb2e31a101d65ed65f1de41 2343 libmysofa_1.0~dfsg0-1~exp1.dsc
3051bfd58ced467af272f339d732b3bb2a2e7c71 44282004 libmysofa_1.0~dfsg0.orig.tar.xz
7658f92463562de0c0736bd8184eedadc5ffedeb 15264 libmysofa_1.0~dfsg0-1~exp1.debian.tar.xz
f9137268ef5e460390054da4bee932f8287bc0d6 43668 libmysofa-dev_1.0~dfsg0-1~exp1_amd64.deb
5c14d3a73a67c187bd29049f9bfc2c5b74fa5919 46976 libmysofa-utils-dbgsym_1.0~dfsg0-1~exp1_amd64.deb
31a156e4e6ae0c1134d37a59416aeb873d57c1eb 30452 libmysofa-utils_1.0~dfsg0-1~exp1_amd64.deb
535a60f98e56e1e2c33f9ff413901e3f4731d468 71464 libmysofa1-dbgsym_1.0~dfsg0-1~exp1_amd64.deb
4c5842b2a4ec21835f5a0419e20d8a4a282593ca 39192 libmysofa1_1.0~dfsg0-1~exp1_amd64.deb
7f31fd484de0b012b0a4ea93e962615fffa1f325 8481 libmysofa_1.0~dfsg0-1~exp1_amd64.buildinfo
Checksums-Sha256:
fd434cae7b612ee8386bb59b323a00ad39aac057ac8d7fcae301e63ef36a1513 2343 libmysofa_1.0~dfsg0-1~exp1.dsc
7728b958826f36ee4b17a505426881d6ef2ecc1e79a8feaefb2ead309e90f63c 44282004 libmysofa_1.0~dfsg0.orig.tar.xz
3a446aa699b97d809b4ad65997d3fdbfceb0e649cf1a5d28f2e7a03c379450bb 15264 libmysofa_1.0~dfsg0-1~exp1.debian.tar.xz
20be8bdb4b0677db215a8f0cce39e62e2628bb6702f26484d7b82e0d591469a2 43668 libmysofa-dev_1.0~dfsg0-1~exp1_amd64.deb
08f64f65a6c8d380caba59421c7e717b57910941ac96408ac96da3b4e582f16e 46976 libmysofa-utils-dbgsym_1.0~dfsg0-1~exp1_amd64.deb
fc9db79aa8305fd4bc1e2da52281c84e1f342d867f9ca1a46b8f2c889d8b9d28 30452 libmysofa-utils_1.0~dfsg0-1~exp1_amd64.deb
6fa9a74632ca24defe640875638abcea290a392c152bafa616487634d2a8c073 71464 libmysofa1-dbgsym_1.0~dfsg0-1~exp1_amd64.deb
c6384252bb481878b17ff9fc85ee1fde20caa928d4c0df6b922c17101f8a3d47 39192 libmysofa1_1.0~dfsg0-1~exp1_amd64.deb
2b42027404f8b734d045f7fafbefb6d99b30ce54f00267f4f732ee00e65ed86b 8481 libmysofa_1.0~dfsg0-1~exp1_amd64.buildinfo
Files:
2af09e295b4e430dc29ef203cb7a86ac 2343 devel optional libmysofa_1.0~dfsg0-1~exp1.dsc
73f9da077d0fdcb6c99f38af53e519b0 44282004 devel optional libmysofa_1.0~dfsg0.orig.tar.xz
27b827bfc91a60817fc2bb1a6dfe79a1 15264 devel optional libmysofa_1.0~dfsg0-1~exp1.debian.tar.xz
6210d55e3d105e45f0835a057da1be5a 43668 libdevel optional libmysofa-dev_1.0~dfsg0-1~exp1_amd64.deb
fa324007d5ce184187382d13cf81e09f 46976 debug optional libmysofa-utils-dbgsym_1.0~dfsg0-1~exp1_amd64.deb
8d1803c7511998be85f2612c0e52ed08 30452 utils optional libmysofa-utils_1.0~dfsg0-1~exp1_amd64.deb
4fe1bf95ffc7b46655c616015fefe788 71464 debug optional libmysofa1-dbgsym_1.0~dfsg0-1~exp1_amd64.deb
0b4e93bce67d288407bac1af86a91300 39192 libs optional libmysofa1_1.0~dfsg0-1~exp1_amd64.deb
e4fefb62f001670eece43583e8f8b8f9 8481 devel optional libmysofa_1.0~dfsg0-1~exp1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJKBAEBCAA0FiEEdAXnRVdICXNIABVttlAZxH96NvgFAl48HZAWHGZvcnVtQHVt
bGFldXRlLm11ci5hdAAKCRC2UBnEf3o2+OTyD/9okvcUDn/C5KXAo6N8bPRCNn1t
PQ3thX8tAGXrIyiLfyFB7uw7JM4NRkpbpG94a/VyKTIsuA1/Ysc5mn2ex5hd/N5E
quBuna/NkkgccKlN8Yz1HQOz01jGDMKoG+3JO52AMZ5MuXnbtW8GvdCQwBR1q92u
MyC++yVKgN/CLMR4ezd5nfctdZ6Tzl/th5hUz8IOtPmTvWw7wYi6QIrTNNmP4NN2
Ftlh2w0S2POAy+xjeDvhns48+Cr/NjGAPjwQrecKykXTqfl8RTYBYwcuTWTQ7Qbe
iB4RYRrmScVpX2X418CG3Z97pCKMB9dL1MnT0HtaqSBu4EaY39T6uukDW0g/yN8c
O+K2pRWe0d3s/SrRv3jgAmCLOLXXyOGk/fUQyp9cXPvFGaFZCBwYKTadcegA8etd
yKfGBzc+7XsS6fCFc4aRC3Glf4AEEk9wLZ6LqBuJg3oQKG8I5MlsfyGKSAKWhqZP
iUfrN0DQbsy2QW6oz48OL9A84/DmywT/ClNitHiMgeoRz6MMc77GdaurkqCRQ1b0
FTDF4OvYxnucSlgR/J8rQQCSezFMfA3zccBT2y7qo1Ew/aL8GFM7L3PeehmmiHPo
5Z8+mgI131NBeijeYIbjY9TF1Iqb2d7lArI8cgV9al+4du36sW2Ea9mch9EA9vkI
3QQGIpOPWiggtJvEgA==
=YX1s
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: