--- Begin Message ---
Source: libopenmpt
Version: 0.4.11
Severity: important
X-Debbugs-Cc: osmanx@problemloesungsmaschine.de
Dear Maintainer,
libopenmpt 0.4.x has new upstream release 0.4.21. This fixes, amongst many other fixes, a security vulnerability:
https://lib.openmpt.org/libopenmpt/2021/04/11/security-updates-0.5.8-0.4.20-0.3.29/
I'm the libopenmpt upstream maintainer. If you encounter any problems updating, please feel free to contact me and ask for assistence.
Seeing that Debian 11 is going into freeze soon, I highly suggest updating to the latest libopenmpt version now.
If updating to 0.5 causes too much trouble by now, updating to at least 0.4.21 should be trivial. Even though libopenmpt deprecated the included libopenmpt-modplug emulation layer in 0.4.13 (see <https://lib.openmpt.org/libopenmpt/2020/05/24/releases-0.5.0-0.4.13-0.3.22/>), 0.4.x still continues (and will continue) to ship it (staying with libmodplug 0.8.8.5 API/ABI).
Updating to 0.5 and the split-out libopenmpt-modplug package will be required to fix #958377 though, which appears to be desireable to support VLC.
-- System Information:
Debian Release: 11.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armel, s390x, armhf, arm64, ppc64el
Kernel: Linux 5.10.0-7-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: libopenmpt
Source-Version: 0.4.22-1
Done: Sebastian Ramacher <sramacher@debian.org>
We believe that the bug you reported is fixed in the latest version of
libopenmpt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 989955@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastian Ramacher <sramacher@debian.org> (supplier of updated libopenmpt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 17 Aug 2021 20:28:19 +0200
Source: libopenmpt
Architecture: source
Version: 0.4.22-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Sebastian Ramacher <sramacher@debian.org>
Closes: 988810 989955
Changes:
libopenmpt (0.4.22-1) unstable; urgency=medium
.
* Team upload
* New upstream release (Closes: #989955)
* debian/: Bump debhelper compat to 13
* debian/rules: -Wl,--as-needed is now the default
* debian/libopenmpt-doc.links: Use doxygen's 'jquery.js' (Closes: #988810)
* debian/control:
- Remove obsolete B-D on dpkg-dev
- Bump Standards-Version
Checksums-Sha1:
432cc62f8110970d1d7160c4575aca6f1b79a7c0 2548 libopenmpt_0.4.22-1.dsc
d60395ca6ec5d6fc4eb952adec57b5723b7d022a 1443333 libopenmpt_0.4.22.orig.tar.gz
6a5a9ff6896ddbad1260f608c94e8c381fdb2fb2 13100 libopenmpt_0.4.22-1.debian.tar.xz
Checksums-Sha256:
0ce85a74e7adaa46c452b13b09d6afe3a61c19dc2bc83b8c5d967de0b404bca9 2548 libopenmpt_0.4.22-1.dsc
f06af96cf3f7f3ad85cfb7da1e4c043f1fbfb520cbf35fd37a0d2fa5cdeb7e95 1443333 libopenmpt_0.4.22.orig.tar.gz
41a4b8a520156ca08554c3058e26c7fc1eccafede3d1bc6c0ffc1a3197d8bf62 13100 libopenmpt_0.4.22-1.debian.tar.xz
Files:
fcc6fd7cb8c25e6316a40f14b7013143 2548 libs optional libopenmpt_0.4.22-1.dsc
3ff2725faa5ccbfa0b0cf0a62722fb24 1443333 libs optional libopenmpt_0.4.22.orig.tar.gz
91925a056e764671e1538d040386da03 13100 libs optional libopenmpt_0.4.22-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAmEcANQACgkQafL8UW6n
GZNvFxAArYW6S0oTGoikNCmKtudQjQj7MwzaxP3zOmDE/virvMvR4VRqvxtuh1dz
vMKm+e5tiwrGkp04wgNvMo52FJdDwc5zcWayiDFh/oPLuP884M3YzvKIDF3OiQOa
AjyeY9FrL/siOoCrUrl0j9TMyTyDGkqZ5vy/oMcqnqcntMQn7alJovppCcW+2M+A
bTjLKDS9VDIU8YMt6LSIJZVc5yg7dmdQBbeoFbFqnjpfHg9J3vAMTJNP3LpE0fMS
Sb9vlPKZio0OnUf/qG2e3958FTGUYI4BJNNQMaLkuH/1MNzjuyl/maZW7/IZSK0P
/mO2tHMZFbuXbA0MBpv3EJTSbdslLjuOTRfubTpspEcj+q49ll+Vl5eu2StN1V9N
xRraSHtKQPoSUChLuCjq4E4sytdR5BVYbgJpeOWqRiwCn/HITPdn0eV7Qg0KTfAO
48N8LBJ+RJkleaduQr4IXP6n9miT5tYs2WsMxsfcWQPSQyfPJbKVY4fR1J8CHd7u
VM2CDgSCPHgsN6k12DQA4uakM881ZnsNvByjgglLqrLjUT2g3AcMgCVsxkQEVvb7
j23JTbeRE6FB4hki+PiQ5tK8UGEPV4eVJr86TwMp49h544z+mkNvfM3lg2rQ2Lei
f2RJG6jvSvLkiwVFIMfILbtO7BDb39H0vk/SjDPUft9EYoVay7c=
=4hdD
-----END PGP SIGNATURE-----
--- End Message ---