Bug#979676: marked as done (CVE-2020-26664)

To: Sebastian Ramacher <sramacher@debian.org>
Subject: Bug#979676: marked as done (CVE-2020-26664)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Mon, 18 Jan 2021 16:39:04 +0000
Message-id: <[🔎] handler.979676.D979676.161098770921893.ackdone@bugs.debian.org>
Reply-to: 979676@bugs.debian.org
References: <E1l1XUh-000IDm-1r@fasolo.debian.org> <[🔎] 161023276639.33740.16899642462741271079.reportbug@hullmann.westfalen.local>

Your message dated Mon, 18 Jan 2021 16:35:07 +0000
with message-id <E1l1XUh-000IDm-1r@fasolo.debian.org>
and subject line Bug#979676: fixed in vlc 3.0.12-1
has caused the Debian Bug report #979676,
regarding CVE-2020-26664
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
979676: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979676
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2020-26664

From: Moritz Muehlenhoff <jmm@debian.org>

Date: Sat, 09 Jan 2021 23:52:46 +0100

Message-id: <[🔎] 161023276639.33740.16899642462741271079.reportbug@hullmann.westfalen.local>
Package: vlc
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

This was assigned CVE-2020-26664:

https://code.videolan.org/videolan/vlc-3.0/-/commit/ec1f55ee9ace5cc675395a1bc9700d99679e7e8c
https://gist.githubusercontent.com/henices/db11664dd45b9f322f8514d182aef5ea/raw/d56940c8bf211992bf4f3309a85bb2b69383e511/CVE-2020-26664.txt

For stable, this doesn't really warrant an update for this issue alone,
but we can ship 3.0.12 when released.

Cheers,
        Moritz
--- End Message ---

--- Begin Message ---

To: 979676-close@bugs.debian.org
Subject: Bug#979676: fixed in vlc 3.0.12-1
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Mon, 18 Jan 2021 16:35:07 +0000
Message-id: <E1l1XUh-000IDm-1r@fasolo.debian.org>
Reply-to: Sebastian Ramacher <sramacher@debian.org>

Source: vlc
Source-Version: 3.0.12-1
Done: Sebastian Ramacher <sramacher@debian.org>

We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 979676@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Ramacher <sramacher@debian.org> (supplier of updated vlc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 18 Jan 2021 17:13:21 +0100
Source: vlc
Architecture: source
Version: 3.0.12-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Sebastian Ramacher <sramacher@debian.org>
Closes: 979676
Changes:
 vlc (3.0.12-1) unstable; urgency=medium
 .
   * New upstream release
     - mkv: Fix heap-based buffer overflow (CVE-2020-26664) (Closes: #979676)
   * debian/control:
     - Switch to libshout-dev
     - Bump Standards-Version
   * debian/patches: Refresh patches
   * debian/vlc-plugins-base.install: Install RIST access plugins
Checksums-Sha1:
 79be87aee22cdca79f0f5cb85067c36c3d53efc7 6334 vlc_3.0.12-1.dsc
 39ef414a07202ec6569acda4c5d91e8576d453bf 25997468 vlc_3.0.12.orig.tar.xz
 41d83ae1d56eb1322d236279780785ee5d8aabf8 195 vlc_3.0.12.orig.tar.xz.asc
 bd40ab2a0823cf080a3eb7dfb6b879cad47c7ca8 65072 vlc_3.0.12-1.debian.tar.xz
Checksums-Sha256:
 5fe2251ce36206b5504dafdc98e4a46d4329088d6af997094a01dadbf3ce5328 6334 vlc_3.0.12-1.dsc
 eff458f38a92126094f44f2263c2bf2c7cdef271b48192d0fe7b1726388cf879 25997468 vlc_3.0.12.orig.tar.xz
 c98be4369e791f34aa61122f3c25cbf1f4143b3581b5fe6cb3e0999f34779287 195 vlc_3.0.12.orig.tar.xz.asc
 787b99dd748342d26b208349d0f089e12ef9c81c4d711b34fd1554ea261b5d48 65072 vlc_3.0.12-1.debian.tar.xz
Files:
 a645c572f0b24e47fcab93706ced06a1 6334 video optional vlc_3.0.12-1.dsc
 452d3423bcbaf1b85faebab0c45a7ecf 25997468 video optional vlc_3.0.12.orig.tar.xz
 4475afc8e9ae87255b65388f86b09634 195 video optional vlc_3.0.12.orig.tar.xz.asc
 543f0b836c34a0d62d3cad9cab6dca4f 65072 video optional vlc_3.0.12-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAmAFtakACgkQafL8UW6n
GZMfVhAAsqLVBjIO30yRjNk6tnc0ZXgCL+zGTrNtwC75fO+MMlNqchscSKE/aH4G
lxlYlxJmY9tlb5WOXQuWbOxWZm7EZgExdoDxdLKWC2JkfiK9LWT53emswTKEdhzm
PuMQjwzBKrMCSM5DdXDHotQnwuGQwU2PePzsy0s0RF8yocuaVvufM9JffHxTgJOt
Sq/+yKTJTC9wL6xeZhKUCeX153GY9iR52rc0Re1GnpynmRnZ5cPU9P2U04JorXCl
Fvo/55+LVMXHb9fB8UFxKtgPYHBNe6XnEncOzpg+gNwJShxcUBu+k+cX0NxLV2RG
9ues7NhAaCdl3IseLsC8jqWpo8ndADFN9fmz8EOkAXpOocrwjkX9LcZbgo9/qlyn
1l+XkBTc1Op0fzVBxQzrPo8buBKHfjST4crZI4DgoyTjuQ/48CjBm+267Z3oB//B
CKO3VlEkAFks/LckbimRP/D3VTAmV+fU050cZAsk8L1ZbXRtZ594nxRn7gTWG+ip
gKB7SKWACPg/AbBpXG/d7cCwL/TliDGUcLjA+naXN4gIXr3pVFxX7AcxKSKYo+oI
M2Wh7noKKR7obwLTNVmaEfI1x2h3sP2kpbMUQF7UhARioAn7frIn1D0p7yw91DZE
D6dpnn2A9pmqrP+Djc/0blcE1L6szmr+JDrY5C5E0Cst2I49EgQ=
=6OLz
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#979676: CVE-2020-26664
  - From: Moritz Muehlenhoff <jmm@debian.org>

Prev by Date: Processed: Re: libmypaint: ftbfs with autoconf 2.70
Next by Date: Processing of vlc_3.0.12-1_source.changes
Previous by thread: Bug#979676: CVE-2020-26664
Next by thread: Bug#979676: marked as done (CVE-2020-26664)
Index(es):
- Date
- Thread