Bug#1006339: marked as done (flac: CVE-2021-0561)
Your message dated Sat, 05 Mar 2022 12:48:43 +0000
with message-id <E1nQTpz-0007l8-MY@fasolo.debian.org>
and subject line Bug#1006339: fixed in flac 1.3.4-1
has caused the Debian Bug report #1006339,
regarding flac: CVE-2021-0561
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
1006339: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006339
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: flac: CVE-2021-0561
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Wed, 23 Feb 2022 23:00:25 +0100
- Message-id: <164565362573.1675218.14519641739168901718.reportbug@eldamar.lan>
Source: flac
Version: 1.3.3-2
Severity: important
Tags: security upstream fixed-upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerability was published for flac.
CVE-2021-0561[0]:
| In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a
| possible out of bounds write due to a missing bounds check. This could
| lead to local information disclosure with no additional execution
| privileges needed. User interaction is not needed for
| exploitation.Product: AndroidVersions: Android-11Android ID:
| A-174302683
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-0561
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0561
[1] https://github.com/xiph/flac/commit/e1575e4a7c5157cbf4e4a16dbd39b74f7174c7be
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: flac
Source-Version: 1.3.4-1
Done: Fabian Greffrath <fabian@debian.org>
We believe that the bug you reported is fixed in the latest version of
flac, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1006339@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Fabian Greffrath <fabian@debian.org> (supplier of updated flac package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 05 Mar 2022 13:07:41 +0100
Source: flac
Architecture: source
Version: 1.3.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Fabian Greffrath <fabian@debian.org>
Closes: 1006339
Changes:
flac (1.3.4-1) unstable; urgency=medium
.
* New upstream version 1.3.4
+ Closes: #1006339, CVE-2021-0561.
* Remove patch backported from upstream.
* Bump debhelper-compat to 13.
* Add "Rules-Requires-Root: no".
* Bump Standards-Version to 4.6.0.
* Bump watch file version to 4.
* Add "usr/lib/*/*.la" to debian/not-installed.
* Adapt doc-base paths to actual file locations.
Checksums-Sha1:
25e3742acb5348e7e955164cd887e75617abc93d 2266 flac_1.3.4-1.dsc
99c28482a8b2d81deaf740639e4cb55658427420 1038356 flac_1.3.4.orig.tar.xz
23702240603a335638926747ae81b60fba4a2232 17200 flac_1.3.4-1.debian.tar.xz
06332d7aea53bf88a8b15df85f20f4443f365a20 8402 flac_1.3.4-1_amd64.buildinfo
Checksums-Sha256:
b5ebeb04c82f6645954f879008701e2552f2d82783d1a019fb495bd6988a64d1 2266 flac_1.3.4-1.dsc
8ff0607e75a322dd7cd6ec48f4f225471404ae2730d0ea945127b1355155e737 1038356 flac_1.3.4.orig.tar.xz
3199a05dcc2d9a655ec68642e2d45bce4c24f3b718d07233abf19fa8e0215781 17200 flac_1.3.4-1.debian.tar.xz
ff064f8ec535f707a5b699714ce2f761e9e0d25203d674dcb699bba14a988089 8402 flac_1.3.4-1_amd64.buildinfo
Files:
e5f309552ef327aacc04b3ba4ef9b664 2266 sound optional flac_1.3.4-1.dsc
bfdb2dd854d334b55a3309e3cd659f2c 1038356 sound optional flac_1.3.4.orig.tar.xz
afc02f2f0eede4abd7cca258e73cf27e 17200 sound optional flac_1.3.4-1.debian.tar.xz
0cba6548f47211a37a92922fa75b9020 8402 sound optional flac_1.3.4-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCAAwFiEEIsF2SKlSa4TfGRyWy+qOlwzNWd8FAmIjVpQSHGZhYmlhbkBk
ZWJpYW4ub3JnAAoJEMvqjpcMzVnfzf4P/1GFnnWlnF9sQvUyuMzJ9fp1bIHzvrc0
G9fiDB2j4bdVqvc1jdb0X3P6Adt/SeOZQAPjqPixgK3st+orpYed8cjI3K9DRMzL
cEfb0qPdCx27pHLhMiGqIqHVwbX5eJwuETfiZgPJmMZbehSZhI112WkNML8fuz7A
30UFh681e+kd4DsEvmvDsf7PYJS4HYkseVfHZwkX+shBw2Szszujtd3Xlf3GoqiT
E6zh2k8PdWs4a/Wjf8p0VXsY0x8vTgm21Bv4eQTAHEYwDKTOdivSz4DdpNb+WzAt
M75MTkiunwOTv/YyszVxKEXmFft2n36WRMbEiCpk6gB5uNNCEQy080jzh+KcI4DF
xuHwFrMIt8Uaxx66oijt4R5gEby5D5y+X3/mLRo1TieIO3SrdhLhrkn9T4rqBluN
JMcqm1kWvxPt88Oh4dcJ6FSwQxWXAB6UqA8GSvRwaLYrZr2L7edpVcsvyZATuU+I
GfYfwjLegHMy6ZNsaqj+4JZKvkkbqzlvPDmm4jlqTqHO6M9hp9Bt9fo6f3FRBjIs
5P3RZKTcENn7amwshNV3V3ahTxrn7koPgRpzOrzXZHfoKXAS3IoAfBwV4DJkp/JC
5fqiHdZ+v3Us5/bMybw3RUvZxa/YP7Ks8S+AJgqbxa1RwIm2woNAetfv58U8WSeO
CrGEk38EXfdx
=P0rO
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: