Bug#1006339: marked as done (flac: CVE-2021-0561)
Your message dated Sat, 19 Mar 2022 10:02:09 +0000
with message-id <E1nVVuT-0002tH-3w@fasolo.debian.org>
and subject line Bug#1006339: fixed in flac 1.3.3-2+deb11u1
has caused the Debian Bug report #1006339,
regarding flac: CVE-2021-0561
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
1006339: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006339
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: flac: CVE-2021-0561
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Wed, 23 Feb 2022 23:00:25 +0100
- Message-id: <164565362573.1675218.14519641739168901718.reportbug@eldamar.lan>
Source: flac
Version: 1.3.3-2
Severity: important
Tags: security upstream fixed-upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerability was published for flac.
CVE-2021-0561[0]:
| In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a
| possible out of bounds write due to a missing bounds check. This could
| lead to local information disclosure with no additional execution
| privileges needed. User interaction is not needed for
| exploitation.Product: AndroidVersions: Android-11Android ID:
| A-174302683
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-0561
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0561
[1] https://github.com/xiph/flac/commit/e1575e4a7c5157cbf4e4a16dbd39b74f7174c7be
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: flac
Source-Version: 1.3.3-2+deb11u1
Done: Moritz Mühlenhoff <jmm@debian.org>
We believe that the bug you reported is fixed in the latest version of
flac, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1006339@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <jmm@debian.org> (supplier of updated flac package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 14 Mar 2022 10:51:59 +0100
Source: flac
Architecture: source
Version: 1.3.3-2+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Moritz Mühlenhoff <jmm@debian.org>
Closes: 1006339
Changes:
flac (1.3.3-2+deb11u1) bullseye; urgency=medium
.
* CVE-2021-0561 (Closes: #1006339)
Checksums-Sha1:
e8f7120f7be7dc29e22cdeb582b5c27be786e48a 2273 flac_1.3.3-2+deb11u1.dsc
ff145c43cdee719401fc99ed838a12f70605e446 17984 flac_1.3.3-2+deb11u1.debian.tar.xz
e6fbd55c412082cca9a1cd4286008194acaee22f 8576 flac_1.3.3-2+deb11u1_amd64.buildinfo
Checksums-Sha256:
d52ad5b5101c481e2f186f94cb52ec2082d19faa463066ccdf32522ed771a322 2273 flac_1.3.3-2+deb11u1.dsc
d3c8a2b687fe818335e182a40a3e442812f3cf1a381f6592e097a10c25a1a92a 17984 flac_1.3.3-2+deb11u1.debian.tar.xz
2a508fb4e077fa08d735c7ca57869d85f1e18ec1e1886c3ac406442cfb1fa49b 8576 flac_1.3.3-2+deb11u1_amd64.buildinfo
Files:
c8cfc4d86caa1c62207b2b43992858d8 2273 sound optional flac_1.3.3-2+deb11u1.dsc
c9673cb43bbf05ae9acc94bf2ea96821 17984 sound optional flac_1.3.3-2+deb11u1.debian.tar.xz
832b7db702ba542798b1703f73f64ce0 8576 sound optional flac_1.3.3-2+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmI0mvQACgkQEMKTtsN8
Tjb8cRAAtoRxIleh0PkyyZFl1+KxhAPwAI6/0b3ZOWTJlLNI0d45mv73KwwjUR4S
5kh8Dmjfl6wbfmHrXji3CIJPhJGmysn2k2NIrcWdwsu22F5z+gwqR0qmTkTRhvzw
HEV27s6BAEUdrtgqqZMkBTLNqqdKc9LgTKnZSPtgbURLTFJdS4KV7t9iECVlM+a6
HdlqeOAyvFUhH3LRtXoBkxNFWCmnjgor1SlzL0NgS0TJRgzNBjdlWe/2HwguNF+z
HF49oO2T00dnWLOo/JAMC12lYj2xAy+PU8UhiYo+hbddeEBkMwyTimX7YEMnMM2q
g4UdgfIHkrSMQfN8hiffZsrWQSBBjBCHsAeMtADrilp6yMbGHCuswsMqAaHxF+Uy
I+ykgiCFl5xj12s9oYSmUaK/FDsozkofbgptb43t9eZbZoeJ+MD6IVZVZuxzUjZP
0SveHUecEMtP5idlJCMdNEyDFyCRn8hcn/hi0L55xC2WcQWoOfKc69SE3yvXgsJS
x4puXgv4Il4RPe4Kavsqy0dDxEG/dyqEp43nnRKRTBTZ4KXYO3f4vmZQ6wdQUbes
EI+1uE30TqbPuhP/I+t+RS5HungYLavsz9Xjq1IxY3HEmo0byHlDIXF2XJyD8N5I
TzO/oLXCLIPfoNL5TKI2OfKbxPfJuNCoxZdasm8wF1Exy3DkTMI=
=qcdC
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: