Bug#1030049: marked as done (opusfile: CVE-2022-47021)

To: IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>
Subject: Bug#1030049: marked as done (opusfile: CVE-2022-47021)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sun, 05 Feb 2023 19:09:05 +0000
Message-id: <[🔎] handler.1030049.D1030049.16756240154038119.ackdone@bugs.debian.org>
Reply-to: 1030049@bugs.debian.org
References: <E1pOkLj-00Cg0N-VZ@fasolo.debian.org> <Y9gCxcvy35MJJiFK@pisco.westfalen.local>

Your message dated Sun, 05 Feb 2023 19:06:51 +0000
with message-id <E1pOkLj-00Cg0N-VZ@fasolo.debian.org>
and subject line Bug#1030049: fixed in opusfile 0.12-4
has caused the Debian Bug report #1030049,
regarding opusfile: CVE-2022-47021
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1030049: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030049
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Subject: opusfile: CVE-2022-47021
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Mon, 30 Jan 2023 18:47:49 +0100
Message-id: <Y9gCxcvy35MJJiFK@pisco.westfalen.local>

Source: opusfile
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for opusfile.

CVE-2022-47021[0]:
| A null pointer dereference issue was discovered in functions
| op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12
| allows attackers to cause denial of service or other unspecified
| impacts.

https://github.com/xiph/opusfile/commit/0a4cd796df5b030cb866f3f4a5e41a4b92caddf5
https://github.com/xiph/opusfile/issues/36

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-47021
    https://www.cve.org/CVERecord?id=CVE-2022-47021

Please adjust the affected versions in the BTS as needed.

--- End Message ---

--- Begin Message ---

To: 1030049-close@bugs.debian.org
Subject: Bug#1030049: fixed in opusfile 0.12-4
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sun, 05 Feb 2023 19:06:51 +0000
Message-id: <E1pOkLj-00Cg0N-VZ@fasolo.debian.org>
Reply-to: IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>

Source: opusfile
Source-Version: 0.12-4
Done: IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>

We believe that the bug you reported is fixed in the latest version of
opusfile, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1030049@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org> (supplier of updated opusfile package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 05 Feb 2023 19:50:00 +0100
Source: opusfile
Architecture: source
Version: 0.12-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>
Closes: 1030049
Changes:
 opusfile (0.12-4) unstable; urgency=medium
 .
   * Backported patch for CVE-2022-47021 (Closes: #1030049)
   * Bump standards version to 4.6.2
Checksums-Sha1:
 fbd1031d8f95ea181be418c76167ee28f3f5c96f 2403 opusfile_0.12-4.dsc
 dd5a393122a8b93a520197783b0f26a04f1b10a7 7464 opusfile_0.12-4.debian.tar.xz
Checksums-Sha256:
 e5140fec9df17ad2981e8d2a4bfd6b3e1bb01eeeb38e04982ee7e373d598f6cf 2403 opusfile_0.12-4.dsc
 1a0340f086d69be70f19a8a8670b068c29fc8411e3d4790ba6e9bd2c1b91a91b 7464 opusfile_0.12-4.debian.tar.xz
Files:
 f63fcab1a766547a425a40ef8aa173fc 2403 sound optional opusfile_0.12-4.dsc
 f4cb0a9633935d87e52aa61934783777 7464 sound optional opusfile_0.12-4.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQJKBAEBCAA0FiEEdAXnRVdICXNIABVttlAZxH96NvgFAmPf+xIWHGZvcnVtQHVt
bGFldXRlLm11ci5hdAAKCRC2UBnEf3o2+PjRD/9sbwvGnGx+AQDwW2uBqFQ68+0y
5YHpPJNuATdvCl/UOFE7VwIFJhBdymbKZ3hMKDZYhWHTVIKdTWjMZcSWcnWry+DI
HPnlm+Z1/dRZ1JTKOHgrG2nCbnNP1VWt/awR3aQk2A9A5peUaByIM2b74Z6deykl
XO7Vkg3HBJ+lCzF9VQX02I/E+M2Dvzb2fugE6w9HRLHCCsyaXwwvp48coO/ph7PP
tRXKqGO5/sdixmOtgshYof3vFp1TirEDsyl7+/1sJ04WM2p2UAaS5BXOQTZgCT0r
uPpvzVRC693jn45gEUKUQjhRi+f6f+GmF5/vZtwvGs6LWTTSocZDGoDIMH1IoEVI
TSIByzO9P9ru6iPh9eT6VZzWFMXh8T6w/JCAcGH1IktL7004gj/CLkIjMkWXStN4
LBYw3AOGZ/CBBjGEqXQs3Rn+7ZXwjTK/+2kBqk/e0P5G23aPiTBeTXb7ndmHP5cb
6qoYnNNnQl9wXLTBE9Q+XPtZS4FUkMpRcRkke7SqHIiYqh86Jh9Ch3tYxfvQXeBh
CP5CdUpQvakVj07H7ilBGiT71N0kUG1fN7plRmN2DBJX9WlGrVGHynlsQEeRICVQ
3R6HoLLqAeW/YX8VemB2/EecyynkV+/mUcAp2e/hpZuIJYNkmVboyH8crw03hRth
qwW3qVhqmkQrgj6xvg==
=n0MK
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#958865: mplayer: theora playback broken: vf_get_image: Assertion `h == -1 || h >= vf->h' failed.
Next by Date: Processing of opusfile_0.12-4_source.changes
Previous by thread: RFS: mplayer/2:1.5+svn38408-1 [RC] [ITA] -- movie player for Unix-like systems
Next by thread: Processing of opusfile_0.12-4_source.changes
Index(es):
- Date
- Thread