Bug#840438: marked as done (libxv: CVE-2016-5407: Insufficient validation of server responses results in out-of bounds accesses)
Your message dated Mon, 05 Dec 2016 19:18:36 +0000
with message-id <E1cDyma-0009xe-4o@fasolo.debian.org>
and subject line Bug#840438: fixed in libxv 2:1.0.11-1
has caused the Debian Bug report #840438,
regarding libxv: CVE-2016-5407: Insufficient validation of server responses results in out-of bounds accesses
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
840438: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840438
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: libxv: CVE-2016-5407: Insufficient validation of server responses results in out-of bounds accesses
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Tue, 11 Oct 2016 17:29:39 +0200
- Message-id: <147619977976.12298.15984039950281279212.reportbug@eldamar.local>
Source: libxv
Version: 2:1.0.10-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for libxv.
CVE-2016-5407[0]:
|Insufficient validation of server responses results in out-of bounds
|accesses
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-5407
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libxv
Source-Version: 2:1.0.11-1
We believe that the bug you reported is fixed in the latest version of
libxv, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 840438@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Emilio Pozuelo Monfort <pochu@debian.org> (supplier of updated libxv package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 05 Dec 2016 19:19:25 +0100
Source: libxv
Binary: libxv1 libxv-dev
Architecture: source
Version: 2:1.0.11-1
Distribution: unstable
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Emilio Pozuelo Monfort <pochu@debian.org>
Description:
libxv-dev - X11 Video extension library (development headers)
libxv1 - X11 Video extension library
Closes: 840438
Changes:
libxv (2:1.0.11-1) unstable; urgency=medium
.
[ Andreas Boll ]
* New upstream release.
- Fixes CVE-2016-5407 (Closes: #840438).
* Let uscan verify tarball signatures.
* Update a bunch of URLs in packaging to https.
* Add placeholder comment into series file.
* Remove obsolete Conflicts/Replaces from pre-wheezy.
.
[ Emilio Pozuelo Monfort ]
* Bump debhelper compat to 10.
* Switch from xsfbs to dh.
* Switch to -dbgsym.
* Drop unneeded automake and libtool build-dependencies; debhelper
depends on them for us now and calls dh_autoreconf.
* Bump Standards-Version to 3.9.8, no changes.
Checksums-Sha1:
05cc4b02d204b1a1715d3d4a2d2fed05dc9741dc 1959 libxv_1.0.11-1.dsc
214636da26bb832c8e2862920a2aded78ed6e6c8 387057 libxv_1.0.11.orig.tar.gz
75c3945883946ba1966eae70c46d081d14c6f745 8235 libxv_1.0.11-1.diff.gz
Checksums-Sha256:
7753e8d4496ec0d3f32417b03cfc8b344e2dff486e46f630158a6a52e4bd8542 1959 libxv_1.0.11-1.dsc
c4112532889b210e21cf05f46f0f2f8354ff7e1b58061e12d7a76c95c0d47bb1 387057 libxv_1.0.11.orig.tar.gz
529ed2bcbccc9340c9c7987e8c5ed933a0fa41d6e4e67ef71ce3925ac83d93b6 8235 libxv_1.0.11-1.diff.gz
Files:
48337d882e6a150e13715ed1e64f5b60 1959 x11 optional libxv_1.0.11-1.dsc
ee541b93dc23a31ebf8c12ccbb2d0fdd 387057 x11 optional libxv_1.0.11.orig.tar.gz
41eb8f55ec6e90aa8e5a038e80c3c44a 8235 x11 optional libxv_1.0.11-1.diff.gz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlhFuTQACgkQnUbEiOQ2
gwIR7w/+Mo9HFZkKD/iCi6UJBhu/yBoajzaWP2zGQn2sBlO1tIwmh91wy0+vWLzP
HI7cvUIn/y4HmMMxjcL5F5WKLBp7C+11ofXj8VdJGhFngtznlAPkUy2CewfzwKXq
x5eZuXxw7lOP8nRMb7uS85Do9WkTlWCFskT4+gEXdQgg6HgHG7knwO2YOTvbvCVN
XWLmsoXjRhCHXaVihaYV5fh15KHbDdw+SVK/sBfXYnvukAScUxNUWX189HySCsNK
lZHKs3SF3iyQ/5MKq8JC4d6nm5+6ACb1vKwLYv14mev/vauzbDvqC6BvEk13vW9x
rRAqW7Vu5TsThAxXgBRyXQ3m/FFfbXtN6eGhp25MoE0bdW6oWtnmCarrsMEr8AvK
69+1lLfYb8KeDuYMJQgwky9/iKa3WOOJoYGEMbhDk/glaezW77Ejy2ssHdajmpZG
1oXSOnYEmm82Bxo4Rs27VODfl2NcYy/z/2ZmR5Mo+RzlMBBw7+zwaxIND6DmQc/x
H4sX37dz/4u6wgXQ4Eh1eq7OwKoe0tzIM4SL8IiH1NwjEuFqy3dKnG5DVxYQdc84
p1+nsAJyhrMK64bF7AMu7nyyUVlBvwtQtJEF4ze7RnNFg1BV7w9TLD7xpJTxMQ0J
YHUzXb3TCSn0a+HeTzRqk93LRwM/yO//gmLFMzY0D84q11MZL+k=
=3PrB
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: