Debian Bug report logs -
#446034
CVE-2007-5301 buffer overflow in vorbis input plugin
Reported by: Nico Golde <nion@debian.org>
Date: Wed, 10 Oct 2007 00:06:01 UTC
Severity: grave
Tags: patch, security
Fixed in versions alsaplayer/0.99.80~rc4-1, alsaplayer/0.99.79-3+lenny1, alsaplayer/0.99.76-9+etch4
Done: Devin Carraway <devin@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Hubert Chan <uhoreg@debian.org>:
Bug#446034; Package alsaplayer.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Hubert Chan <uhoreg@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: alsaplayer
Severity: grave
Tags: security
Hi,
The following was released on:
http://secunia.com/advisories/27117/
| Some vulnerabilities have been reported in AlsaPlayer, which potentially can be
| exploited by malicious people to compromise a user's system.
|
| The vulnerabilities are caused due to boundary errors in the vorbis input
| plug-in when processing .OGG files. These can be exploited to cause buffer
| overflows via a specially crafted .OGG file with overly long comments.
|
| Successful exploitation may allow execution of arbitrary code.
Kind regards
Nico
--
Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Hubert Chan <uhoreg@debian.org>:
Bug#446034; Package alsaplayer.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Hubert Chan <uhoreg@debian.org>.
(full text, mbox, link).
Message #10 received at 446034@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
retitle 446034 buffer overflow in ogg input plugin
tags 446034 + patch
thanks
Hi,
you can find a patch for this on:
http://alsaplayer.svn.sourceforge.net/viewvc/alsaplayer/trunk/alsaplayer/input/vorbis/vorbis_engine.c?r1=1252&r2=1287
or just upgrade to the newest version.
please contact stable security team and ask if this is worth
a DSA for them.
Kind regards
Nico
--
Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Changed Bug title to `buffer overflow in ogg input plugin' from `buffer overflow in alsaplayer'.
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org.
(Wed, 10 Oct 2007 00:21:04 GMT) (full text, mbox, link).
Tags added: patch
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org.
(Wed, 10 Oct 2007 00:21:05 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Hubert Chan <uhoreg@debian.org>:
Bug#446034; Package alsaplayer.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Hubert Chan <uhoreg@debian.org>.
Your message did not contain a Subject field. They are recommended and
useful because the title of a Bug is determined using this field.
Please remember to include a Subject field in your messages in future.
(full text, mbox, link).
Message #19 received at 446034@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
retitle 446034 CVE-2007-5301 buffer overflow in vorbis input plugin
thanks
Hi,
CVE-2007-5301 was assigned for this issue.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5301
If you fix this issue please include the CVE id in the
changelog.
Kind regards
Nico
--
Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Changed Bug title to `CVE-2007-5301 buffer overflow in vorbis input plugin' from `buffer overflow in ogg input plugin'.
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org.
(Wed, 10 Oct 2007 10:24:03 GMT) (full text, mbox, link).
Reply sent to Hubert Chathi <uhoreg@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #26 received at 446034-close@bugs.debian.org (full text, mbox, reply):
Source: alsaplayer
Source-Version: 0.99.80~rc4-1
We believe that the bug you reported is fixed in the latest version of
alsaplayer, which is due to be installed in the Debian FTP archive:
alsaplayer-alsa_0.99.80~rc4-1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-alsa_0.99.80~rc4-1_i386.deb
alsaplayer-common_0.99.80~rc4-1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-common_0.99.80~rc4-1_i386.deb
alsaplayer-daemon_0.99.80~rc4-1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-daemon_0.99.80~rc4-1_i386.deb
alsaplayer-esd_0.99.80~rc4-1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-esd_0.99.80~rc4-1_i386.deb
alsaplayer-gtk_0.99.80~rc4-1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-gtk_0.99.80~rc4-1_i386.deb
alsaplayer-jack_0.99.80~rc4-1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-jack_0.99.80~rc4-1_i386.deb
alsaplayer-nas_0.99.80~rc4-1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-nas_0.99.80~rc4-1_i386.deb
alsaplayer-oss_0.99.80~rc4-1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-oss_0.99.80~rc4-1_i386.deb
alsaplayer-text_0.99.80~rc4-1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-text_0.99.80~rc4-1_i386.deb
alsaplayer-xosd_0.99.80~rc4-1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-xosd_0.99.80~rc4-1_i386.deb
alsaplayer_0.99.80~rc4-1.diff.gz
to pool/main/a/alsaplayer/alsaplayer_0.99.80~rc4-1.diff.gz
alsaplayer_0.99.80~rc4-1.dsc
to pool/main/a/alsaplayer/alsaplayer_0.99.80~rc4-1.dsc
alsaplayer_0.99.80~rc4.orig.tar.gz
to pool/main/a/alsaplayer/alsaplayer_0.99.80~rc4.orig.tar.gz
libalsaplayer-dev_0.99.80~rc4-1_i386.deb
to pool/main/a/alsaplayer/libalsaplayer-dev_0.99.80~rc4-1_i386.deb
libalsaplayer0_0.99.80~rc4-1_i386.deb
to pool/main/a/alsaplayer/libalsaplayer0_0.99.80~rc4-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 446034@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hubert Chathi <uhoreg@debian.org> (supplier of updated alsaplayer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Format: 1.7
Date: Wed, 10 Oct 2007 15:33:10 -0400
Source: alsaplayer
Binary: alsaplayer-daemon alsaplayer-xosd libalsaplayer-dev alsaplayer-jack alsaplayer-esd alsaplayer-text alsaplayer-nas alsaplayer-oss alsaplayer-alsa alsaplayer-gtk libalsaplayer0 alsaplayer-common
Architecture: source i386
Version: 0.99.80~rc4-1
Distribution: unstable
Urgency: low
Maintainer: Hubert Chathi <uhoreg@debian.org>
Changed-By: Hubert Chathi <uhoreg@debian.org>
Description:
alsaplayer-alsa - PCM player designed for ALSA (ALSA output module)
alsaplayer-common - PCM player designed for ALSA (common files)
alsaplayer-daemon - PCM player designed for ALSA (non-interactive version)
alsaplayer-esd - PCM player designed for ALSA (EsounD output module)
alsaplayer-gtk - PCM player designed for ALSA (GTK version)
alsaplayer-jack - PCM player designed for ALSA (JACK output module)
alsaplayer-nas - PCM player designed for ALSA (NAS output module)
alsaplayer-oss - PCM player designed for ALSA (OSS output module)
alsaplayer-text - PCM player designed for ALSA (text version)
alsaplayer-xosd - PCM player designed for ALSA (osd version)
libalsaplayer-dev - PCM player designed for ALSA (interface library, development file
libalsaplayer0 - PCM player designed for ALSA (interface library)
Closes: 444584 446034
Changes:
alsaplayer (0.99.80~rc4-1) unstable; urgency=low
.
* New upstream release.
* Fixes buffer overflow in vorbis plugin. (closes: #446034)
* Remove patches already added by upstream.
* debian patches/05_madglib.dpatch: Link mad plugin against glib only,
instead of gtk. (closes: #444584)
* debian/control: Update file to use binary:Version.
* debian/rules: Don't ignore errors in clean target.
* debian/*.menu: s/Apps/Applications/g.
* debian/alsaplayer-gtk.menu: s/-i gtk/-i gtk2/
Files:
9a9a3c97061cd44829370577a15b0a90 1111 sound optional alsaplayer_0.99.80~rc4-1.dsc
c17d8d4ae20ba97684ae501c3caf391a 1012126 sound optional alsaplayer_0.99.80~rc4.orig.tar.gz
08e685e61c5bbfa5ae854c0c5ee0371e 19385 sound optional alsaplayer_0.99.80~rc4-1.diff.gz
5e3fabae25c811bde002d93e8d40d22d 167466 sound optional alsaplayer-common_0.99.80~rc4-1_i386.deb
a052f89b0d039d079aaf02594ffec277 190770 sound optional alsaplayer-gtk_0.99.80~rc4-1_i386.deb
ae2149d7f9c2e878b8ee86a2bf4b256a 32064 sound optional alsaplayer-text_0.99.80~rc4-1_i386.deb
0b070e78df740f3cb7512dc856ad026a 31166 sound optional alsaplayer-daemon_0.99.80~rc4-1_i386.deb
97521a0ad13625cdb1296f5a1f99dcfe 31774 sound optional alsaplayer-xosd_0.99.80~rc4-1_i386.deb
16e30a2d1f407b8c9fcca53cf271a1e8 29084 sound optional alsaplayer-oss_0.99.80~rc4-1_i386.deb
a8aed29beb6cc5b3bb49af42e32897e7 30672 sound optional alsaplayer-alsa_0.99.80~rc4-1_i386.deb
c3235615dd03db978c794e8fc38b9bfb 28974 sound optional alsaplayer-esd_0.99.80~rc4-1_i386.deb
6c5a6ccef9ce086efb7388057694bc74 30830 sound optional alsaplayer-nas_0.99.80~rc4-1_i386.deb
1bfe8d8a73c18d7a89e6033da99945fa 32890 sound optional alsaplayer-jack_0.99.80~rc4-1_i386.deb
8a346031c6073e8589422668bf6ef12e 35036 libs optional libalsaplayer0_0.99.80~rc4-1_i386.deb
b412718a1531f631f443bc42696a81ae 82202 libdevel optional libalsaplayer-dev_0.99.80~rc4-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHDUoarynHGRJLYfoRA0kTAJ4zt2rmB5nen5/bIOXeBwDSwlcjNQCgkWZ9
TqUgoLnuLMo9l2kcZh55uyM=
=ioWW
-----END PGP SIGNATURE-----
Reply sent to Nico Golde <nion@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #31 received at 446034-close@bugs.debian.org (full text, mbox, reply):
Source: alsaplayer
Source-Version: 0.99.79-3+lenny1
We believe that the bug you reported is fixed in the latest version of
alsaplayer, which is due to be installed in the Debian FTP archive:
alsaplayer-alsa_0.99.79-3+lenny1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-alsa_0.99.79-3+lenny1_i386.deb
alsaplayer-common_0.99.79-3+lenny1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-common_0.99.79-3+lenny1_i386.deb
alsaplayer-daemon_0.99.79-3+lenny1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-daemon_0.99.79-3+lenny1_i386.deb
alsaplayer-esd_0.99.79-3+lenny1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-esd_0.99.79-3+lenny1_i386.deb
alsaplayer-gtk_0.99.79-3+lenny1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-gtk_0.99.79-3+lenny1_i386.deb
alsaplayer-jack_0.99.79-3+lenny1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-jack_0.99.79-3+lenny1_i386.deb
alsaplayer-nas_0.99.79-3+lenny1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-nas_0.99.79-3+lenny1_i386.deb
alsaplayer-oss_0.99.79-3+lenny1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-oss_0.99.79-3+lenny1_i386.deb
alsaplayer-text_0.99.79-3+lenny1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-text_0.99.79-3+lenny1_i386.deb
alsaplayer-xosd_0.99.79-3+lenny1_i386.deb
to pool/main/a/alsaplayer/alsaplayer-xosd_0.99.79-3+lenny1_i386.deb
alsaplayer_0.99.79-3+lenny1.diff.gz
to pool/main/a/alsaplayer/alsaplayer_0.99.79-3+lenny1.diff.gz
alsaplayer_0.99.79-3+lenny1.dsc
to pool/main/a/alsaplayer/alsaplayer_0.99.79-3+lenny1.dsc
libalsaplayer-dev_0.99.79-3+lenny1_i386.deb
to pool/main/a/alsaplayer/libalsaplayer-dev_0.99.79-3+lenny1_i386.deb
libalsaplayer0_0.99.79-3+lenny1_i386.deb
to pool/main/a/alsaplayer/libalsaplayer0_0.99.79-3+lenny1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 446034@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated alsaplayer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 12 Oct 2007 12:45:45 +0200
Source: alsaplayer
Binary: alsaplayer-daemon alsaplayer-xosd libalsaplayer-dev alsaplayer-jack alsaplayer-esd alsaplayer-text alsaplayer-nas alsaplayer-oss alsaplayer-alsa alsaplayer-gtk libalsaplayer0 alsaplayer-common
Architecture: source i386
Version: 0.99.79-3+lenny1
Distribution: testing-security
Urgency: high
Maintainer: Hubert Chan <uhoreg@debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description:
alsaplayer-alsa - PCM player designed for ALSA (ALSA output module)
alsaplayer-common - PCM player designed for ALSA (common files)
alsaplayer-daemon - PCM player designed for ALSA (non-interactive version)
alsaplayer-esd - PCM player designed for ALSA (EsounD output module)
alsaplayer-gtk - PCM player designed for ALSA (GTK version)
alsaplayer-jack - PCM player designed for ALSA (JACK output module)
alsaplayer-nas - PCM player designed for ALSA (NAS output module)
alsaplayer-oss - PCM player designed for ALSA (OSS output module)
alsaplayer-text - PCM player designed for ALSA (text version)
alsaplayer-xosd - PCM player designed for ALSA (osd version)
libalsaplayer-dev - PCM player designed for ALSA (interface library, development file
libalsaplayer0 - PCM player designed for ALSA (interface library)
Closes: 446034
Changes:
alsaplayer (0.99.79-3+lenny1) testing-security; urgency=high
.
* Non-maintainer upload by testing security team.
* Added CVE-2007-5301.dpatch to fix buffer overflow
via crafted ogg vorbis files (CVE-2007-5301) (Closes: #446034).
Files:
2d20038dd6e7dc569c00cc4375d6a8a1 1105 sound optional alsaplayer_0.99.79-3+lenny1.dsc
55dc879c79ae741895dc5e42d6f484c9 855696 sound optional alsaplayer_0.99.79.orig.tar.gz
64041b62a1ffafddad30949868e3e502 15732 sound optional alsaplayer_0.99.79-3+lenny1.diff.gz
ab8d4bf624facc2a4b0af14d08373925 162300 sound optional alsaplayer-common_0.99.79-3+lenny1_i386.deb
6177f3a9a892e75a1ec107c56b40ddee 115748 sound optional alsaplayer-gtk_0.99.79-3+lenny1_i386.deb
392839e046a1aaaafc70dacfd2b4b4c1 29168 sound optional alsaplayer-text_0.99.79-3+lenny1_i386.deb
50c79b6be4bb8cf002e936e90963523c 28148 sound optional alsaplayer-daemon_0.99.79-3+lenny1_i386.deb
3e86f25935976811152e9e59d341f422 28892 sound optional alsaplayer-xosd_0.99.79-3+lenny1_i386.deb
75e76949e7629a592e903834a688ee1e 26204 sound optional alsaplayer-oss_0.99.79-3+lenny1_i386.deb
9573c7646eaeab065614c849b1fb884d 27798 sound optional alsaplayer-alsa_0.99.79-3+lenny1_i386.deb
c1adb7aebde26bf90c28268213e605b3 26084 sound optional alsaplayer-esd_0.99.79-3+lenny1_i386.deb
84587306ac6a55ff62c7aeee21fa9ebb 27952 sound optional alsaplayer-nas_0.99.79-3+lenny1_i386.deb
5c5a7479d2c01ef9f9c8faac7d772f70 30008 sound optional alsaplayer-jack_0.99.79-3+lenny1_i386.deb
9cfe74eac5e97e3f472cf57d38ea4234 32142 libs optional libalsaplayer0_0.99.79-3+lenny1_i386.deb
fa62ce5d82c583c8fc75517971f503d2 82378 libdevel optional libalsaplayer-dev_0.99.79-3+lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHD1JAHYflSXNkfP8RAv5jAJ94FLRcvbYOAnbSEFAvAlR05HjYkwCdHXwj
FYqsLJxRNYxEHkh++daLh+8=
=PvD9
-----END PGP SIGNATURE-----
Reply sent to Devin Carraway <devin@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #36 received at 446034-close@bugs.debian.org (full text, mbox, reply):
Source: alsaplayer
Source-Version: 0.99.76-9+etch4
We believe that the bug you reported is fixed in the latest version of
alsaplayer, which is due to be installed in the Debian FTP archive:
alsaplayer-alsa_0.99.76-9+etch4_i386.deb
to pool/main/a/alsaplayer/alsaplayer-alsa_0.99.76-9+etch4_i386.deb
alsaplayer-common_0.99.76-9+etch4_i386.deb
to pool/main/a/alsaplayer/alsaplayer-common_0.99.76-9+etch4_i386.deb
alsaplayer-daemon_0.99.76-9+etch4_i386.deb
to pool/main/a/alsaplayer/alsaplayer-daemon_0.99.76-9+etch4_i386.deb
alsaplayer-esd_0.99.76-9+etch4_i386.deb
to pool/main/a/alsaplayer/alsaplayer-esd_0.99.76-9+etch4_i386.deb
alsaplayer-gtk_0.99.76-9+etch4_i386.deb
to pool/main/a/alsaplayer/alsaplayer-gtk_0.99.76-9+etch4_i386.deb
alsaplayer-jack_0.99.76-9+etch4_i386.deb
to pool/main/a/alsaplayer/alsaplayer-jack_0.99.76-9+etch4_i386.deb
alsaplayer-nas_0.99.76-9+etch4_i386.deb
to pool/main/a/alsaplayer/alsaplayer-nas_0.99.76-9+etch4_i386.deb
alsaplayer-oss_0.99.76-9+etch4_i386.deb
to pool/main/a/alsaplayer/alsaplayer-oss_0.99.76-9+etch4_i386.deb
alsaplayer-text_0.99.76-9+etch4_i386.deb
to pool/main/a/alsaplayer/alsaplayer-text_0.99.76-9+etch4_i386.deb
alsaplayer-xosd_0.99.76-9+etch4_i386.deb
to pool/main/a/alsaplayer/alsaplayer-xosd_0.99.76-9+etch4_i386.deb
alsaplayer_0.99.76-9+etch4.diff.gz
to pool/main/a/alsaplayer/alsaplayer_0.99.76-9+etch4.diff.gz
alsaplayer_0.99.76-9+etch4.dsc
to pool/main/a/alsaplayer/alsaplayer_0.99.76-9+etch4.dsc
libalsaplayer-dev_0.99.76-9+etch4_i386.deb
to pool/main/a/alsaplayer/libalsaplayer-dev_0.99.76-9+etch4_i386.deb
libalsaplayer0_0.99.76-9+etch4_i386.deb
to pool/main/a/alsaplayer/libalsaplayer0_0.99.76-9+etch4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 446034@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Devin Carraway <devin@debian.org> (supplier of updated alsaplayer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 30 Mar 2008 07:35:43 +0000
Source: alsaplayer
Binary: alsaplayer-daemon alsaplayer-xosd libalsaplayer-dev alsaplayer-jack alsaplayer-esd alsaplayer-text alsaplayer-nas alsaplayer-oss alsaplayer-alsa alsaplayer-gtk libalsaplayer0 alsaplayer-common
Architecture: source i386
Version: 0.99.76-9+etch4
Distribution: stable-security
Urgency: high
Maintainer: Hubert Chan <hubert@uhoreg.ca>
Changed-By: Devin Carraway <devin@debian.org>
Description:
alsaplayer-alsa - PCM player designed for ALSA (ALSA output module)
alsaplayer-common - PCM player designed for ALSA (common files)
alsaplayer-daemon - PCM player designed for ALSA (non-interactive version)
alsaplayer-esd - PCM player designed for ALSA (EsounD output module)
alsaplayer-gtk - PCM player designed for ALSA (GTK version)
alsaplayer-jack - PCM player designed for ALSA (JACK output module)
alsaplayer-nas - PCM player designed for ALSA (NAS output module)
alsaplayer-oss - PCM player designed for ALSA (OSS output module)
alsaplayer-text - PCM player designed for ALSA (text version)
alsaplayer-xosd - PCM player designed for ALSA (osd version)
libalsaplayer-dev - PCM player designed for ALSA (interface library, development file
libalsaplayer0 - PCM player designed for ALSA (interface library)
Closes: 446034
Changes:
alsaplayer (0.99.76-9+etch4) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* 32_security_CVE-2007-5301: patch from upstream for CVE-2007-5301,
correcting a buffer overflow vulnerability in the Vorbis plugin.
Closes: #446034
Files:
f1cef8ce08af0bc84cc18f45bf54774b 1411 sound optional alsaplayer_0.99.76-9+etch4.dsc
ff78654c9ab74d14ad218dfb226db0a4 795398 sound optional alsaplayer_0.99.76.orig.tar.gz
f2af0197803ce618482ecdc6c78b420e 179628 sound optional alsaplayer_0.99.76-9+etch4.diff.gz
c35adec287030905bf0db4e27ab81d63 158866 sound optional alsaplayer-common_0.99.76-9+etch4_i386.deb
902924f6ef4f2e63b66b183dc0c35334 115288 sound optional alsaplayer-gtk_0.99.76-9+etch4_i386.deb
f1ef493cd0e41107102a7d552b83563c 28100 sound optional alsaplayer-text_0.99.76-9+etch4_i386.deb
9d0e04a29f76e31f8b076ab3a689a23f 26996 sound optional alsaplayer-daemon_0.99.76-9+etch4_i386.deb
122a2eaf526f4566d7a7486900bf31b3 27682 sound optional alsaplayer-xosd_0.99.76-9+etch4_i386.deb
2b54d8b1f00a371d22b59d83e5cde354 25102 sound optional alsaplayer-oss_0.99.76-9+etch4_i386.deb
a4c34cf4a0ab302a9ec079830bc078a5 26732 sound optional alsaplayer-alsa_0.99.76-9+etch4_i386.deb
1a43a121d1a49ca6873ba5095d859e62 24994 sound optional alsaplayer-esd_0.99.76-9+etch4_i386.deb
9fd4b50433e0e8059e841156d89265c8 26938 sound optional alsaplayer-nas_0.99.76-9+etch4_i386.deb
9153f6bcfa7b63b15a48f28a599bbc72 28900 sound optional alsaplayer-jack_0.99.76-9+etch4_i386.deb
152b14037ca04c15f98d61da207d8d46 30404 libs optional libalsaplayer0_0.99.76-9+etch4_i386.deb
63d46351fcfaf549e0602289d9fd7139 81112 libdevel optional libalsaplayer-dev_0.99.76-9+etch4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBR++awGz0hbPcukPfAQIfeggAnRSB3v6raymKD3lJ6agZ0tBcsPhtoIU8
jDxYMTsyNLamvd9yEztpa7zHdbTlOU0BRWjJ/hLIS8XKg4O5P6zYBUFDkR8eNFJc
wSSmK23rbnh+4oV/qR+AOJ3RyTwfOPeLpgQ6lKxLzu8+em3tvpoZ504M6mcegqtB
Z9vuK5R1NXLUrXPuk67FIxDD05CtwXjWLjGworc9h7IWKnRYg8871Tz28jqr4Re5
v74dSiXKVZubH3iSe3X4UbsT23dlAWF3vsYh9uANzA7WU+gmzjk/IWEQ7yK8aRB4
zJoWuErwxncVEKDh68XpS02pOSZbPJwu+IGTqnb1K4uF/TEQkfBHyQ==
=6eML
-----END PGP SIGNATURE-----
Reply sent to Devin Carraway <devin@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #41 received at 446034-close@bugs.debian.org (full text, mbox, reply):
Source: alsaplayer
Source-Version: 0.99.76-9+etch4
We believe that the bug you reported is fixed in the latest version of
alsaplayer, which is due to be installed in the Debian FTP archive:
alsaplayer-alsa_0.99.76-9+etch4_i386.deb
to pool/main/a/alsaplayer/alsaplayer-alsa_0.99.76-9+etch4_i386.deb
alsaplayer-common_0.99.76-9+etch4_i386.deb
to pool/main/a/alsaplayer/alsaplayer-common_0.99.76-9+etch4_i386.deb
alsaplayer-daemon_0.99.76-9+etch4_i386.deb
to pool/main/a/alsaplayer/alsaplayer-daemon_0.99.76-9+etch4_i386.deb
alsaplayer-esd_0.99.76-9+etch4_i386.deb
to pool/main/a/alsaplayer/alsaplayer-esd_0.99.76-9+etch4_i386.deb
alsaplayer-gtk_0.99.76-9+etch4_i386.deb
to pool/main/a/alsaplayer/alsaplayer-gtk_0.99.76-9+etch4_i386.deb
alsaplayer-jack_0.99.76-9+etch4_i386.deb
to pool/main/a/alsaplayer/alsaplayer-jack_0.99.76-9+etch4_i386.deb
alsaplayer-nas_0.99.76-9+etch4_i386.deb
to pool/main/a/alsaplayer/alsaplayer-nas_0.99.76-9+etch4_i386.deb
alsaplayer-oss_0.99.76-9+etch4_i386.deb
to pool/main/a/alsaplayer/alsaplayer-oss_0.99.76-9+etch4_i386.deb
alsaplayer-text_0.99.76-9+etch4_i386.deb
to pool/main/a/alsaplayer/alsaplayer-text_0.99.76-9+etch4_i386.deb
alsaplayer-xosd_0.99.76-9+etch4_i386.deb
to pool/main/a/alsaplayer/alsaplayer-xosd_0.99.76-9+etch4_i386.deb
alsaplayer_0.99.76-9+etch4.diff.gz
to pool/main/a/alsaplayer/alsaplayer_0.99.76-9+etch4.diff.gz
alsaplayer_0.99.76-9+etch4.dsc
to pool/main/a/alsaplayer/alsaplayer_0.99.76-9+etch4.dsc
libalsaplayer-dev_0.99.76-9+etch4_i386.deb
to pool/main/a/alsaplayer/libalsaplayer-dev_0.99.76-9+etch4_i386.deb
libalsaplayer0_0.99.76-9+etch4_i386.deb
to pool/main/a/alsaplayer/libalsaplayer0_0.99.76-9+etch4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 446034@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Devin Carraway <devin@debian.org> (supplier of updated alsaplayer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 30 Mar 2008 07:35:43 +0000
Source: alsaplayer
Binary: alsaplayer-daemon alsaplayer-xosd libalsaplayer-dev alsaplayer-jack alsaplayer-esd alsaplayer-text alsaplayer-nas alsaplayer-oss alsaplayer-alsa alsaplayer-gtk libalsaplayer0 alsaplayer-common
Architecture: source i386
Version: 0.99.76-9+etch4
Distribution: stable-security
Urgency: high
Maintainer: Hubert Chan <hubert@uhoreg.ca>
Changed-By: Devin Carraway <devin@debian.org>
Description:
alsaplayer-alsa - PCM player designed for ALSA (ALSA output module)
alsaplayer-common - PCM player designed for ALSA (common files)
alsaplayer-daemon - PCM player designed for ALSA (non-interactive version)
alsaplayer-esd - PCM player designed for ALSA (EsounD output module)
alsaplayer-gtk - PCM player designed for ALSA (GTK version)
alsaplayer-jack - PCM player designed for ALSA (JACK output module)
alsaplayer-nas - PCM player designed for ALSA (NAS output module)
alsaplayer-oss - PCM player designed for ALSA (OSS output module)
alsaplayer-text - PCM player designed for ALSA (text version)
alsaplayer-xosd - PCM player designed for ALSA (osd version)
libalsaplayer-dev - PCM player designed for ALSA (interface library, development file
libalsaplayer0 - PCM player designed for ALSA (interface library)
Closes: 446034
Changes:
alsaplayer (0.99.76-9+etch4) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* 32_security_CVE-2007-5301: patch from upstream for CVE-2007-5301,
correcting a buffer overflow vulnerability in the Vorbis plugin.
Closes: #446034
Files:
f1cef8ce08af0bc84cc18f45bf54774b 1411 sound optional alsaplayer_0.99.76-9+etch4.dsc
ff78654c9ab74d14ad218dfb226db0a4 795398 sound optional alsaplayer_0.99.76.orig.tar.gz
f2af0197803ce618482ecdc6c78b420e 179628 sound optional alsaplayer_0.99.76-9+etch4.diff.gz
c35adec287030905bf0db4e27ab81d63 158866 sound optional alsaplayer-common_0.99.76-9+etch4_i386.deb
902924f6ef4f2e63b66b183dc0c35334 115288 sound optional alsaplayer-gtk_0.99.76-9+etch4_i386.deb
f1ef493cd0e41107102a7d552b83563c 28100 sound optional alsaplayer-text_0.99.76-9+etch4_i386.deb
9d0e04a29f76e31f8b076ab3a689a23f 26996 sound optional alsaplayer-daemon_0.99.76-9+etch4_i386.deb
122a2eaf526f4566d7a7486900bf31b3 27682 sound optional alsaplayer-xosd_0.99.76-9+etch4_i386.deb
2b54d8b1f00a371d22b59d83e5cde354 25102 sound optional alsaplayer-oss_0.99.76-9+etch4_i386.deb
a4c34cf4a0ab302a9ec079830bc078a5 26732 sound optional alsaplayer-alsa_0.99.76-9+etch4_i386.deb
1a43a121d1a49ca6873ba5095d859e62 24994 sound optional alsaplayer-esd_0.99.76-9+etch4_i386.deb
9fd4b50433e0e8059e841156d89265c8 26938 sound optional alsaplayer-nas_0.99.76-9+etch4_i386.deb
9153f6bcfa7b63b15a48f28a599bbc72 28900 sound optional alsaplayer-jack_0.99.76-9+etch4_i386.deb
152b14037ca04c15f98d61da207d8d46 30404 libs optional libalsaplayer0_0.99.76-9+etch4_i386.deb
63d46351fcfaf549e0602289d9fd7139 81112 libdevel optional libalsaplayer-dev_0.99.76-9+etch4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBR++awGz0hbPcukPfAQIfeggAnRSB3v6raymKD3lJ6agZ0tBcsPhtoIU8
jDxYMTsyNLamvd9yEztpa7zHdbTlOU0BRWjJ/hLIS8XKg4O5P6zYBUFDkR8eNFJc
wSSmK23rbnh+4oV/qR+AOJ3RyTwfOPeLpgQ6lKxLzu8+em3tvpoZ504M6mcegqtB
Z9vuK5R1NXLUrXPuk67FIxDD05CtwXjWLjGworc9h7IWKnRYg8871Tz28jqr4Re5
v74dSiXKVZubH3iSe3X4UbsT23dlAWF3vsYh9uANzA7WU+gmzjk/IWEQ7yK8aRB4
zJoWuErwxncVEKDh68XpS02pOSZbPJwu+IGTqnb1K4uF/TEQkfBHyQ==
=6eML
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 24 Aug 2008 07:30:49 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:58:19 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon