Debian Bug report logs -
#986839
mpv: New upstream version 0.33.1 fixes CVE-2021-30145
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>:
Bug#986839; Package mpv.
(Mon, 12 Apr 2021 17:51:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Wessel Dankers <wsl-debbugs-mpv@fruit.je>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>.
(Mon, 12 Apr 2021 17:51:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: mpv
Version: 0.32.0-2+b1
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
Dear Maintainer,
Version 0.33.1 was released on Mon, 5 Apr 2021. Apparently this fixes a
security problem (CVE-2021-30145) that affects every version since 2002.
A description of the problem can be found at:
https://github.com/mpv-player/mpv/commit/cb3fa04bcb2ba9e0d25788480359157208c13e0b
The release can be found at:
https://github.com/mpv-player/mpv/releases
Thanks,
Wessel Dankers
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-5-amd64 (SMP w/4 CPU threads)
Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8), LANGUAGE
not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages mpv depends on:
ii libarchive13 3.4.3-2+b1
ii libasound2 1.2.4-1.1
ii libass9 1:0.15.0-1
ii libavcodec58 7:4.3.2-0+deb11u1
ii libavdevice58 7:4.3.2-0+deb11u1
ii libavfilter7 7:4.3.2-0+deb11u1
ii libavformat58 7:4.3.2-0+deb11u1
ii libavutil56 7:4.3.2-0+deb11u1
ii libbluray2 1:1.2.1-4
ii libc6 2.31-11
ii libcaca0 0.99.beta19-2.2
ii libcdio-cdda2 10.2+2.0.0-1+b2
ii libcdio-paranoia2 10.2+2.0.0-1+b2
ii libcdio19 2.1.0-2
ii libdrm2 2.4.104-1
ii libdvdnav4 6.1.0-1+b1
ii libegl1 1.3.2-1
ii libgbm1 20.3.4-1
ii libgl1 1.3.2-1
ii libjack-jackd2-0 [libjack-0.125] 1.9.17~dfsg-1
ii libjpeg62-turbo 1:2.0.6-4
ii liblcms2-2 2.12~rc1-2
ii liblua5.2-0 5.2.4-1.1+b3
ii libpulse0 14.2-2
ii librubberband2 1.9.0-1
ii libsdl2-2.0-0 2.0.14+dfsg2-3
ii libsmbclient 2:4.13.5+dfsg-1
ii libsndio7.0 1.5.0-3
ii libswresample3 7:4.3.2-0+deb11u1
ii libswscale5 7:4.3.2-0+deb11u1
ii libuchardet0 0.0.7-1
ii libva-drm2 2.10.0-1
ii libva-wayland2 2.10.0-1
ii libva-x11-2 2.10.0-1
ii libva2 2.10.0-1
ii libvdpau1 1.4-3
ii libwayland-client0 1.18.0-2~exp1.1
ii libwayland-cursor0 1.18.0-2~exp1.1
ii libwayland-egl1 1.18.0-2~exp1.1
ii libx11-6 2:1.7.0-2
ii libxext6 2:1.3.3-1.1
ii libxinerama1 2:1.1.4-2
ii libxkbcommon0 1.0.3-2
ii libxrandr2 2:1.5.1-1
ii libxss1 1:1.2.3-1
ii libxv1 2:1.0.11-1
ii zlib1g 1:1.2.11.dfsg-2
Versions of packages mpv recommends:
pn xdg-utils <none>
pn youtube-dl <none>
mpv suggests no packages.
-- no debconf information
[signature.asc (application/pgp-signature, inline)]
Added tag(s) upstream and fixed-upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 13 Apr 2021 21:00:05 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Apr 14 08:06:44 2021;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon