Debian Bug report logs -
#745808
speech-dispatcher: CVE-2014-1724
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian TTS Team <tts-project@lists.alioth.debian.org>:
Bug#745808; Package speech-dispatcher.
(Fri, 25 Apr 2014 12:21:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian TTS Team <tts-project@lists.alioth.debian.org>.
(Fri, 25 Apr 2014 12:21:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: speech-dispatcher
Severity: important
Tags: security
Hi,
the details are a bit scarce, can you contact upstream whether the Chrome
developers have contacted them?
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1724
It's unclear whether this is a security issue in itself or only as part
of the integration in Chrome.
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian TTS Team <tts-project@lists.alioth.debian.org>:
Bug#745808; Package speech-dispatcher.
(Fri, 16 May 2014 01:21:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Luke Yelavich <themuso@ubuntu.com>:
Extra info received and forwarded to list. Copy sent to Debian TTS Team <tts-project@lists.alioth.debian.org>.
(Fri, 16 May 2014 01:21:04 GMT) (full text, mbox, link).
Message #10 received at 745808@bugs.debian.org (full text, mbox, reply):
On Fri, Apr 25, 2014 at 10:06:04PM EST, Moritz Muehlenhoff wrote:
> Hi,
> the details are a bit scarce, can you contact upstream whether the Chrome
> developers have contacted them?
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1724
>
> It's unclear whether this is a security issue in itself or only as part
> of the integration in Chrome.
There is no bug in the upstream bug tracker for this, and there has been no contact on the speech-dispatcher mailing list. Brailcom or Hynek Hanke may have been contacted privately however.
Luke
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian TTS Team <tts-project@lists.alioth.debian.org>:
Bug#745808; Package speech-dispatcher.
(Thu, 04 Dec 2014 15:57:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Mühlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian TTS Team <tts-project@lists.alioth.debian.org>.
(Thu, 04 Dec 2014 15:57:04 GMT) (full text, mbox, link).
Message #17 received at 745808@bugs.debian.org (full text, mbox, reply):
On Fri, May 16, 2014 at 11:17:32AM +1000, Luke Yelavich wrote:
> On Fri, Apr 25, 2014 at 10:06:04PM EST, Moritz Muehlenhoff wrote:
> > Hi,
> > the details are a bit scarce, can you contact upstream whether the Chrome
> > developers have contacted them?
> >
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1724
> >
> > It's unclear whether this is a security issue in itself or only as part
> > of the integration in Chrome.
>
> There is no bug in the upstream bug tracker for this, and there has been no contact on the speech-dispatcher mailing list. Brailcom or Hynek Hanke may have been contacted privately however.
Hi,
this was fixed upstream as per
https://its.freebsoft.org/its/issues/29863, can you cherrypick
413ff41fcad0053fd59cca40db69ca699e903c43 and
ef9a3f1570fb9970aea08bd09547af8ee3c7bc94 for jessie?
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian TTS Team <tts-project@lists.alioth.debian.org>:
Bug#745808; Package speech-dispatcher.
(Thu, 04 Dec 2014 22:45:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Luke Yelavich <themuso@ubuntu.com>:
Extra info received and forwarded to list. Copy sent to Debian TTS Team <tts-project@lists.alioth.debian.org>.
(Thu, 04 Dec 2014 22:45:05 GMT) (full text, mbox, link).
Message #22 received at 745808@bugs.debian.org (full text, mbox, reply):
On Fri, Dec 05, 2014 at 02:52:43AM AEDT, Moritz Mühlenhoff wrote:
> Hi,
> this was fixed upstream as per
> https://its.freebsoft.org/its/issues/29863, can you cherrypick
> 413ff41fcad0053fd59cca40db69ca699e903c43 and
> ef9a3f1570fb9970aea08bd09547af8ee3c7bc94 for jessie?
These have been cherry-picked, and are in the git repo in the debian-jessie branch. This will require a DD to upload, as I am not a DD myself.
Luke
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian TTS Team <tts-project@lists.alioth.debian.org>:
Bug#745808; Package speech-dispatcher.
(Fri, 05 Dec 2014 09:12:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Paul Gevers <elbrus@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian TTS Team <tts-project@lists.alioth.debian.org>.
(Fri, 05 Dec 2014 09:12:04 GMT) (full text, mbox, link).
Message #27 received at 745808@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On 04-12-14 23:41, Luke Yelavich wrote:
> On Fri, Dec 05, 2014 at 02:52:43AM AEDT, Moritz M�hlenhoff wrote:
>> Hi,
>> this was fixed upstream as per
>> https://its.freebsoft.org/its/issues/29863, can you cherrypick
>> 413ff41fcad0053fd59cca40db69ca699e903c43 and
>> ef9a3f1570fb9970aea08bd09547af8ee3c7bc94 for jessie?
>
> These have been cherry-picked, and are in the git repo in the debian-jessie branch. This will require a DD to upload, as I am not a DD myself.
Will take a look at it this today or this weekend.
Paul
[signature.asc (application/pgp-signature, attachment)]
Reply sent
to Luke Yelavich <themuso@ubuntu.com>:
You have taken responsibility.
(Fri, 05 Dec 2014 16:39:06 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Fri, 05 Dec 2014 16:39:06 GMT) (full text, mbox, link).
Message #32 received at 745808-close@bugs.debian.org (full text, mbox, reply):
Source: speech-dispatcher
Source-Version: 0.8-7
We believe that the bug you reported is fixed in the latest version of
speech-dispatcher, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 745808@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luke Yelavich <themuso@ubuntu.com> (supplier of updated speech-dispatcher package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 05 Dec 2014 09:06:54 +1100
Source: speech-dispatcher
Binary: speech-dispatcher libspeechd2 libspeechd-dev cl-speech-dispatcher python3-speechd speech-dispatcher-festival speech-dispatcher-doc-cs speech-dispatcher-dbg speech-dispatcher-audio-plugins
Architecture: source amd64 all
Version: 0.8-7
Distribution: unstable
Urgency: medium
Maintainer: Debian TTS Team <tts-project@lists.alioth.debian.org>
Changed-By: Luke Yelavich <themuso@ubuntu.com>
Description:
cl-speech-dispatcher - Common Lisp interface to Speech Dispatcher
libspeechd-dev - Speech Dispatcher: Development libraries and header files
libspeechd2 - Speech Dispatcher: Shared libraries
python3-speechd - Python interface to Speech Dispatcher
speech-dispatcher - Common interface to speech synthesizers
speech-dispatcher-audio-plugins - Speech Dispatcher: Audio output plugins
speech-dispatcher-dbg - Speech Dispatcher debugging symbols
speech-dispatcher-doc-cs - Speech Dispatcher documentation in Czech
speech-dispatcher-festival - Festival support for Speech Dispatcher
Closes: 745808
Changes:
speech-dispatcher (0.8-7) unstable; urgency=medium
.
* Team upload
* Cherry-pick patches from upstream git to fix CVE-2014-1724
(Closes: #745808)
Checksums-Sha1:
6720ce57ef557e9fca95eb7dc5fd0eade4ff0a1f 2461 speech-dispatcher_0.8-7.dsc
06cd6cce382dae537fb75e9f902099f904c9721f 36480 speech-dispatcher_0.8-7.debian.tar.xz
f571f692507fc27fd031f83826c014dfe5c75ef1 25012 cl-speech-dispatcher_0.8-7_all.deb
2737c7cf62c5f4ee97e97fa67b46008170ca118d 53256 python3-speechd_0.8-7_all.deb
fdb7ff1af26aae64590eaddd03a59dad39ee59dc 44126 speech-dispatcher-doc-cs_0.8-7_all.deb
Checksums-Sha256:
32626e660107d392f3e51376582b0ffd0998a7cedfaf5c16678e955422936492 2461 speech-dispatcher_0.8-7.dsc
1e08406fa09d973ea303dcae1f265ebf6b0e2355774df3b0a29adcdfe70d04bc 36480 speech-dispatcher_0.8-7.debian.tar.xz
d9f5ebf3531871e67747e32672d0851ecb413cf96308f07ec4a0c7f5949ab3c1 25012 cl-speech-dispatcher_0.8-7_all.deb
9ddfcf2daf573c341655005be7faa9c5a9d533062135a6a5d967be47ace32444 53256 python3-speechd_0.8-7_all.deb
bb6cc424fb5251499d750fc3854e6bb647884ed3c48ef6a23ac19a00f1daba35 44126 speech-dispatcher-doc-cs_0.8-7_all.deb
Files:
23bf1ad1c50b70367577c42470fea67e 2461 sound optional speech-dispatcher_0.8-7.dsc
f4a1338a9714040ab65e15cc6ab18e76 36480 sound optional speech-dispatcher_0.8-7.debian.tar.xz
c9281ab006cf70bb82aecfc031273fca 25012 lisp extra cl-speech-dispatcher_0.8-7_all.deb
7ef45314e358bd87ead096015052ea06 53256 python extra python3-speechd_0.8-7_all.deb
e4183de9e9021300f590dfee530331fa 44126 doc extra speech-dispatcher-doc-cs_0.8-7_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBCAAGBQJUgdkSAAoJEJxcmesFvXUKEbwH/3D0iwoYHdVE0jeGAj4db0ql
ZZ7h4BgKrQ1s4/4poZf9as/G+v88kGZ2JsW099oqU3C/AqLnJ9QmsPalSGc9SKDD
U/BZtsVxUsyAIfMu4+FeP7RMAvb3RW8IK7dVGvDeoZhP89qPxERtOf2aMqBDaxFH
jXafRnRNBbVZr+z//99hKsOiI2sQhbNB2RqKzMWE9KAZuYVKFj3itb3lLYhfEkcK
PJhAWOuwQpQxmF9Zw2cUowFM+p7iLo7Q+rN+zhbtbY6CtpeoMsXomFLUE+FAgp+7
GeJYgQCJSX2QpoyxNkKfHa8pWQs5dN243StUkypa5/qFm9EeWz5bc9wDOBfqLdQ=
=1OTQ
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian TTS Team <tts-project@lists.alioth.debian.org>:
Bug#745808; Package speech-dispatcher.
(Fri, 05 Dec 2014 17:21:16 GMT) (full text, mbox, link).
Acknowledgement sent
to Paul Gevers <elbrus@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian TTS Team <tts-project@lists.alioth.debian.org>.
(Fri, 05 Dec 2014 17:21:16 GMT) (full text, mbox, link).
Message #37 received at 745808@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On 05-12-14 10:09, Paul Gevers wrote:
> On 04-12-14 23:41, Luke Yelavich wrote:
>> These have been cherry-picked, and are in the git repo in the debian-jessie branch. This will require a DD to upload, as I am not a DD myself.
>
> Will take a look at it this today or this weekend.
Just did so, Luke, can you take this up again with the RT?
Paul
[signature.asc (application/pgp-signature, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian TTS Team <tts-project@lists.alioth.debian.org>:
Bug#745808; Package speech-dispatcher.
(Sun, 07 Dec 2014 22:00:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Luke Yelavich <themuso@ubuntu.com>:
Extra info received and forwarded to list. Copy sent to Debian TTS Team <tts-project@lists.alioth.debian.org>.
(Sun, 07 Dec 2014 22:00:04 GMT) (full text, mbox, link).
Message #42 received at 745808@bugs.debian.org (full text, mbox, reply):
On Sat, Dec 06, 2014 at 04:18:22AM AEDT, Paul Gevers wrote:
> On 05-12-14 10:09, Paul Gevers wrote:
> > On 04-12-14 23:41, Luke Yelavich wrote:
> >> These have been cherry-picked, and are in the git repo in the debian-jessie branch. This will require a DD to upload, as I am not a DD myself.
> >
> > Will take a look at it this today or this weekend.
>
> Just did so, Luke, can you take this up again with the RT?
Pardon my ignorance, what do you mean by RT?
Luke
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian TTS Team <tts-project@lists.alioth.debian.org>:
Bug#745808; Package speech-dispatcher.
(Mon, 08 Dec 2014 16:45:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian TTS Team <tts-project@lists.alioth.debian.org>.
(Mon, 08 Dec 2014 16:45:09 GMT) (full text, mbox, link).
Message #47 received at 745808@bugs.debian.org (full text, mbox, reply):
Hi Luke,
On Mon, Dec 08, 2014 at 08:57:39AM +1100, Luke Yelavich wrote:
> On Sat, Dec 06, 2014 at 04:18:22AM AEDT, Paul Gevers wrote:
> > On 05-12-14 10:09, Paul Gevers wrote:
> > > On 04-12-14 23:41, Luke Yelavich wrote:
> > >> These have been cherry-picked, and are in the git repo in the debian-jessie branch. This will require a DD to upload, as I am not a DD myself.
> > >
> > > Will take a look at it this today or this weekend.
> >
> > Just did so, Luke, can you take this up again with the RT?
>
> Pardon my ignorance, what do you mean by RT?
RT means Release Team here. Since we are in freeze for Jessie, the
following freeze policy apply:
https://release.debian.org/jessie/freeze_policy.html . Fixes which
need to migrated from sid to testing need to be brough to the
release-team, to get an unblock.
Hope that helps,
Regards,
Salvatore
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 10 Jan 2015 07:25:25 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:21:58 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon