Debian Bug report logs -
#871616
CVE-2017-11661 CVE-2017-11662 CVE-2017-11663 CVE-2017-11664
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 9 Aug 2017 23:12:02 UTC
Severity: important
Tags: fixed-upstream, security, upstream
Found in version wildmidi/0.4.0-1
Fixed in version wildmidi/0.4.2-1
Done: Bret Curtis <psi29a@gmail.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Bret Curtis <psi29a@gmail.com>
:
Bug#871616
; Package src:wildmidi
.
(Wed, 09 Aug 2017 23:12:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Bret Curtis <psi29a@gmail.com>
.
(Wed, 09 Aug 2017 23:12:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: wildmidi
Severity: important
Tags: security
Hi,
please see http://seclists.org/fulldisclosure/2017/Aug/12
Patch is here:
https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd
Wheezy and jessie are not affected, but stretch. This doesn't warrant a DSA, could
still be fixed via a point release, though.
Cheers,
Moritz
Marked as found in versions wildmidi/0.4.0-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Thu, 10 Aug 2017 03:03:04 GMT) (full text, mbox, link).
Added tag(s) fixed-upstream and upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Thu, 10 Aug 2017 03:03:05 GMT) (full text, mbox, link).
Reply sent
to Bret Curtis <psi29a@gmail.com>
:
You have taken responsibility.
(Sun, 07 Jan 2018 00:27:03 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>
:
Bug acknowledged by developer.
(Sun, 07 Jan 2018 00:27:04 GMT) (full text, mbox, link).
Message #14 received at 871616-close@bugs.debian.org (full text, mbox, reply):
Source: wildmidi
Source-Version: 0.4.2-1
We believe that the bug you reported is fixed in the latest version of
wildmidi, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 871616@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bret Curtis <psi29a@gmail.com> (supplier of updated wildmidi package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 07 Jan 2018 00:45:44 +0100
Source: wildmidi
Binary: wildmidi libwildmidi2 libwildmidi-dev libwildmidi-config
Architecture: source
Version: 0.4.2-1
Distribution: unstable
Urgency: medium
Maintainer: Bret Curtis <psi29a@gmail.com>
Changed-By: Bret Curtis <psi29a@gmail.com>
Description:
libwildmidi-config - software MIDI player configuration
libwildmidi-dev - software MIDI player library headers
libwildmidi2 - software MIDI player library
wildmidi - software MIDI player
Closes: 871616 886503
Changes:
wildmidi (0.4.2-1) unstable; urgency=medium
.
[ Bret Curtis ]
* New upstream release.
- Fix CVE-2017-11661, CVE-2017-11662, CVE-2017-11663. (Closes: #871616)
- Fix CVE-2017-1000418. (Closes: #886503)
* Declare compliance with Debian Policy 4.1.3.
.
[ Markus Koschany ]
* Switch to compat level 11.
Checksums-Sha1:
caf70bc7adefb4240550eb5c4d4e60995db68d3c 2314 wildmidi_0.4.2-1.dsc
afbd2e65b78392562aaa31152ed7770ca72513c2 192441 wildmidi_0.4.2.orig.tar.gz
6185ef6919e9de9b034a656c7d173fadc1045774 6632 wildmidi_0.4.2-1.debian.tar.xz
7b61c6d1432ac1f0d63cd7a45cba2a90555fcd3b 7878 wildmidi_0.4.2-1_amd64.buildinfo
Checksums-Sha256:
ed8ea572dbdeea2bee79e85947313ae4f9df53a76af8a757216951f5793077cc 2314 wildmidi_0.4.2-1.dsc
551d43cb6de6019885f933a20b6f3205a92814f50da8b0d8bceac002b9a8109d 192441 wildmidi_0.4.2.orig.tar.gz
e8e82887ebd4178c26be0048535745f1a713f9c6d1bbe5603fe265645f8d2241 6632 wildmidi_0.4.2-1.debian.tar.xz
c6a8e43fe33415bc7ee29ff1d17fcbaf7a12ae624d24397b1b2d846b327185ae 7878 wildmidi_0.4.2-1_amd64.buildinfo
Files:
4d780eacff6abd80e03b88f7b2dfac4b 2314 sound optional wildmidi_0.4.2-1.dsc
55cf5292def592a496457038de2ed6f5 192441 sound optional wildmidi_0.4.2.orig.tar.gz
089f61ac6d2a4e801275378e346c5b71 6632 sound optional wildmidi_0.4.2-1.debian.tar.xz
274c9ecec9f925f545ff1a71a5eb1ab0 7878 sound optional wildmidi_0.4.2-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlpRY0dfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hku9YP/3jJPRMqdR8+pfTHvBlJZba8FasLDibazL7K
Sa+Mot4vQLIR+82vIddlEozZfcYwDWiIwpGNdg+qoGB1/0aOZn+Vx1djUccle8nJ
rsbT0bsz6BxYPTVn39E5arL8eDfkXJhoVCMrEHc7w+r73d7yctDhW93310squvZU
CmylwHc2BtJ3orRrJcp7VLXEuo3m+ERrwVc/iAivnXY5aNmJYwZrjVyGZ2PX6doE
aa7WVqIeddDdjVghcXVcWFDKF4GBtSzMAL+56jFKyh5UAvLfZKUAWCJpj6AEiBbI
+WW8WR4m8TbAclFDqgPbGHHRbR0KezJrxjKOm+sKTd+bl9+DPagdAopvBImeusCf
OnwSxGnfQynikI/ht9F/vyp/dPohjAkP2gBCPO7mBVgnCwXLaOc7/VAl8H5VoxbW
UiJA3fBiZIfZhSmaUePePKRPbElILdaeKSJ9iki05kDAB1RUw3SiO+5qwfV/sOQm
MbpARsWo8/ulslT0OysPz8FxiVf7duzB5FOpaq/cd8V79HBpJfXkirTWNty0l6Ma
OwRxnWrULbAsvo93E7PmuKlc85JnG2rYcjD+Z7hTN8gjF3dTO4Gxpvu9Jyd4M3d6
4jAQtcTgRLwces4PqDFWG4KaWEdPvajpkWN1IXMtc1Tc0Ci+HDYBax4sOShLy4d5
EKk2JqiD
=d/V5
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Fri, 09 Feb 2018 07:26:27 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:01:10 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.