Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2017-11661 CVE-2017-11662 CVE-2017-11663 CVE-2017-11664

Related Vulnerabilities: CVE-2017-11661   CVE-2017-11662   CVE-2017-11663   CVE-2017-11664   CVE-2017-1000418  

Source

Debian Bug report logs - #871616
CVE-2017-11661 CVE-2017-11662 CVE-2017-11663 CVE-2017-11664

version graph

Package: src:wildmidi; Maintainer for src:wildmidi is Bret Curtis <psi29a@gmail.com>;

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Wed, 9 Aug 2017 23:12:02 UTC

Severity: important

Tags: fixed-upstream, security, upstream

Found in version wildmidi/0.4.0-1

Fixed in version wildmidi/0.4.2-1

Done: Bret Curtis <psi29a@gmail.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Bret Curtis <psi29a@gmail.com>:
Bug#871616; Package src:wildmidi. (Wed, 09 Aug 2017 23:12:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Bret Curtis <psi29a@gmail.com>. (Wed, 09 Aug 2017 23:12:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2017-11661 CVE-2017-11662 CVE-2017-11663 CVE-2017-11664
Date: Thu, 10 Aug 2017 00:42:21 +0200
Source: wildmidi
Severity: important
Tags: security

Hi,
please see http://seclists.org/fulldisclosure/2017/Aug/12

Patch is here:
https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd

Wheezy and jessie are not affected, but stretch. This doesn't warrant a DSA, could
still be fixed via a point release, though.

Cheers,
        Moritz

Marked as found in versions wildmidi/0.4.0-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Thu, 10 Aug 2017 03:03:04 GMT) (full text, mbox, link).

Added tag(s) fixed-upstream and upstream. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Thu, 10 Aug 2017 03:03:05 GMT) (full text, mbox, link).

Reply sent to Bret Curtis <psi29a@gmail.com>:
You have taken responsibility. (Sun, 07 Jan 2018 00:27:03 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Sun, 07 Jan 2018 00:27:04 GMT) (full text, mbox, link).

Message #14 received at 871616-close@bugs.debian.org (full text, mbox, reply):

From: Bret Curtis <psi29a@gmail.com>
To: 871616-close@bugs.debian.org
Subject: Bug#871616: fixed in wildmidi 0.4.2-1
Date: Sun, 07 Jan 2018 00:22:36 +0000
Source: wildmidi
Source-Version: 0.4.2-1

We believe that the bug you reported is fixed in the latest version of
wildmidi, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 871616@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bret Curtis <psi29a@gmail.com> (supplier of updated wildmidi package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 07 Jan 2018 00:45:44 +0100
Source: wildmidi
Binary: wildmidi libwildmidi2 libwildmidi-dev libwildmidi-config
Architecture: source
Version: 0.4.2-1
Distribution: unstable
Urgency: medium
Maintainer: Bret Curtis <psi29a@gmail.com>
Changed-By: Bret Curtis <psi29a@gmail.com>
Description:
 libwildmidi-config - software MIDI player configuration
 libwildmidi-dev - software MIDI player library headers
 libwildmidi2 - software MIDI player library
 wildmidi   - software MIDI player
Closes: 871616 886503
Changes:
 wildmidi (0.4.2-1) unstable; urgency=medium
 .
   [ Bret Curtis ]
   * New upstream release.
     - Fix CVE-2017-11661, CVE-2017-11662, CVE-2017-11663. (Closes: #871616)
     - Fix CVE-2017-1000418. (Closes: #886503)
   * Declare compliance with Debian Policy 4.1.3.
 .
   [ Markus Koschany ]
   * Switch to compat level 11.
Checksums-Sha1:
 caf70bc7adefb4240550eb5c4d4e60995db68d3c 2314 wildmidi_0.4.2-1.dsc
 afbd2e65b78392562aaa31152ed7770ca72513c2 192441 wildmidi_0.4.2.orig.tar.gz
 6185ef6919e9de9b034a656c7d173fadc1045774 6632 wildmidi_0.4.2-1.debian.tar.xz
 7b61c6d1432ac1f0d63cd7a45cba2a90555fcd3b 7878 wildmidi_0.4.2-1_amd64.buildinfo
Checksums-Sha256:
 ed8ea572dbdeea2bee79e85947313ae4f9df53a76af8a757216951f5793077cc 2314 wildmidi_0.4.2-1.dsc
 551d43cb6de6019885f933a20b6f3205a92814f50da8b0d8bceac002b9a8109d 192441 wildmidi_0.4.2.orig.tar.gz
 e8e82887ebd4178c26be0048535745f1a713f9c6d1bbe5603fe265645f8d2241 6632 wildmidi_0.4.2-1.debian.tar.xz
 c6a8e43fe33415bc7ee29ff1d17fcbaf7a12ae624d24397b1b2d846b327185ae 7878 wildmidi_0.4.2-1_amd64.buildinfo
Files:
 4d780eacff6abd80e03b88f7b2dfac4b 2314 sound optional wildmidi_0.4.2-1.dsc
 55cf5292def592a496457038de2ed6f5 192441 sound optional wildmidi_0.4.2.orig.tar.gz
 089f61ac6d2a4e801275378e346c5b71 6632 sound optional wildmidi_0.4.2-1.debian.tar.xz
 274c9ecec9f925f545ff1a71a5eb1ab0 7878 sound optional wildmidi_0.4.2-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlpRY0dfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hku9YP/3jJPRMqdR8+pfTHvBlJZba8FasLDibazL7K
Sa+Mot4vQLIR+82vIddlEozZfcYwDWiIwpGNdg+qoGB1/0aOZn+Vx1djUccle8nJ
rsbT0bsz6BxYPTVn39E5arL8eDfkXJhoVCMrEHc7w+r73d7yctDhW93310squvZU
CmylwHc2BtJ3orRrJcp7VLXEuo3m+ERrwVc/iAivnXY5aNmJYwZrjVyGZ2PX6doE
aa7WVqIeddDdjVghcXVcWFDKF4GBtSzMAL+56jFKyh5UAvLfZKUAWCJpj6AEiBbI
+WW8WR4m8TbAclFDqgPbGHHRbR0KezJrxjKOm+sKTd+bl9+DPagdAopvBImeusCf
OnwSxGnfQynikI/ht9F/vyp/dPohjAkP2gBCPO7mBVgnCwXLaOc7/VAl8H5VoxbW
UiJA3fBiZIfZhSmaUePePKRPbElILdaeKSJ9iki05kDAB1RUw3SiO+5qwfV/sOQm
MbpARsWo8/ulslT0OysPz8FxiVf7duzB5FOpaq/cd8V79HBpJfXkirTWNty0l6Ma
OwRxnWrULbAsvo93E7PmuKlc85JnG2rYcjD+Z7hTN8gjF3dTO4Gxpvu9Jyd4M3d6
4jAQtcTgRLwces4PqDFWG4KaWEdPvajpkWN1IXMtc1Tc0Ci+HDYBax4sOShLy4d5
EKk2JqiD
=d/V5
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 09 Feb 2018 07:26:27 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 13:01:10 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started