Debian Bug report logs -
#910534
adplug: CVE-2018-17825: several double-free vulnerabilities in the CEmuopl class in emuopl.cpp
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Артём Попов <artfwo@ubuntu.com>:
Bug#910534; Package src:adplug.
(Sun, 07 Oct 2018 19:15:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Артём Попов <artfwo@ubuntu.com>.
(Sun, 07 Oct 2018 19:15:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: adplug
Version: 2.2.1+dfsg3-0.4
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/adplug/adplug/issues/67
Hi,
The following vulnerability was published for adplug.
CVE-2018-17825[0]:
| An issue was discovered in AdPlug 2.3.1. There are several double-free
| vulnerabilities in the CEmuopl class in emuopl.cpp because of a
| destructor's two OPLDestroy calls, each of which frees TL_TABLE,
| SIN_TABLE, AMS_TABLE, and VIB_TABLE.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-17825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17825
Regards,
Salvatore
Added tag(s) fixed-upstream.
Request was from debian-bts-link@lists.debian.org
to control@bugs.debian.org.
(Thu, 11 Oct 2018 20:03:13 GMT) (full text, mbox, link).
Reply sent
to Moritz Muehlenhoff <jmm@debian.org>:
You have taken responsibility.
(Fri, 04 Jan 2019 22:51:13 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Fri, 04 Jan 2019 22:51:13 GMT) (full text, mbox, link).
Message #12 received at 910534-close@bugs.debian.org (full text, mbox, reply):
Source: adplug
Source-Version: 2.2.1+dfsg3-1
We believe that the bug you reported is fixed in the latest version of
adplug, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 910534@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Muehlenhoff <jmm@debian.org> (supplier of updated adplug package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 04 Jan 2019 23:15:15 +0100
Source: adplug
Binary: libadplug-2.2.1-0v5 libadplug-dev adplug-utils
Architecture: source amd64
Version: 2.2.1+dfsg3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Moritz Muehlenhoff <jmm@debian.org>
Description:
adplug-utils - free AdLib sound library (utils)
libadplug-2.2.1-0v5 - free AdLib sound library
libadplug-dev - free AdLib sound library (development)
Closes: 910534
Changes:
adplug (2.2.1+dfsg3-1) unstable; urgency=medium
.
* Orphan package, previous maintainer hasn't changed the package
since 2011
* Fix CVE-2018-17825 (Closes: #910534)
Checksums-Sha1:
fa2a9e324897adf6a31375b5ede3568d52962753 1936 adplug_2.2.1+dfsg3-1.dsc
3b80127ee82bf18eefc91bf2235111b586b51aad 6352 adplug_2.2.1+dfsg3-1.debian.tar.xz
3b7176cfdcfb65ad04e649e8f7409eb2b70249d5 47316 adplug-utils-dbgsym_2.2.1+dfsg3-1_amd64.deb
d8730be6dad3185bb52e09d705e6c659e9ab2b93 29532 adplug-utils_2.2.1+dfsg3-1_amd64.deb
e6d4c6c0c07c783b304ada06602e3758c53705d7 6926 adplug_2.2.1+dfsg3-1_amd64.buildinfo
f90eb2ada5c307280c5dccfb2173bf19dd0b8711 1424572 libadplug-2.2.1-0v5-dbgsym_2.2.1+dfsg3-1_amd64.deb
b2c241eb839f4413f22ad66c4f92f28964f23a06 173140 libadplug-2.2.1-0v5_2.2.1+dfsg3-1_amd64.deb
3b6c10a07460f459efd76a2822a3657bd476156f 219604 libadplug-dev_2.2.1+dfsg3-1_amd64.deb
Checksums-Sha256:
52cbaf6ebd717dfdac18743a164f7e1eda8443e5ce499ad9c3294cf7994276ed 1936 adplug_2.2.1+dfsg3-1.dsc
6d69a8a8560a283e4de2c2252fe18c73398cd8fdfa0ef664bfe1474466d6ded9 6352 adplug_2.2.1+dfsg3-1.debian.tar.xz
5526f315c2f8fc718fae8abd106e69cae9004cc2a2eae59497004adde2c8dfa6 47316 adplug-utils-dbgsym_2.2.1+dfsg3-1_amd64.deb
a3d5fea73c87048aa89f5ec415a6b14ccecefb5b0906db67ab927c269b8e31a7 29532 adplug-utils_2.2.1+dfsg3-1_amd64.deb
6d6074d379c70de31b8e3e32e63c996ec2e5e2ca8f190a7d3153febfab8edd8f 6926 adplug_2.2.1+dfsg3-1_amd64.buildinfo
02709d322db2d5f8961a5b46e33b93b5f084b662c3ffe9404fd50e059f9ebb8f 1424572 libadplug-2.2.1-0v5-dbgsym_2.2.1+dfsg3-1_amd64.deb
df6a458294c0535d1fdf7eecbdc127095780fe32235ab78963cab92d6e432a40 173140 libadplug-2.2.1-0v5_2.2.1+dfsg3-1_amd64.deb
094a84aab18748d6493189c695277560840cc099067eee34c4cceeba558c116d 219604 libadplug-dev_2.2.1+dfsg3-1_amd64.deb
Files:
2c35237d0cd7082b14992ee92499ee45 1936 libs optional adplug_2.2.1+dfsg3-1.dsc
2fa0855ab3dc33148b13514159015c06 6352 libs optional adplug_2.2.1+dfsg3-1.debian.tar.xz
b1977b60545edde83f0ab7d069f8ca31 47316 debug optional adplug-utils-dbgsym_2.2.1+dfsg3-1_amd64.deb
299f81ad65ac63dc4e2dbd3676d432c3 29532 utils optional adplug-utils_2.2.1+dfsg3-1_amd64.deb
5f1d0982b6901d2099d187c5b69c3e2d 6926 libs optional adplug_2.2.1+dfsg3-1_amd64.buildinfo
d4e6ff8bcd41b1d058b45dfc1e960501 1424572 debug optional libadplug-2.2.1-0v5-dbgsym_2.2.1+dfsg3-1_amd64.deb
e1c698b827e581745f55c1f7088afdfb 173140 libs optional libadplug-2.2.1-0v5_2.2.1+dfsg3-1_amd64.deb
6b973c6866164336664ed3f544c21948 219604 libdevel optional libadplug-dev_2.2.1+dfsg3-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwv3WsACgkQEMKTtsN8
Tjbp+w/9HBfkQVDA5y9bOCF0NKqCslVbfJ6iOxN2dSX+KCHthivEzsAT7fE5OByC
iyqpYI0a+WdZWS0U+zytU4f7aZMEV85yREZkWNy9aor69OeLSk4rbr6BeXe2N4kI
IECcxwIaiy+CxfKB44KVBQFsbqeGDZgFy9d0AcrV6qeVRbFKVl0VDQLlaGy6QO8P
6Tc+aGrd/JW7A9NPL9L0MNT0aL4uVIBVmIKYgWzBhPw3ytSajZLdVpOOfValPaRH
Otq2I43cADAPnInhYb3k5Lqkdcpjht06bitwen9AVh4WTRXEE1mZEXB9VO9Ruv0x
x1YPj2KlaotbCfs/BXMT1DOKBOk+rAb57WNi4IyfnoUQ1sgRx9X70SWrUIsHuB/z
Tca4uigb/Tne/N1vRnHaf0qSXAXrCEBAu7OkouHcNBjFzWQsWSqghxLjOhwCdZ3O
ygH30VATuvbWBoyxbyHGfFysMWhEG0/WWl2AnZxhNzrnHFdkijhP9SWRc6scIr9S
xbj6AnSKV6LLUASjCC0RDOqjhI2bzIIHsdivcgnoSd4o2/8ZB1RPDtdxcrd1Rde8
QipFPevHXFIclKdiPu9IOZMDIr8hfBi6Go9CoOa0Mvs+OAkgfzzrn5Lz0mRpqFWx
eRSle7opaHRJktyG58HFB5H9y5NeX8S35FwH0ULu1NystjirQdA=
=vhCm
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 07 Feb 2019 07:28:51 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:12:37 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon