Debian Bug report logs -
#927672
CVE-2019-11372 CVE-2019-11373
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Chow Loong Jin <hyperair@debian.org>:
Bug#927672; Package src:libmediainfo.
(Sat, 20 Apr 2019 22:03:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Chow Loong Jin <hyperair@debian.org>.
(Sat, 20 Apr 2019 22:03:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: libmediainfo
Severity: important
Tags: security
Please see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11372
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11373
Cheers,
Moritz
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Sun, 21 Apr 2019 06:18:05 GMT) (full text, mbox, link).
Added tag(s) fixed-upstream.
Request was from debian-bts-link@lists.debian.org
to control@bugs.debian.org.
(Thu, 25 Apr 2019 19:30:10 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Chow Loong Jin <hyperair@debian.org>:
Bug#927672; Package src:libmediainfo.
(Mon, 03 Jun 2019 20:39:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Mühlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Chow Loong Jin <hyperair@debian.org>.
(Mon, 03 Jun 2019 20:39:03 GMT) (full text, mbox, link).
Message #16 received at 927672@bugs.debian.org (full text, mbox, reply):
On Sun, Apr 21, 2019 at 12:00:08AM +0200, Moritz Muehlenhoff wrote:
> Source: libmediainfo
> Severity: important
> Tags: security
>
> Please see
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11372
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11373
What's the status, can we get that fixed for buster?
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org:
Bug#927672; Package src:libmediainfo.
(Tue, 04 Jun 2019 08:54:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Chow Loong Jin <hyperair@debian.org>:
Extra info received and forwarded to list.
(Tue, 04 Jun 2019 08:54:03 GMT) (full text, mbox, link).
Message #21 received at 927672@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Mon, Jun 03, 2019 at 10:36:48PM +0200, Moritz Mühlenhoff wrote:
> On Sun, Apr 21, 2019 at 12:00:08AM +0200, Moritz Muehlenhoff wrote:
> > Source: libmediainfo
> > Severity: important
> > Tags: security
> >
> > Please see
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11372
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11373
>
> What's the status, can we get that fixed for buster?
Looks like the fix is upstream. I can backport the patch to buster.
--
Kind regards,
Loong Jin
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Chow Loong Jin <hyperair@debian.org>:
Bug#927672; Package src:libmediainfo.
(Tue, 04 Jun 2019 09:18:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Chow Loong Jin <hyperair@debian.org>.
(Tue, 04 Jun 2019 09:18:03 GMT) (full text, mbox, link).
Message #26 received at 927672@bugs.debian.org (full text, mbox, reply):
On Tue, Jun 04, 2019 at 04:50:38PM +0800, Chow Loong Jin wrote:
> On Mon, Jun 03, 2019 at 10:36:48PM +0200, Moritz Mühlenhoff wrote:
> > On Sun, Apr 21, 2019 at 12:00:08AM +0200, Moritz Muehlenhoff wrote:
> > > Source: libmediainfo
> > > Severity: important
> > > Tags: security
> > >
> > > Please see
> > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11372
> > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11373
> >
> > What's the status, can we get that fixed for buster?
>
> Looks like the fix is upstream. I can backport the patch to buster.
Sounds good, thanks.
Cheers,
Moritz
Reply sent
to Chow Loong Jin <hyperair@debian.org>:
You have taken responsibility.
(Thu, 06 Jun 2019 03:06:04 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Thu, 06 Jun 2019 03:06:04 GMT) (full text, mbox, link).
Message #31 received at 927672-close@bugs.debian.org (full text, mbox, reply):
Source: libmediainfo
Source-Version: 19.04+dfsg-1
We believe that the bug you reported is fixed in the latest version of
libmediainfo, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 927672@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chow Loong Jin <hyperair@debian.org> (supplier of updated libmediainfo package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 04 Jun 2019 17:28:55 +0800
Source: libmediainfo
Binary: libmediainfo-dev libmediainfo-doc libmediainfo0v5 libmediainfo0v5-dbgsym python-mediainfodll python3-mediainfodll
Architecture: source amd64 all
Version: 19.04+dfsg-1
Distribution: experimental
Urgency: medium
Maintainer: Chow Loong Jin <hyperair@debian.org>
Changed-By: Chow Loong Jin <hyperair@debian.org>
Description:
libmediainfo-dev - library reading metadata from media files -- headers
libmediainfo-doc - library for reading metadata from media files -- documentation
libmediainfo0v5 - library for reading metadata from media files -- shared library
python-mediainfodll - library for reading metadata from media files -- shared library
python3-mediainfodll - library for reading metadata from media files -- shared library
Closes: 927672
Changes:
libmediainfo (19.04+dfsg-1) experimental; urgency=medium
.
* [b66ebc0] New upstream version 19.04:
- Fixes CVE-2019-11372 and CVE-2019-11373 (Closes: #927672)
* [a168b74] Drop pre-compiled binary in source tarball
* [c4c1be6] Add +dfsg bits to debian/watch
* [5bdc58e] New upstream version 19.04+dfsg
Checksums-Sha1:
9167e29ba8639240f29b83821b253873ff55ccf0 2416 libmediainfo_19.04+dfsg-1.dsc
f741d02331dda9e8c43c658acb5f1e57eb9eb88e 2406202 libmediainfo_19.04+dfsg.orig.tar.gz
a09ab574ebe62390d5c494ee21ce91e3816788e9 9648 libmediainfo_19.04+dfsg-1.debian.tar.xz
0db165ac39ea7aec17990ffcfe884ee9a3f5565b 26072 libmediainfo-dev_19.04+dfsg-1_amd64.deb
fa214aa6a9b85a0144b85feb35633d055cd9e7c1 107660 libmediainfo-doc_19.04+dfsg-1_all.deb
4cc565564e794fa9cc53a5d3e336249ebf014635 47755516 libmediainfo0v5-dbgsym_19.04+dfsg-1_amd64.deb
bf615d5d00140d4a985134afb5112ebbb1e4bc2c 2038292 libmediainfo0v5_19.04+dfsg-1_amd64.deb
6817c312fc4aa481549275db7d3f1b4ba1b6c794 9520 libmediainfo_19.04+dfsg-1_amd64.buildinfo
27094a5f37c87573338adcc35671162d72c82682 15864 python-mediainfodll_19.04+dfsg-1_all.deb
5fecc1ef35cba12553eff275405458b47237d772 15856 python3-mediainfodll_19.04+dfsg-1_all.deb
Checksums-Sha256:
9629c2c4c321fa90cfa727c5628c02035ac3514b287443f072b7d8c7722865f4 2416 libmediainfo_19.04+dfsg-1.dsc
3a4c772e63d608b4d5873ed13da319928b351f0913999976e0c2b0916fe80853 2406202 libmediainfo_19.04+dfsg.orig.tar.gz
d63474b208154c01a550320d9aa1d3249cdb0f6f5371b57ca1b36aba97c8ee01 9648 libmediainfo_19.04+dfsg-1.debian.tar.xz
64fd06f73d1f0aa355af2a896b2906794010055ce76203406112410d4bd33600 26072 libmediainfo-dev_19.04+dfsg-1_amd64.deb
fe6513e17ac76b463ac941b7bd84e9be9c879265753f85525cc878149bce8e11 107660 libmediainfo-doc_19.04+dfsg-1_all.deb
1c32c36474e9d7b25c6d6e5302c259182a6849e0a0387eddf977b24cfefb022a 47755516 libmediainfo0v5-dbgsym_19.04+dfsg-1_amd64.deb
96ac3f881503826f06620a04a79cb54d47172e93ec6e28f33417a95a74b55da0 2038292 libmediainfo0v5_19.04+dfsg-1_amd64.deb
4778a7a0e9cbd71104dc405c44309312737e0c9c34f65359a1118f67e5686e67 9520 libmediainfo_19.04+dfsg-1_amd64.buildinfo
c2323af289fe3784bd201e2e3789ceb848d14228df88d710ff5278e57d5ed814 15864 python-mediainfodll_19.04+dfsg-1_all.deb
1820eecc1e1c9bd0c64804f33b36d88803726a8967ce1d146f68adf5de793aab 15856 python3-mediainfodll_19.04+dfsg-1_all.deb
Files:
40403e87b95b3f90e016317c27b96b18 2416 libs optional libmediainfo_19.04+dfsg-1.dsc
a9386fe8e59bf28d60764826880b0122 2406202 libs optional libmediainfo_19.04+dfsg.orig.tar.gz
bd910db41566a7b9e5a2ece5594290fa 9648 libs optional libmediainfo_19.04+dfsg-1.debian.tar.xz
057b9640eca9b6b9ad0602800e9e5a66 26072 libdevel optional libmediainfo-dev_19.04+dfsg-1_amd64.deb
0f1768bef4ca21fdf8e93c738904d06a 107660 doc optional libmediainfo-doc_19.04+dfsg-1_all.deb
58071b69ce07ece783d057f6f16d096c 47755516 debug optional libmediainfo0v5-dbgsym_19.04+dfsg-1_amd64.deb
ee836336ead9acfd9af5c4c4f264b96b 2038292 libs optional libmediainfo0v5_19.04+dfsg-1_amd64.deb
94a2d29841f35bdd0d3bc1582fb32e18 9520 libs optional libmediainfo_19.04+dfsg-1_amd64.buildinfo
f07fd040e27e4504a44bf997f19f6b3d 15864 python optional python-mediainfodll_19.04+dfsg-1_all.deb
86822975ea4be4bedd034c5ae820c813 15856 python optional python3-mediainfodll_19.04+dfsg-1_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEEuDQnfs/9/dZ027Q+9UiW1iHUqEFAlz4fHQACgkQ+9UiW1iH
UqGYFQ//dJ5V/YOpY8QONoO0L0o2fo2hHCpTckouJSKl5k0No/+V1Zd9VyD81fVs
u2WAQlMlOB5zdsqPMB1MDj0ee9SsmthqLiiy49cBGt0CHY5wShPty4gbuqFBa1Nw
uuBZhyiiQQrFB4Sp1WeQIgOs/HpTKltba+6pxgzcugM/Uu8t5lsl6POgj3sRMB+f
zlybWej4rIgi5sAfcm4U/9QumKa4wazwiNF5Yv8EJH1ZdYUDympbSKIZco15SijN
Xm5Te2o+PaNyF9WOljIjo85gI1IQRtG9dcGbKMLOl6XsRbvw8qffestEXxDdTqnn
CsBKpK17Pg6HIgUpUt8ROCEQs2boi5xkwEN1bWM8Sju82MEjDQWKTZ5XDbZFyjtF
vQujRjbUW3QXt/tYtkDmmhyWvns8vqSLnzFj06eBMU58LQOvjuXh6clrwsQwFr4z
3qF8NZvNPBzw9vxMRk3CCEh88tRfT2IambX1w+GTWv92J2NoN8nMYhJGbpYaGMtw
iHoilVzInXYcAWeq0GyR4ZLqBz3eJpew36x/mg6FYPkBV2Po7lWEFpwTv90xGkAL
5Q02WlxdhI4mDtNtZNG7TsPseFoyT5b2cvmZr0RVcw4MABEMA5IqUTZ+kBmMGq0+
W+IzuUJbmQduKHpkb9n7LLuo/KTXVYyKGcCpJbN8MtBpp1KTDCo=
=n+qE
-----END PGP SIGNATURE-----
Reply sent
to Chow Loong Jin <hyperair@debian.org>:
You have taken responsibility.
(Sat, 08 Jun 2019 09:54:04 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Sat, 08 Jun 2019 09:54:04 GMT) (full text, mbox, link).
Message #36 received at 927672-close@bugs.debian.org (full text, mbox, reply):
Source: libmediainfo
Source-Version: 18.12-2
We believe that the bug you reported is fixed in the latest version of
libmediainfo, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 927672@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chow Loong Jin <hyperair@debian.org> (supplier of updated libmediainfo package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 06 Jun 2019 11:18:32 +0800
Source: libmediainfo
Binary: libmediainfo-dev libmediainfo-doc libmediainfo0v5 libmediainfo0v5-dbgsym python-mediainfodll python3-mediainfodll
Architecture: source amd64 all
Version: 18.12-2
Distribution: unstable
Urgency: medium
Maintainer: Chow Loong Jin <hyperair@debian.org>
Changed-By: Chow Loong Jin <hyperair@debian.org>
Description:
libmediainfo-dev - library reading metadata from media files -- headers
libmediainfo-doc - library for reading metadata from media files -- documentation
libmediainfo0v5 - library for reading metadata from media files -- shared library
python-mediainfodll - library for reading metadata from media files -- shared library
python3-mediainfodll - library for reading metadata from media files -- shared library
Closes: 927672
Changes:
libmediainfo (18.12-2) unstable; urgency=medium
.
* [c030466] Backport fix for CVE-2019-11372 CVE-2019-11373 (Closes: #927672)
Checksums-Sha1:
32501cf3474d8e57bd021a66fd2832366da51840 2384 libmediainfo_18.12-2.dsc
c6eeb786a582354346103bb1ce203739938eb80d 10588 libmediainfo_18.12-2.debian.tar.xz
b2086ce2571fd70ea02c38522302ee6f297d9ecd 25960 libmediainfo-dev_18.12-2_amd64.deb
20d79861764dc57e1aa935d0a0ad02e8faa24fdc 107520 libmediainfo-doc_18.12-2_all.deb
b321f4c23e0b44b799f6f669e026a6ca28621212 47156436 libmediainfo0v5-dbgsym_18.12-2_amd64.deb
44925722c16dde98d08e9edf73de8e09997dfc50 2002672 libmediainfo0v5_18.12-2_amd64.deb
5c588ee40c44235613ef11abc30f4dfa615905ef 9583 libmediainfo_18.12-2_amd64.buildinfo
61296361a9f7b24802851ef44fd781bc8393357c 15744 python-mediainfodll_18.12-2_all.deb
c646a9f73abde766a6492f6c9578e52ef69aa2de 15752 python3-mediainfodll_18.12-2_all.deb
Checksums-Sha256:
8b62aa823b23289ab61f7d697e1eec0964fe44735c1a4437544fb10c4a4c52a0 2384 libmediainfo_18.12-2.dsc
576eb05e26418fb69b8c85b42163c14f00d20e0049325e3f8ff748290435b768 10588 libmediainfo_18.12-2.debian.tar.xz
141eb15414519ee1b6d26cb960d47d12a125b66f2c190dd98f35902c7c40284e 25960 libmediainfo-dev_18.12-2_amd64.deb
78bcab9ce694bcf53621cfbe697c02e8f5c1514735d6315f0e3fb7ad02d94a0c 107520 libmediainfo-doc_18.12-2_all.deb
bce7cd36a5cd67193c35dbecac78886e6c0823452d42eb063ec01f3311079c98 47156436 libmediainfo0v5-dbgsym_18.12-2_amd64.deb
17ba8957123386c3a347d4c6649dab812ae5aabe5c4a1a29f3427e4d4f035a82 2002672 libmediainfo0v5_18.12-2_amd64.deb
144051aae2f881415b91fb53b0622133173258b5c1ec0830d578c57aca4f4273 9583 libmediainfo_18.12-2_amd64.buildinfo
cf09cf6f7ee65e0c812f04bd55d0c2ae2ac8af63f13d6424735c0da6d96dcf13 15744 python-mediainfodll_18.12-2_all.deb
c93ba8fc3f3e02e69cacbd26817d6f33899273bddf248fe2e914ad15955c4bb2 15752 python3-mediainfodll_18.12-2_all.deb
Files:
646b2d0f97d9a759735b5e370c977fcd 2384 libs optional libmediainfo_18.12-2.dsc
ae4f2ce0714450c67326e01430474868 10588 libs optional libmediainfo_18.12-2.debian.tar.xz
02eaa7c488711c1edb7d57171ff8820a 25960 libdevel optional libmediainfo-dev_18.12-2_amd64.deb
35d3a2a784fbbcccff7ace6bff2b4d85 107520 doc optional libmediainfo-doc_18.12-2_all.deb
f6651859ff1de950dad67aca70e076f1 47156436 debug optional libmediainfo0v5-dbgsym_18.12-2_amd64.deb
d71dee4dab8758ab243e37b1264f1f52 2002672 libs optional libmediainfo0v5_18.12-2_amd64.deb
0a83eeca9cfc045dcbc2a68c074d1b9a 9583 libs optional libmediainfo_18.12-2_amd64.buildinfo
04efc98a1c57a68f7b60af42252fa849 15744 python optional python-mediainfodll_18.12-2_all.deb
7ea6750f86d48365beadea1ae68134a0 15752 python optional python3-mediainfodll_18.12-2_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEEuDQnfs/9/dZ027Q+9UiW1iHUqEFAlz6HvAACgkQ+9UiW1iH
UqGnyA//Q/BaArjtdhZGQUKt0mYKDWXQFQu074l3do7cJRg3Nw/qVEZNqiSt9yos
HOzCu0K6fqshYjKOdpxEYRhYA29i7Ni2c5P1Sni6yjNtGIxMhZPHY+dy87m2FCnC
1g1dORgHxS6sGCLXDDb373UMQQaoSUQcQzcssJVvebk0rVPsZiP0sLkxMSbMaOpP
jPMBriG4IR2T4g7vlsG70ya/zJWVVGp7ebyOzoLZA7FT7wZ9TBXdj1xBVnLf7Fn2
mMhNb119Lzvb547fr3l/ehSPDEOLLmeLqqGI/hU+6p1QRCYTROfySgfQLxa0k24A
Z5KlLVpW0sfBnbebyrBRNAFN2+S0lHWPek7oONDgOEadCs4U+ivQW+WY5eKYw11f
ZNIX/i0G+xfnswF74P9xE9ROiJwRFYWu/WDDnKxdKySSMPICF67EGsZBSuqEaHxB
Mqih9XgoSb07pFnVsKUcbfz5N6OV5GZCSyrtdK2lRVCuLWLLxaL76c0T569uscI9
1UWI+XBvA/LfcnzFSJHnquvIMjpkHDNTttP8eGHcy7jhT67KJ9nOKK7rCqWnnkxF
Fdh7SIpp0UF6t7rJKANY5hxwQPquVzfrd+TV9LS/b8c6Olceru2dFEcsUsiX/PuP
3cBqS0eOr0TpuLzRANXiY3oLI9GR6k/4QhM52vCB1B8Danqdo7s=
=8gjp
-----END PGP SIGNATURE-----
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:51:08 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon