GNU bug report logs -
#36909
CVE-2017-837{2,3,4} patches for libmad from Debian
Previous Next
Reported by: marit <at> secmail.pro
Date: Sat, 3 Aug 2019 15:18:02 UTC
Severity: important
Tags: security
Merged with 36910
Done: Mark H Weaver <mhw <at> netris.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 36909 in the body.
You can then email your comments to 36909 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
help-debbugs <at> gnu.org:
bug#36909; Package
libmad.
(Sat, 03 Aug 2019 15:18:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
marit <at> secmail.pro:
New bug report received and forwarded. Copy sent to
help-debbugs <at> gnu.org.
(Sat, 03 Aug 2019 15:18:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Package: libmad
Version: 0.15.1b
Tags: security
Severity: important
Hello!
I think that package "libmad" should be updated to include fixes for the
following vulnerabilities:
https://security-tracker.debian.org/tracker/CVE-2017-8372,
https://security-tracker.debian.org/tracker/CVE-2017-8373,
https://security-tracker.debian.org/tracker/CVE-2017-8374.
This can be done by applying md_size.diff from Debian and replacing
libmad-frame-length.patch with length-check.diff from Debian.
Merged 36909 36910.
Request was from
marit <at> secmail.pro
to
control <at> debbugs.gnu.org.
(Sat, 03 Aug 2019 17:47:01 GMT)
Full text and
rfc822 format available.
Merged 36909 36910.
Request was from
Glenn Morris <rgm <at> gnu.org>
to
control <at> debbugs.gnu.org.
(Sat, 03 Aug 2019 17:48:02 GMT)
Full text and
rfc822 format available.
bug reassigned from package 'libmad' to 'guix'.
Request was from
Glenn Morris <rgm <at> gnu.org>
to
control <at> debbugs.gnu.org.
(Sat, 03 Aug 2019 17:49:02 GMT)
Full text and
rfc822 format available.
bug No longer marked as found in versions 0.15.1b.
Request was from
Glenn Morris <rgm <at> gnu.org>
to
control <at> debbugs.gnu.org.
(Sat, 03 Aug 2019 17:49:02 GMT)
Full text and
rfc822 format available.
Reply sent
to
Mark H Weaver <mhw <at> netris.org>:
You have taken responsibility.
(Tue, 06 Aug 2019 07:29:03 GMT)
Full text and
rfc822 format available.
Notification sent
to
marit <at> secmail.pro:
bug acknowledged by developer.
(Tue, 06 Aug 2019 07:29:03 GMT)
Full text and
rfc822 format available.
Message #18 received at 36909-done <at> debbugs.gnu.org (full text, mbox):
Hi,
marit <at> secmail.pro wrote:
> I think that package "libmad" should be updated to include fixes for the
> following vulnerabilities:
> https://security-tracker.debian.org/tracker/CVE-2017-8372,
> https://security-tracker.debian.org/tracker/CVE-2017-8373,
> https://security-tracker.debian.org/tracker/CVE-2017-8374.
> This can be done by applying md_size.diff from Debian and replacing
> libmad-frame-length.patch with length-check.diff from Debian.
I've applied the updates that you recommended in commit
aac6c53a7bc9a8d22e88a490ebc99ec79d64a05b on our 'master' branch.
Thanks very much for bringing this to our attention.
Best,
Mark
Reply sent
to
Mark H Weaver <mhw <at> netris.org>:
You have taken responsibility.
(Tue, 06 Aug 2019 07:29:04 GMT)
Full text and
rfc822 format available.
Notification sent
to
marit <at> secmail.pro:
bug acknowledged by developer.
(Tue, 06 Aug 2019 07:29:04 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Tue, 03 Sep 2019 11:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 4 years and 258 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.