Bug#982597: marked as done (libebml: CVE-2021-3405)

To: Sebastian Ramacher <sramacher@debian.org>
Subject: Bug#982597: marked as done (libebml: CVE-2021-3405)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sun, 21 Feb 2021 14:27:02 +0000
Message-id: <[🔎] handler.982597.D982597.16139173521010.ackdone@bugs.debian.org>
Reply-to: 982597@bugs.debian.org
References: <E1lDpcz-0005gY-Rw@fasolo.debian.org> <[🔎] 161312053155.137979.14470034755466545121.reportbug@eldamar.lan>

Your message dated Sun, 21 Feb 2021 14:22:29 +0000
with message-id <E1lDpcz-0005gY-Rw@fasolo.debian.org>
and subject line Bug#982597: fixed in libebml 1.4.2-1
has caused the Debian Bug report #982597,
regarding libebml: CVE-2021-3405
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
982597: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982597
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libebml: CVE-2021-3405
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 12 Feb 2021 10:02:11 +0100
Message-id: <[🔎] 161312053155.137979.14470034755466545121.reportbug@eldamar.lan>

Source: libebml
Version: 1.4.1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/Matroska-Org/libebml/issues/74
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for libebml.

CVE-2021-3405[0].

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-3405
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3405
[1] https://github.com/Matroska-Org/libebml/issues/74

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

To: 982597-close@bugs.debian.org
Subject: Bug#982597: fixed in libebml 1.4.2-1
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sun, 21 Feb 2021 14:22:29 +0000
Message-id: <E1lDpcz-0005gY-Rw@fasolo.debian.org>
Reply-to: Sebastian Ramacher <sramacher@debian.org>

Source: libebml
Source-Version: 1.4.2-1
Done: Sebastian Ramacher <sramacher@debian.org>

We believe that the bug you reported is fixed in the latest version of
libebml, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 982597@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Ramacher <sramacher@debian.org> (supplier of updated libebml package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 21 Feb 2021 14:55:06 +0100
Source: libebml
Architecture: source
Version: 1.4.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Sebastian Ramacher <sramacher@debian.org>
Closes: 982597
Changes:
 libebml (1.4.2-1) unstable; urgency=medium
 .
   * Team upload
   * New upstream release
     - Fix heap buffer overflows (CVE-2021-3405) (Closes: #982597)
Checksums-Sha1:
 c46711f7f34ad707f13fec2d4abb9e0c69326123 2093 libebml_1.4.2-1.dsc
 a5e545d1bf22abf8b6722f4bc2d2034bb61b2d46 70484 libebml_1.4.2.orig.tar.xz
 10dbfecefab0688998d32204a70203eb5fc4ef2c 5500 libebml_1.4.2-1.debian.tar.xz
Checksums-Sha256:
 3fbf54fd37f247ca8815c08cd0151370aab18e9acd898253349c0b39dcbfc1e5 2093 libebml_1.4.2-1.dsc
 41c7237ce05828fb220f62086018b080af4db4bb142f31bec0022c925889b9f2 70484 libebml_1.4.2.orig.tar.xz
 f6ab9d7845db572fd0460f36ab7072a87081df13bc49f8c579e2815bf7a0d172 5500 libebml_1.4.2-1.debian.tar.xz
Files:
 4beff965e3e018df01fe94e6ad5b2e94 2093 devel optional libebml_1.4.2-1.dsc
 194095f4315334fcedacb4900c59c014 70484 devel optional libebml_1.4.2.orig.tar.xz
 3aa411e3c940446e8b2319793e56884d 5500 devel optional libebml_1.4.2-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAmAyZywACgkQafL8UW6n
GZOKSw//SVg330MmR26V8Uyplm10Qjb4BnULl09ENt5x3CF/Ke0jeBt2eFXG1fg/
CFnscqmsgT49YBhv7R2dqgko9uM394BNURwRDbc9rWO/sEz2PdWh2/+sjpC49kux
AY4ZVNCI6R5jo/hjwnWLw7C47il/9ea17eOIWLkAS7X78s905jdsKNH7NLJ/J5fl
PFmYZMeztTCRMpf5fmll2sSqcSno1EyJKQDrbysXSgf9T4nfu5xATnbL97JJpMLI
Rp38n++tq+cSyumsMtFbhsdCJ5zFjK4ZhOsl7RKBPibv2ZpfZyRrUrjVvjsrwfze
fjEC2XpRbTjmbQAJTFVh8/JWWxxPWHsYw2w5ejw7cCKpCp4ZtW6s0ow2BZyJb1wf
zRbDMYfnAPkHwRQRjlzbVbTqDQhWtjmefkgkanMouovWn/3r9khDuj8JDa6lUuWc
R/MXrJYEcqm6b8HcZdwHEgN01+FCTsyDmwh7Qv/JqNKIKTRIp26LFo3wpMylhXFA
ML4PRNncJ9DO+v8H948PHNWTu2ROT24Q5zX5niLE1F5PJZ/U3VmG+SPIvxvt6eVW
gwMqf/byGAtxWX0iaVw+LDRcXq2ysPqYzxQYkKfEQPEzaTmqnrE7vDFCj8kjnNYz
tB8rKmfJyiBPHqNR+AoeLXYh+Cbp7B7jFCAC2pt5LBfsf8eyQMY=
=FPw7
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#982597: libebml: CVE-2021-3405
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Processing of libebml_1.4.2-1_source.changes
Next by Date: libebml_1.4.2-1_source.changes ACCEPTED into unstable
Previous by thread: Bug#982597: libebml: CVE-2021-3405
Next by thread: Processed: severity of 980219 is serious
Index(es):
- Date
- Thread