Bug#1014713: marked as done (libsndfile: CVE-2021-4156)
Your message dated Tue, 06 Sep 2022 21:21:27 +0000
with message-id <E1oVg0d-00GMKC-H1@fasolo.debian.org>
and subject line Bug#1014713: fixed in libsndfile 1.1.0-1
has caused the Debian Bug report #1014713,
regarding libsndfile: CVE-2021-4156
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
1014713: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014713
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: libsndfile: CVE-2021-4156
- From: Moritz Mühlenhoff <jmm@inutil.org>
- Date: Sun, 10 Jul 2022 19:30:28 +0200
- Message-id: <YssMtLT7mOnNem7p@pisco.westfalen.local>
Source: libsndfile
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libsndfile.
CVE-2021-4156[0]:
| An out-of-bounds read flaw was found in libsndfile's FLAC codec
| functionality. An attacker who is able to submit a specially crafted
| file (via tricking a user to open or otherwise) to an application
| linked with libsndfile and using the FLAC codec, could trigger an out-
| of-bounds read that would most likely cause a crash but could
| potentially leak memory information that could be used in further
| exploitation of other flaws.
https://github.com/libsndfile/libsndfile/issues/731
https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc (1.1.0beta1)
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-4156
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4156
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: libsndfile
Source-Version: 1.1.0-1
Done: IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>
We believe that the bug you reported is fixed in the latest version of
libsndfile, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1014713@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org> (supplier of updated libsndfile package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 06 Sep 2022 22:39:21 +0200
Source: libsndfile
Architecture: source
Version: 1.1.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>
Closes: 1003506 1014713
Changes:
libsndfile (1.1.0-1) unstable; urgency=medium
.
* New upstream version 1.1.0
(contains a fix for CVE-2021-4156)
(Closes: #1014713)
.
[ IOhannes m zmölnig (Debian/GNU) ]
* Drop patches applied upstream
* Update Build-Dependencies for new upstream powers
* Fix FTCBFS: Annotate Build-Depends: python3 with :any.
Thanks to Helmut Grohne <helmut@subdivi.de> (Closes: #1003506)
* libsndfile-dev
* Add patch to fix pkg-config file
* Update docs/install
* Depend on libmpg123-dev
* Demote dependency on pkg-config to Recommends
* Have autopkgtests B-D on pkg-config
* Use execute_after_dh_* instead of override_dh_*
* Add B-D stanza to symbols file
* Update d/copyright
* Refresh d/copyright
* Merge duplicate entries in d/copyright
* Bump dates in d/copyright
* Add missing licenses
* Add 'licensecheck' target
* Generate d/copyright_hints
* Run 'wrap-and-sort -ast'
* Fix d/watch
* Bump standards version to 4.6.1
.
[ Debian Janitor ]
* Remove constraints unnecessary since buster
Checksums-Sha1:
bc943fb2dfa6015ee6841479e5844c0385914135 2513 libsndfile_1.1.0-1.dsc
dd98ff27fb66fbf1ab1e291bc8938449e90778a2 684409 libsndfile_1.1.0.orig.tar.gz
3c47047c29e3dd47cb9e2c3f52673e229285197b 18004 libsndfile_1.1.0-1.debian.tar.xz
Checksums-Sha256:
6bc41955296df5ff5ae80e3577fe27013459c7212db0010b89337e47a40ffcc1 2513 libsndfile_1.1.0-1.dsc
642a876bd61b63f9346628dba5f8a0356a3ad750c7f6f42019d26ce60ba6a15b 684409 libsndfile_1.1.0.orig.tar.gz
c9cf3cf0f1dc82a4d55e39b9edf93d25ee4d5c84c802ad0cc6b2001d760db423 18004 libsndfile_1.1.0-1.debian.tar.xz
Files:
52d380a318113b1b6d1234ea63f1a188 2513 devel optional libsndfile_1.1.0-1.dsc
8abca5a608e88838636fd5f46fd39799 684409 devel optional libsndfile_1.1.0.orig.tar.gz
722df746742e68519d9c2e68e81207fd 18004 devel optional libsndfile_1.1.0-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJKBAEBCAA0FiEEdAXnRVdICXNIABVttlAZxH96NvgFAmMXs2gWHGZvcnVtQHVt
bGFldXRlLm11ci5hdAAKCRC2UBnEf3o2+E8YD/9tk4qwuSbcBU4at3WRc9FgPoZK
JTb3b8QsTF/67NAj0CdVGeLyePJqnm/HTI2N5Qc+MrxPf4dnhYhskNIz/LZEoskJ
rEkObR7htn10XM0/Nq4sBA4f2Ix21DdWoM6i6h773bk5u7nzdKS+bjs13gorjYd/
hhRQYVjI/DbP9KXn15txBUpA+UWyYUqp1eToDb1898lEUova9mOAHw/hRGEyH7ye
ZW0zbKeEt85uVJzHThnCPAlBOAiiuNWhcr4dR/dPzt/4YQzetHvJxAf+jI14rt4l
V51A3apzvbXzxcYq/hwP/q6piiXooxe9O6ZNudHSZtXKTOKXxDySi9bk7ef1oyB/
1UqFHO9ynVocvapG5FuCijB1BUPGFT0hyeM9sewiEx00P4HkxxbSBd0LxYWm6gjk
/YvQND5aY1QRZFG7CsuUmjRjxtRvqLL2JXNosIG1N89eGfNQX7kO37X2BJpHQCCA
CmJ9bANQvSgSQXzsNpyx6OKLQMlLQh4+wLyjvwsq1XpAJQuyrkEbDHMFTebKF98S
1qIJYPsqJECeUyVFJnZ7q9+iVqnIflNSSJ9kD1qG+MwzYzXakO/9qJQvsh1TAStP
g45xCNJsvZ7lY62lQrMkeFPKzqgejOCI61nAZ3xypNJDxwm7h7Oj7LyUoV5iDzS8
PZSrTW7D6EgRM8k05Q==
=CifN
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: