#36909 - CVE-2017-837{2,3,4} patches for libmad from Debian

Package	Source(s)		Maintainer(s)
guix		PTS Buildd Popcon

Message #18 received at 36909-done@debbugs.gnu.org (full text, mbox, reply):

Received: (at 36909-done) by debbugs.gnu.org; 6 Aug 2019 07:28:04 +0000
From debbugs-submit-bounces@debbugs.gnu.org Tue Aug 06 03:28:04 2019
Received: from localhost ([127.0.0.1]:36381 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1hutt6-0005lS-17
	for submit@debbugs.gnu.org; Tue, 06 Aug 2019 03:28:04 -0400
Received: from world.peace.net ([64.112.178.59]:45838)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mhw@netris.org>) id 1hutt4-0005ky-9W
 for 36909-done@debbugs.gnu.org; Tue, 06 Aug 2019 03:28:03 -0400
Received: from mhw by world.peace.net with esmtpsa
 (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89)
 (envelope-from <mhw@netris.org>)
 id 1hutsy-0004Xv-7x; Tue, 06 Aug 2019 03:27:56 -0400
From: Mark H Weaver <mhw@netris.org>
To: marit@secmail.pro
Subject: Re: bug#36909: CVE-2017-837{2,3,4} patches for libmad from Debian
In-Reply-To: <30c0beda6f616bb829c4590ee4367f7c.squirrel@giyzk7o6dcunb2ry.onion>
 (marit@secmail.pro's message of "Sat, 3 Aug 2019 05:12:24 -0700")
References: <30c0beda6f616bb829c4590ee4367f7c.squirrel@giyzk7o6dcunb2ry.onion>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
Date: Tue, 06 Aug 2019 03:27:43 -0400
Message-ID: <87sgqen46t.fsf@netris.org>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 36909-done
Cc: 36909-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi,

marit@secmail.pro wrote:

> I think that package "libmad" should be updated to include fixes for the
> following vulnerabilities:
> https://security-tracker.debian.org/tracker/CVE-2017-8372,
> https://security-tracker.debian.org/tracker/CVE-2017-8373,
> https://security-tracker.debian.org/tracker/CVE-2017-8374.
> This can be done by applying md_size.diff from Debian and replacing
> libmad-frame-length.patch with length-check.diff from Debian.

I've applied the updates that you recommended in commit
aac6c53a7bc9a8d22e88a490ebc99ec79d64a05b on our 'master' branch.

Thanks very much for bringing this to our attention.

     Best,
      Mark

Display info messages

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Sun Dec 22 16:17:28 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

#36909 CVE-2017-837{2,3,4} patches for libmad from Debian