GNU bug report logs

#36909 CVE-2017-837{2,3,4} patches for libmad from Debian

PackageSource(s)Maintainer(s)
guix PTS Buildd Popcon
Full log

Message #5 received at submit@debbugs.gnu.org (full text, mbox, reply):

Received: (at submit) by debbugs.gnu.org; 3 Aug 2019 15:17:43 +0000
From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 03 11:17:43 2019
Received: from localhost ([127.0.0.1]:59773 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1htvmw-0007VW-Tt
	for submit@debbugs.gnu.org; Sat, 03 Aug 2019 11:17:43 -0400
Received: from lists.gnu.org ([209.51.188.17]:42562)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <marit@secmail.pro>) id 1htsuA-0002NB-6s
 for submit@debbugs.gnu.org; Sat, 03 Aug 2019 08:12:58 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:53567)
 by lists.gnu.org with esmtp (Exim 4.86_2)
 (envelope-from <marit@secmail.pro>) id 1htsu9-0003YW-Ae
 for bug-guix@gnu.org; Sat, 03 Aug 2019 08:12:58 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_20,RCVD_IN_DNSWL_NONE
 autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <marit@secmail.pro>) id 1htsu8-000891-DV
 for bug-guix@gnu.org; Sat, 03 Aug 2019 08:12:57 -0400
Received: from secmail.pro ([146.185.132.44]:57214)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <marit@secmail.pro>) id 1htsu8-000887-86
 for bug-guix@gnu.org; Sat, 03 Aug 2019 08:12:56 -0400
Received: by secmail.pro (Postfix, from userid 33)
 id 9905CDFFFF; Sat,  3 Aug 2019 11:55:02 +0000 (UTC)
Received: from secmailw453j7piv.onion (localhost [IPv6:::1])
 by secmail.pro (Postfix) with ESMTP id 0FBC9F239E
 for <bug-guix@gnu.org>; Sat,  3 Aug 2019 05:12:24 -0700 (PDT)
Received: from 127.0.0.1 (SquirrelMail authenticated user marit@secmail.pro)
 by giyzk7o6dcunb2ry.onion with HTTP; Sat, 3 Aug 2019 05:12:24 -0700
Message-ID: <30c0beda6f616bb829c4590ee4367f7c.squirrel@giyzk7o6dcunb2ry.onion>
Date: Sat, 3 Aug 2019 05:12:24 -0700
Subject: CVE-2017-837{2,3,4} patches for libmad from Debian
From: marit@secmail.pro
To: bug-guix@gnu.org
User-Agent: SquirrelMail/1.4.22
MIME-Version: 1.0
Content-Type: text/plain;charset=utf-8
X-Priority: 3 (Normal)
Importance: Normal
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 146.185.132.44
X-Spam-Score: -0.9 (/)
X-Debbugs-Envelope-To: submit
X-Mailman-Approved-At: Sat, 03 Aug 2019 11:17:42 -0400
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.8 (--)
Package: libmad
Version: 0.15.1b
Tags: security
Severity: important

Hello!
I think that package "libmad" should be updated to include fixes for the
following vulnerabilities:
https://security-tracker.debian.org/tracker/CVE-2017-8372,
https://security-tracker.debian.org/tracker/CVE-2017-8373,
https://security-tracker.debian.org/tracker/CVE-2017-8374.
This can be done by applying md_size.diff from Debian and replacing
libmad-frame-length.patch with length-check.diff from Debian.





Send a report that this bug log contains spam.


debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Sun Dec 22 16:02:22 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.