GNU bug report logs

#36910 CVE patches for libmad

PackageSource(s)Maintainer(s)
guix PTS Buildd Popcon
Reply or subscribe to this bug. View this bug as an mbox, status mbox, or maintainer mbox

Report forwarded to help-debbugs@gnu.org:
bug#36910; Package libmad. (Sat, 03 Aug 2019 15:18:03 GMT) (full text, mbox, link).


Acknowledgement sent to marit@secmail.pro:
New bug report received and forwarded. Copy sent to help-debbugs@gnu.org. (Sat, 03 Aug 2019 15:18:03 GMT) (full text, mbox, link).


Message #5 received at submit@debbugs.gnu.org (full text, mbox, reply):

From: marit@secmail.pro
To: bug-guix@gnu.org
Subject: CVE patches for libmad
Date: Sat, 3 Aug 2019 05:56:31 -0700
Package: libmad
Version: 0.15.1b
Tags: security
Severity: important

Hello!

I think that package "libmad" should be updated to include fixes for the
following vulnerabilities: CVE-2017-8372, CVE-2017-8373, CVE-2017-8374.
This can be done by applying md_size.diff and replacing
libmad-frame-length.patch with length-check.diff (*.diff are from Debian
GNU/Linux).

Best regards!







Merged 36909 36910. Request was from marit@secmail.pro to control@debbugs.gnu.org. (Sat, 03 Aug 2019 17:47:01 GMT) (full text, mbox, link).


Merged 36909 36910. Request was from Glenn Morris <rgm@gnu.org> to control@debbugs.gnu.org. (Sat, 03 Aug 2019 17:48:02 GMT) (full text, mbox, link).


bug reassigned from package 'libmad' to 'guix'. Request was from Glenn Morris <rgm@gnu.org> to control@debbugs.gnu.org. (Sat, 03 Aug 2019 17:49:02 GMT) (full text, mbox, link).


bug No longer marked as found in versions 0.15.1b. Request was from Glenn Morris <rgm@gnu.org> to control@debbugs.gnu.org. (Sat, 03 Aug 2019 17:49:02 GMT) (full text, mbox, link).


bug archived. Request was from Debbugs Internal Request <help-debbugs@gnu.org> to internal_control@debbugs.gnu.org. (Tue, 03 Sep 2019 11:24:04 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Sat Nov 2 04:33:24 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.