Bug#939735: marked as done (libmysofa: CVE-2019-16091 CVE-2019-16092 CVE-2019-16093 CVE-2019-16094 CVE-2019-16095)

To: IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>
Subject: Bug#939735: marked as done (libmysofa: CVE-2019-16091 CVE-2019-16092 CVE-2019-16093 CVE-2019-16094 CVE-2019-16095)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 07 Dec 2019 19:48:19 +0000
Message-id: <[🔎] handler.939735.D939735.15757480314961.ackdone@bugs.debian.org>
Reply-to: 939735@bugs.debian.org
References: <E1idg2m-000AXe-IX@fasolo.debian.org> <156793286575.19104.2021835623581405996.reportbug@eldamar.local>

Your message dated Sat, 07 Dec 2019 19:47:08 +0000
with message-id <E1idg2m-000AXe-IX@fasolo.debian.org>
and subject line Bug#939735: fixed in libmysofa 0.6~dfsg0-3+deb10u1
has caused the Debian Bug report #939735,
regarding libmysofa: CVE-2019-16091 CVE-2019-16092 CVE-2019-16093 CVE-2019-16094 CVE-2019-16095
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
939735: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939735
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libmysofa: CVE-2019-16091 CVE-2019-16092 CVE-2019-16093 CVE-2019-16094 CVE-2019-16095
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 08 Sep 2019 10:54:25 +0200
Message-id: <156793286575.19104.2021835623581405996.reportbug@eldamar.local>

Source: libmysofa
Version: 0.7~dfsg0-1
Severity: grave
Tags: security upstream
Justification: user security hole

Hi,

The following vulnerabilities were published for libmysofa.

CVE-2019-16091[0]:
| Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in
| hdf/fractalhead.c.


CVE-2019-16092[1]:
| Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in
| hrtf/reader.c.


CVE-2019-16093[2]:
| Symonics libmysofa 0.7 has an invalid write in
| readOHDRHeaderMessageDataLayout in hdf/dataobject.c.


CVE-2019-16094[3]:
| Symonics libmysofa 0.7 has an invalid read in
| readOHDRHeaderMessageDataLayout in hdf/dataobject.c.


CVE-2019-16095[4]:
| Symonics libmysofa 0.7 has an invalid read in getDimension in
| hrtf/reader.c.

Fixes seem all included in the range at [5].

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-16091
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16091
[1] https://security-tracker.debian.org/tracker/CVE-2019-16092
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16092
[2] https://security-tracker.debian.org/tracker/CVE-2019-16093
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16093
[3] https://security-tracker.debian.org/tracker/CVE-2019-16094
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16094
[4] https://security-tracker.debian.org/tracker/CVE-2019-16095
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16095
[5] https://github.com/hoene/libmysofa/compare/f571522...e07edb3

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

To: 939735-close@bugs.debian.org
Subject: Bug#939735: fixed in libmysofa 0.6~dfsg0-3+deb10u1
From: IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>
Date: Sat, 07 Dec 2019 19:47:08 +0000
Message-id: <E1idg2m-000AXe-IX@fasolo.debian.org>

Source: libmysofa
Source-Version: 0.6~dfsg0-3+deb10u1

We believe that the bug you reported is fixed in the latest version of
libmysofa, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 939735@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org> (supplier of updated libmysofa package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 18 Sep 2019 13:44:59 +0200
Source: libmysofa
Architecture: source
Version: 0.6~dfsg0-3+deb10u1
Distribution: buster
Urgency: high
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>
Closes: 939735
Changes:
 libmysofa (0.6~dfsg0-3+deb10u1) buster; urgency=high
 .
   * Backport security fixes (Closes: #939735)
     * CVE-2019-16091
     * CVE-2019-16092
     * CVE-2019-16093
     * CVE-2019-16094
     * CVE-2019-16095
     * misc security fixes that have no CVE assigned
Checksums-Sha1:
 4e1becdd9cc34453d2b2546b0a143484a727a300 2194 libmysofa_0.6~dfsg0-3+deb10u1.dsc
 cb7d8401c8e9e5ecf0cd82afa8aed615351070b3 18020 libmysofa_0.6~dfsg0-3+deb10u1.debian.tar.xz
 1c4485c52592a8c837179890b48f67a2069e0d6a 7687 libmysofa_0.6~dfsg0-3+deb10u1_amd64.buildinfo
Checksums-Sha256:
 7f3ba82dd576e3c710372959a28e8877aa10a2a9688be0b6d46d991486d22bf2 2194 libmysofa_0.6~dfsg0-3+deb10u1.dsc
 0e25258791152287da6c652c3ea36cebad36fb1ec9b463fe0d9066a99079b3a2 18020 libmysofa_0.6~dfsg0-3+deb10u1.debian.tar.xz
 55767bd261a7b74d2261268040e9061e423626419562053e77802a53cd5550d9 7687 libmysofa_0.6~dfsg0-3+deb10u1_amd64.buildinfo
Files:
 8052833d5bf26525eb0532324f9856a7 2194 devel optional libmysofa_0.6~dfsg0-3+deb10u1.dsc
 8cd744c32f83a46da31739bd6e4e9df5 18020 devel optional libmysofa_0.6~dfsg0-3+deb10u1.debian.tar.xz
 3ee9d3884268ab4f0e5f86a5f1ea475f 7687 devel optional libmysofa_0.6~dfsg0-3+deb10u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEdAXnRVdICXNIABVttlAZxH96NvgFAl2CGYQACgkQtlAZxH96
Nvh4rhAAigfYMlc7O7+5uUri+Bkv0hCAW98YT+MO3uqdhND7/CktjwgJw3DnYGTd
3OSws45Ss83xB+QoL8gOIoFDSq2BOgqQStwC89eyhpZOKgARdrn6tvaOQIr6lErP
vh5rXE5XsNjDbpHx87WRFGTXs8CpVUKZb+fwwey/EK23kQVG3a7b9T+kDUBB3Yol
ULgk9cA057026fa2JhlIjmERYX2VNSqIN3XtGTzSYzRrQiNTNa3iN54hRN46ScKD
hYMtHqpOAj7/DVrz7xVwBR3ig2NL2P00bNxEobQloFpyTZw1djaoF6c2+iW5kRq8
Ah39EjI8pDgKxryX6G82So16AuDDUs/unXw0dBb/hIkrPh5as+RCbvzPePeWNjc7
jzjqbSSHt50bwzenINqoXW0qTlQq21Y0egBpGB6T/f6ZjlntCZs/uPQh6NnzISUQ
DRCJZOjajS8Ud/xOQK7G29axTgAEXBFGHCUIfhPGPCviTJKw7Fk26DMWcUqURP4C
VPrDUluvQARWkWTyIrtCqrzioEsXp5ivHRcEhR6TTzYBzNeGmBBLOV8JgUCvDJRM
gA5m1flUcqZ074fPyjYjAMPVR6Ndj09UoqNlChgj5Z+ZEP/JAcdib0dh3JCv60mz
6LWyUF1qOQNvNveHoT+Gq+iuwGmiEISoOylZ1Vo6P+reMjyvNKo=
=LvnB
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#946334: pd-mrpeach FTCBFS: uses build architecture build tools
Next by Date: libmysofa_0.6~dfsg0-3+deb10u1_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Previous by thread: Bug#946334: pd-mrpeach FTCBFS: uses build architecture build tools
Next by thread: libmysofa_0.6~dfsg0-3+deb10u1_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Index(es):
- Date
- Thread