Debian Bug report logs - #446034
CVE-2007-5301 buffer overflow in vorbis input plugin

version graph

Package: alsaplayer; Maintainer for alsaplayer is Paul Brossier <piem@debian.org>;

Reported by: Nico Golde <nion@debian.org>

Date: Wed, 10 Oct 2007 00:06:01 UTC

Severity: grave

Tags: patch, security

Fixed in versions alsaplayer/0.99.80~rc4-1, alsaplayer/0.99.79-3+lenny1, alsaplayer/0.99.76-9+etch1

Done: Devin Carraway <devin@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Hubert Chan <uhoreg@debian.org>:
Bug#446034; Package alsaplayer. Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Hubert Chan <uhoreg@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: submit@bugs.debian.org
Subject: buffer overflow in alsaplayer
Date: Wed, 10 Oct 2007 02:04:24 +0200
[Message part 1 (text/plain, inline)]
Package: alsaplayer
Severity: grave
Tags: security

Hi,
The following was released on:
http://secunia.com/advisories/27117/

| Some vulnerabilities have been reported in AlsaPlayer, which potentially can be
| exploited by malicious people to compromise a user's system.
| 
| The vulnerabilities are caused due to boundary errors in the vorbis input
| plug-in when processing .OGG files. These can be exploited to cause buffer
| overflows via a specially crafted .OGG file with overly long comments.
| 
| Successful exploitation may allow execution of arbitrary code.

Kind regards
Nico

-- 
Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Hubert Chan <uhoreg@debian.org>:
Bug#446034; Package alsaplayer. Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Hubert Chan <uhoreg@debian.org>. Full text and rfc822 format available.

Message #10 received at 446034@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 446034@bugs.debian.org
Cc: control@bugs.debian.org
Subject: buffer overflow in alsaplayer
Date: Wed, 10 Oct 2007 02:11:30 +0200
[Message part 1 (text/plain, inline)]
retitle 446034 buffer overflow in ogg input plugin
tags 446034 + patch
thanks

Hi,
you can find a patch for this on:
http://alsaplayer.svn.sourceforge.net/viewvc/alsaplayer/trunk/alsaplayer/input/vorbis/vorbis_engine.c?r1=1252&r2=1287

or just upgrade to the newest version.
please contact stable security team and ask if this is worth 
a DSA for them.
Kind regards
Nico
-- 
Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Changed Bug title to `buffer overflow in ogg input plugin' from `buffer overflow in alsaplayer'. Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Wed, 10 Oct 2007 00:21:04 GMT) Full text and rfc822 format available.

Tags added: patch Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Wed, 10 Oct 2007 00:21:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Hubert Chan <uhoreg@debian.org>:
Bug#446034; Package alsaplayer. Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Hubert Chan <uhoreg@debian.org>.

Your message did not contain a Subject field. They are recommended and useful because the title of a Bug is determined using this field. Please remember to include a Subject field in your messages in future.

Full text and rfc822 format available.


Message #19 received at 446034@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 446034@bugs.debian.org
Cc: control@bugs.debian.org
Date: Wed, 10 Oct 2007 12:10:46 +0200
[Message part 1 (text/plain, inline)]
retitle 446034 CVE-2007-5301 buffer overflow in vorbis input plugin
thanks

Hi,
CVE-2007-5301 was assigned for this issue.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5301
If you fix this issue please include the CVE id in the 
changelog.

Kind regards
Nico

-- 
Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Changed Bug title to `CVE-2007-5301 buffer overflow in vorbis input plugin' from `buffer overflow in ogg input plugin'. Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Wed, 10 Oct 2007 10:24:03 GMT) Full text and rfc822 format available.

Reply sent to Hubert Chathi <uhoreg@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #26 received at 446034-close@bugs.debian.org (full text, mbox):

From: Hubert Chathi <uhoreg@debian.org>
To: 446034-close@bugs.debian.org
Subject: Bug#446034: fixed in alsaplayer 0.99.80~rc4-1
Date: Wed, 10 Oct 2007 22:02:03 +0000
Source: alsaplayer
Source-Version: 0.99.80~rc4-1

We believe that the bug you reported is fixed in the latest version of
alsaplayer, which is due to be installed in the Debian FTP archive:

alsaplayer-alsa_0.99.80~rc4-1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-alsa_0.99.80~rc4-1_i386.deb
alsaplayer-common_0.99.80~rc4-1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-common_0.99.80~rc4-1_i386.deb
alsaplayer-daemon_0.99.80~rc4-1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-daemon_0.99.80~rc4-1_i386.deb
alsaplayer-esd_0.99.80~rc4-1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-esd_0.99.80~rc4-1_i386.deb
alsaplayer-gtk_0.99.80~rc4-1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-gtk_0.99.80~rc4-1_i386.deb
alsaplayer-jack_0.99.80~rc4-1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-jack_0.99.80~rc4-1_i386.deb
alsaplayer-nas_0.99.80~rc4-1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-nas_0.99.80~rc4-1_i386.deb
alsaplayer-oss_0.99.80~rc4-1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-oss_0.99.80~rc4-1_i386.deb
alsaplayer-text_0.99.80~rc4-1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-text_0.99.80~rc4-1_i386.deb
alsaplayer-xosd_0.99.80~rc4-1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-xosd_0.99.80~rc4-1_i386.deb
alsaplayer_0.99.80~rc4-1.diff.gz
  to pool/main/a/alsaplayer/alsaplayer_0.99.80~rc4-1.diff.gz
alsaplayer_0.99.80~rc4-1.dsc
  to pool/main/a/alsaplayer/alsaplayer_0.99.80~rc4-1.dsc
alsaplayer_0.99.80~rc4.orig.tar.gz
  to pool/main/a/alsaplayer/alsaplayer_0.99.80~rc4.orig.tar.gz
libalsaplayer-dev_0.99.80~rc4-1_i386.deb
  to pool/main/a/alsaplayer/libalsaplayer-dev_0.99.80~rc4-1_i386.deb
libalsaplayer0_0.99.80~rc4-1_i386.deb
  to pool/main/a/alsaplayer/libalsaplayer0_0.99.80~rc4-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 446034@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hubert Chathi <uhoreg@debian.org> (supplier of updated alsaplayer package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Format: 1.7
Date: Wed, 10 Oct 2007 15:33:10 -0400
Source: alsaplayer
Binary: alsaplayer-daemon alsaplayer-xosd libalsaplayer-dev alsaplayer-jack alsaplayer-esd alsaplayer-text alsaplayer-nas alsaplayer-oss alsaplayer-alsa alsaplayer-gtk libalsaplayer0 alsaplayer-common
Architecture: source i386
Version: 0.99.80~rc4-1
Distribution: unstable
Urgency: low
Maintainer: Hubert Chathi <uhoreg@debian.org>
Changed-By: Hubert Chathi <uhoreg@debian.org>
Description: 
 alsaplayer-alsa - PCM player designed for ALSA (ALSA output module)
 alsaplayer-common - PCM player designed for ALSA (common files)
 alsaplayer-daemon - PCM player designed for ALSA (non-interactive version)
 alsaplayer-esd - PCM player designed for ALSA (EsounD output module)
 alsaplayer-gtk - PCM player designed for ALSA (GTK version)
 alsaplayer-jack - PCM player designed for ALSA (JACK output module)
 alsaplayer-nas - PCM player designed for ALSA (NAS output module)
 alsaplayer-oss - PCM player designed for ALSA (OSS output module)
 alsaplayer-text - PCM player designed for ALSA (text version)
 alsaplayer-xosd - PCM player designed for ALSA (osd version)
 libalsaplayer-dev - PCM player designed for ALSA (interface library, development file
 libalsaplayer0 - PCM player designed for ALSA (interface library)
Closes: 444584 446034
Changes: 
 alsaplayer (0.99.80~rc4-1) unstable; urgency=low
 .
   * New upstream release.
     * Fixes buffer overflow in vorbis plugin. (closes: #446034)
     * Remove patches already added by upstream.
   * debian patches/05_madglib.dpatch: Link mad plugin against glib only,
     instead of gtk. (closes: #444584)
   * debian/control: Update file to use binary:Version.
   * debian/rules: Don't ignore errors in clean target.
   * debian/*.menu: s/Apps/Applications/g.
   * debian/alsaplayer-gtk.menu: s/-i gtk/-i gtk2/
Files: 
 9a9a3c97061cd44829370577a15b0a90 1111 sound optional alsaplayer_0.99.80~rc4-1.dsc
 c17d8d4ae20ba97684ae501c3caf391a 1012126 sound optional alsaplayer_0.99.80~rc4.orig.tar.gz
 08e685e61c5bbfa5ae854c0c5ee0371e 19385 sound optional alsaplayer_0.99.80~rc4-1.diff.gz
 5e3fabae25c811bde002d93e8d40d22d 167466 sound optional alsaplayer-common_0.99.80~rc4-1_i386.deb
 a052f89b0d039d079aaf02594ffec277 190770 sound optional alsaplayer-gtk_0.99.80~rc4-1_i386.deb
 ae2149d7f9c2e878b8ee86a2bf4b256a 32064 sound optional alsaplayer-text_0.99.80~rc4-1_i386.deb
 0b070e78df740f3cb7512dc856ad026a 31166 sound optional alsaplayer-daemon_0.99.80~rc4-1_i386.deb
 97521a0ad13625cdb1296f5a1f99dcfe 31774 sound optional alsaplayer-xosd_0.99.80~rc4-1_i386.deb
 16e30a2d1f407b8c9fcca53cf271a1e8 29084 sound optional alsaplayer-oss_0.99.80~rc4-1_i386.deb
 a8aed29beb6cc5b3bb49af42e32897e7 30672 sound optional alsaplayer-alsa_0.99.80~rc4-1_i386.deb
 c3235615dd03db978c794e8fc38b9bfb 28974 sound optional alsaplayer-esd_0.99.80~rc4-1_i386.deb
 6c5a6ccef9ce086efb7388057694bc74 30830 sound optional alsaplayer-nas_0.99.80~rc4-1_i386.deb
 1bfe8d8a73c18d7a89e6033da99945fa 32890 sound optional alsaplayer-jack_0.99.80~rc4-1_i386.deb
 8a346031c6073e8589422668bf6ef12e 35036 libs optional libalsaplayer0_0.99.80~rc4-1_i386.deb
 b412718a1531f631f443bc42696a81ae 82202 libdevel optional libalsaplayer-dev_0.99.80~rc4-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHDUoarynHGRJLYfoRA0kTAJ4zt2rmB5nen5/bIOXeBwDSwlcjNQCgkWZ9
TqUgoLnuLMo9l2kcZh55uyM=
=ioWW
-----END PGP SIGNATURE-----





Reply sent to Nico Golde <nion@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #31 received at 446034-close@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 446034-close@bugs.debian.org
Subject: Bug#446034: fixed in alsaplayer 0.99.79-3+lenny1
Date: Fri, 12 Oct 2007 17:17:04 +0000
Source: alsaplayer
Source-Version: 0.99.79-3+lenny1

We believe that the bug you reported is fixed in the latest version of
alsaplayer, which is due to be installed in the Debian FTP archive:

alsaplayer-alsa_0.99.79-3+lenny1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-alsa_0.99.79-3+lenny1_i386.deb
alsaplayer-common_0.99.79-3+lenny1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-common_0.99.79-3+lenny1_i386.deb
alsaplayer-daemon_0.99.79-3+lenny1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-daemon_0.99.79-3+lenny1_i386.deb
alsaplayer-esd_0.99.79-3+lenny1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-esd_0.99.79-3+lenny1_i386.deb
alsaplayer-gtk_0.99.79-3+lenny1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-gtk_0.99.79-3+lenny1_i386.deb
alsaplayer-jack_0.99.79-3+lenny1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-jack_0.99.79-3+lenny1_i386.deb
alsaplayer-nas_0.99.79-3+lenny1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-nas_0.99.79-3+lenny1_i386.deb
alsaplayer-oss_0.99.79-3+lenny1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-oss_0.99.79-3+lenny1_i386.deb
alsaplayer-text_0.99.79-3+lenny1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-text_0.99.79-3+lenny1_i386.deb
alsaplayer-xosd_0.99.79-3+lenny1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-xosd_0.99.79-3+lenny1_i386.deb
alsaplayer_0.99.79-3+lenny1.diff.gz
  to pool/main/a/alsaplayer/alsaplayer_0.99.79-3+lenny1.diff.gz
alsaplayer_0.99.79-3+lenny1.dsc
  to pool/main/a/alsaplayer/alsaplayer_0.99.79-3+lenny1.dsc
libalsaplayer-dev_0.99.79-3+lenny1_i386.deb
  to pool/main/a/alsaplayer/libalsaplayer-dev_0.99.79-3+lenny1_i386.deb
libalsaplayer0_0.99.79-3+lenny1_i386.deb
  to pool/main/a/alsaplayer/libalsaplayer0_0.99.79-3+lenny1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 446034@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated alsaplayer package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 12 Oct 2007 12:45:45 +0200
Source: alsaplayer
Binary: alsaplayer-daemon alsaplayer-xosd libalsaplayer-dev alsaplayer-jack alsaplayer-esd alsaplayer-text alsaplayer-nas alsaplayer-oss alsaplayer-alsa alsaplayer-gtk libalsaplayer0 alsaplayer-common
Architecture: source i386
Version: 0.99.79-3+lenny1
Distribution: testing-security
Urgency: high
Maintainer: Hubert Chan <uhoreg@debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description: 
 alsaplayer-alsa - PCM player designed for ALSA (ALSA output module)
 alsaplayer-common - PCM player designed for ALSA (common files)
 alsaplayer-daemon - PCM player designed for ALSA (non-interactive version)
 alsaplayer-esd - PCM player designed for ALSA (EsounD output module)
 alsaplayer-gtk - PCM player designed for ALSA (GTK version)
 alsaplayer-jack - PCM player designed for ALSA (JACK output module)
 alsaplayer-nas - PCM player designed for ALSA (NAS output module)
 alsaplayer-oss - PCM player designed for ALSA (OSS output module)
 alsaplayer-text - PCM player designed for ALSA (text version)
 alsaplayer-xosd - PCM player designed for ALSA (osd version)
 libalsaplayer-dev - PCM player designed for ALSA (interface library, development file
 libalsaplayer0 - PCM player designed for ALSA (interface library)
Closes: 446034
Changes: 
 alsaplayer (0.99.79-3+lenny1) testing-security; urgency=high
 .
   * Non-maintainer upload by testing security team.
   * Added CVE-2007-5301.dpatch to fix buffer overflow
     via crafted ogg vorbis files (CVE-2007-5301) (Closes: #446034).
Files: 
 2d20038dd6e7dc569c00cc4375d6a8a1 1105 sound optional alsaplayer_0.99.79-3+lenny1.dsc
 55dc879c79ae741895dc5e42d6f484c9 855696 sound optional alsaplayer_0.99.79.orig.tar.gz
 64041b62a1ffafddad30949868e3e502 15732 sound optional alsaplayer_0.99.79-3+lenny1.diff.gz
 ab8d4bf624facc2a4b0af14d08373925 162300 sound optional alsaplayer-common_0.99.79-3+lenny1_i386.deb
 6177f3a9a892e75a1ec107c56b40ddee 115748 sound optional alsaplayer-gtk_0.99.79-3+lenny1_i386.deb
 392839e046a1aaaafc70dacfd2b4b4c1 29168 sound optional alsaplayer-text_0.99.79-3+lenny1_i386.deb
 50c79b6be4bb8cf002e936e90963523c 28148 sound optional alsaplayer-daemon_0.99.79-3+lenny1_i386.deb
 3e86f25935976811152e9e59d341f422 28892 sound optional alsaplayer-xosd_0.99.79-3+lenny1_i386.deb
 75e76949e7629a592e903834a688ee1e 26204 sound optional alsaplayer-oss_0.99.79-3+lenny1_i386.deb
 9573c7646eaeab065614c849b1fb884d 27798 sound optional alsaplayer-alsa_0.99.79-3+lenny1_i386.deb
 c1adb7aebde26bf90c28268213e605b3 26084 sound optional alsaplayer-esd_0.99.79-3+lenny1_i386.deb
 84587306ac6a55ff62c7aeee21fa9ebb 27952 sound optional alsaplayer-nas_0.99.79-3+lenny1_i386.deb
 5c5a7479d2c01ef9f9c8faac7d772f70 30008 sound optional alsaplayer-jack_0.99.79-3+lenny1_i386.deb
 9cfe74eac5e97e3f472cf57d38ea4234 32142 libs optional libalsaplayer0_0.99.79-3+lenny1_i386.deb
 fa62ce5d82c583c8fc75517971f503d2 82378 libdevel optional libalsaplayer-dev_0.99.79-3+lenny1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHD1JAHYflSXNkfP8RAv5jAJ94FLRcvbYOAnbSEFAvAlR05HjYkwCdHXwj
FYqsLJxRNYxEHkh++daLh+8=
=PvD9
-----END PGP SIGNATURE-----





Reply sent to Devin Carraway <devin@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #36 received at 446034-close@bugs.debian.org (full text, mbox):

From: Devin Carraway <devin@debian.org>
To: 446034-close@bugs.debian.org
Subject: Bug#446034: fixed in alsaplayer 0.99.76-9+etch1
Date: Sun, 13 Apr 2008 19:52:14 +0000
Source: alsaplayer
Source-Version: 0.99.76-9+etch1

We believe that the bug you reported is fixed in the latest version of
alsaplayer, which is due to be installed in the Debian FTP archive:

alsaplayer-alsa_0.99.76-9+etch1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-alsa_0.99.76-9+etch1_i386.deb
alsaplayer-common_0.99.76-9+etch1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-common_0.99.76-9+etch1_i386.deb
alsaplayer-daemon_0.99.76-9+etch1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-daemon_0.99.76-9+etch1_i386.deb
alsaplayer-esd_0.99.76-9+etch1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-esd_0.99.76-9+etch1_i386.deb
alsaplayer-gtk_0.99.76-9+etch1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-gtk_0.99.76-9+etch1_i386.deb
alsaplayer-jack_0.99.76-9+etch1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-jack_0.99.76-9+etch1_i386.deb
alsaplayer-nas_0.99.76-9+etch1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-nas_0.99.76-9+etch1_i386.deb
alsaplayer-oss_0.99.76-9+etch1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-oss_0.99.76-9+etch1_i386.deb
alsaplayer-text_0.99.76-9+etch1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-text_0.99.76-9+etch1_i386.deb
alsaplayer-xosd_0.99.76-9+etch1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-xosd_0.99.76-9+etch1_i386.deb
alsaplayer_0.99.76-9+etch1.diff.gz
  to pool/main/a/alsaplayer/alsaplayer_0.99.76-9+etch1.diff.gz
alsaplayer_0.99.76-9+etch1.dsc
  to pool/main/a/alsaplayer/alsaplayer_0.99.76-9+etch1.dsc
libalsaplayer-dev_0.99.76-9+etch1_i386.deb
  to pool/main/a/alsaplayer/libalsaplayer-dev_0.99.76-9+etch1_i386.deb
libalsaplayer0_0.99.76-9+etch1_i386.deb
  to pool/main/a/alsaplayer/libalsaplayer0_0.99.76-9+etch1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 446034@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Devin Carraway <devin@debian.org> (supplier of updated alsaplayer package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 30 Mar 2008 07:35:43 +0000
Source: alsaplayer
Binary: alsaplayer-daemon alsaplayer-xosd libalsaplayer-dev alsaplayer-jack alsaplayer-esd alsaplayer-text alsaplayer-nas alsaplayer-oss alsaplayer-alsa alsaplayer-gtk libalsaplayer0 alsaplayer-common
Architecture: source i386
Version: 0.99.76-9+etch1
Distribution: stable-security
Urgency: high
Maintainer: Hubert Chan <hubert@uhoreg.ca>
Changed-By: Devin Carraway <devin@debian.org>
Description: 
 alsaplayer-alsa - PCM player designed for ALSA (ALSA output module)
 alsaplayer-common - PCM player designed for ALSA (common files)
 alsaplayer-daemon - PCM player designed for ALSA (non-interactive version)
 alsaplayer-esd - PCM player designed for ALSA (EsounD output module)
 alsaplayer-gtk - PCM player designed for ALSA (GTK version)
 alsaplayer-jack - PCM player designed for ALSA (JACK output module)
 alsaplayer-nas - PCM player designed for ALSA (NAS output module)
 alsaplayer-oss - PCM player designed for ALSA (OSS output module)
 alsaplayer-text - PCM player designed for ALSA (text version)
 alsaplayer-xosd - PCM player designed for ALSA (osd version)
 libalsaplayer-dev - PCM player designed for ALSA (interface library, development file
 libalsaplayer0 - PCM player designed for ALSA (interface library)
Closes: 446034
Changes: 
 alsaplayer (0.99.76-9+etch1) stable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * 32_security_CVE-2007-5301: patch from upstream for CVE-2007-5301,
     correcting a buffer overflow vulnerability in the Vorbis plugin.
     Closes: #446034
Files: 
 f1cef8ce08af0bc84cc18f45bf54774b 1411 sound optional alsaplayer_0.99.76-9+etch1.dsc
 ff78654c9ab74d14ad218dfb226db0a4 795398 sound optional alsaplayer_0.99.76.orig.tar.gz
 f2af0197803ce618482ecdc6c78b420e 179628 sound optional alsaplayer_0.99.76-9+etch1.diff.gz
 c35adec287030905bf0db4e27ab81d63 158866 sound optional alsaplayer-common_0.99.76-9+etch1_i386.deb
 902924f6ef4f2e63b66b183dc0c35334 115288 sound optional alsaplayer-gtk_0.99.76-9+etch1_i386.deb
 f1ef493cd0e41107102a7d552b83563c 28100 sound optional alsaplayer-text_0.99.76-9+etch1_i386.deb
 9d0e04a29f76e31f8b076ab3a689a23f 26996 sound optional alsaplayer-daemon_0.99.76-9+etch1_i386.deb
 122a2eaf526f4566d7a7486900bf31b3 27682 sound optional alsaplayer-xosd_0.99.76-9+etch1_i386.deb
 2b54d8b1f00a371d22b59d83e5cde354 25102 sound optional alsaplayer-oss_0.99.76-9+etch1_i386.deb
 a4c34cf4a0ab302a9ec079830bc078a5 26732 sound optional alsaplayer-alsa_0.99.76-9+etch1_i386.deb
 1a43a121d1a49ca6873ba5095d859e62 24994 sound optional alsaplayer-esd_0.99.76-9+etch1_i386.deb
 9fd4b50433e0e8059e841156d89265c8 26938 sound optional alsaplayer-nas_0.99.76-9+etch1_i386.deb
 9153f6bcfa7b63b15a48f28a599bbc72 28900 sound optional alsaplayer-jack_0.99.76-9+etch1_i386.deb
 152b14037ca04c15f98d61da207d8d46 30404 libs optional libalsaplayer0_0.99.76-9+etch1_i386.deb
 63d46351fcfaf549e0602289d9fd7139 81112 libdevel optional libalsaplayer-dev_0.99.76-9+etch1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBR++awGz0hbPcukPfAQIfeggAnRSB3v6raymKD3lJ6agZ0tBcsPhtoIU8
jDxYMTsyNLamvd9yEztpa7zHdbTlOU0BRWjJ/hLIS8XKg4O5P6zYBUFDkR8eNFJc
wSSmK23rbnh+4oV/qR+AOJ3RyTwfOPeLpgQ6lKxLzu8+em3tvpoZ504M6mcegqtB
Z9vuK5R1NXLUrXPuk67FIxDD05CtwXjWLjGworc9h7IWKnRYg8871Tz28jqr4Re5
v74dSiXKVZubH3iSe3X4UbsT23dlAWF3vsYh9uANzA7WU+gmzjk/IWEQ7yK8aRB4
zJoWuErwxncVEKDh68XpS02pOSZbPJwu+IGTqnb1K4uF/TEQkfBHyQ==
=6eML
-----END PGP SIGNATURE-----





Reply sent to Devin Carraway <devin@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #41 received at 446034-close@bugs.debian.org (full text, mbox):

From: Devin Carraway <devin@debian.org>
To: 446034-close@bugs.debian.org
Subject: Bug#446034: fixed in alsaplayer 0.99.76-9+etch1
Date: Sat, 26 Jul 2008 09:40:17 +0000
Source: alsaplayer
Source-Version: 0.99.76-9+etch1

We believe that the bug you reported is fixed in the latest version of
alsaplayer, which is due to be installed in the Debian FTP archive:

alsaplayer-alsa_0.99.76-9+etch1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-alsa_0.99.76-9+etch1_i386.deb
alsaplayer-common_0.99.76-9+etch1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-common_0.99.76-9+etch1_i386.deb
alsaplayer-daemon_0.99.76-9+etch1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-daemon_0.99.76-9+etch1_i386.deb
alsaplayer-esd_0.99.76-9+etch1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-esd_0.99.76-9+etch1_i386.deb
alsaplayer-gtk_0.99.76-9+etch1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-gtk_0.99.76-9+etch1_i386.deb
alsaplayer-jack_0.99.76-9+etch1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-jack_0.99.76-9+etch1_i386.deb
alsaplayer-nas_0.99.76-9+etch1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-nas_0.99.76-9+etch1_i386.deb
alsaplayer-oss_0.99.76-9+etch1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-oss_0.99.76-9+etch1_i386.deb
alsaplayer-text_0.99.76-9+etch1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-text_0.99.76-9+etch1_i386.deb
alsaplayer-xosd_0.99.76-9+etch1_i386.deb
  to pool/main/a/alsaplayer/alsaplayer-xosd_0.99.76-9+etch1_i386.deb
alsaplayer_0.99.76-9+etch1.diff.gz
  to pool/main/a/alsaplayer/alsaplayer_0.99.76-9+etch1.diff.gz
alsaplayer_0.99.76-9+etch1.dsc
  to pool/main/a/alsaplayer/alsaplayer_0.99.76-9+etch1.dsc
libalsaplayer-dev_0.99.76-9+etch1_i386.deb
  to pool/main/a/alsaplayer/libalsaplayer-dev_0.99.76-9+etch1_i386.deb
libalsaplayer0_0.99.76-9+etch1_i386.deb
  to pool/main/a/alsaplayer/libalsaplayer0_0.99.76-9+etch1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 446034@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Devin Carraway <devin@debian.org> (supplier of updated alsaplayer package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 30 Mar 2008 07:35:43 +0000
Source: alsaplayer
Binary: alsaplayer-daemon alsaplayer-xosd libalsaplayer-dev alsaplayer-jack alsaplayer-esd alsaplayer-text alsaplayer-nas alsaplayer-oss alsaplayer-alsa alsaplayer-gtk libalsaplayer0 alsaplayer-common
Architecture: source i386
Version: 0.99.76-9+etch1
Distribution: stable-security
Urgency: high
Maintainer: Hubert Chan <hubert@uhoreg.ca>
Changed-By: Devin Carraway <devin@debian.org>
Description: 
 alsaplayer-alsa - PCM player designed for ALSA (ALSA output module)
 alsaplayer-common - PCM player designed for ALSA (common files)
 alsaplayer-daemon - PCM player designed for ALSA (non-interactive version)
 alsaplayer-esd - PCM player designed for ALSA (EsounD output module)
 alsaplayer-gtk - PCM player designed for ALSA (GTK version)
 alsaplayer-jack - PCM player designed for ALSA (JACK output module)
 alsaplayer-nas - PCM player designed for ALSA (NAS output module)
 alsaplayer-oss - PCM player designed for ALSA (OSS output module)
 alsaplayer-text - PCM player designed for ALSA (text version)
 alsaplayer-xosd - PCM player designed for ALSA (osd version)
 libalsaplayer-dev - PCM player designed for ALSA (interface library, development file
 libalsaplayer0 - PCM player designed for ALSA (interface library)
Closes: 446034
Changes: 
 alsaplayer (0.99.76-9+etch1) stable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * 32_security_CVE-2007-5301: patch from upstream for CVE-2007-5301,
     correcting a buffer overflow vulnerability in the Vorbis plugin.
     Closes: #446034
Files: 
 f1cef8ce08af0bc84cc18f45bf54774b 1411 sound optional alsaplayer_0.99.76-9+etch1.dsc
 ff78654c9ab74d14ad218dfb226db0a4 795398 sound optional alsaplayer_0.99.76.orig.tar.gz
 f2af0197803ce618482ecdc6c78b420e 179628 sound optional alsaplayer_0.99.76-9+etch1.diff.gz
 c35adec287030905bf0db4e27ab81d63 158866 sound optional alsaplayer-common_0.99.76-9+etch1_i386.deb
 902924f6ef4f2e63b66b183dc0c35334 115288 sound optional alsaplayer-gtk_0.99.76-9+etch1_i386.deb
 f1ef493cd0e41107102a7d552b83563c 28100 sound optional alsaplayer-text_0.99.76-9+etch1_i386.deb
 9d0e04a29f76e31f8b076ab3a689a23f 26996 sound optional alsaplayer-daemon_0.99.76-9+etch1_i386.deb
 122a2eaf526f4566d7a7486900bf31b3 27682 sound optional alsaplayer-xosd_0.99.76-9+etch1_i386.deb
 2b54d8b1f00a371d22b59d83e5cde354 25102 sound optional alsaplayer-oss_0.99.76-9+etch1_i386.deb
 a4c34cf4a0ab302a9ec079830bc078a5 26732 sound optional alsaplayer-alsa_0.99.76-9+etch1_i386.deb
 1a43a121d1a49ca6873ba5095d859e62 24994 sound optional alsaplayer-esd_0.99.76-9+etch1_i386.deb
 9fd4b50433e0e8059e841156d89265c8 26938 sound optional alsaplayer-nas_0.99.76-9+etch1_i386.deb
 9153f6bcfa7b63b15a48f28a599bbc72 28900 sound optional alsaplayer-jack_0.99.76-9+etch1_i386.deb
 152b14037ca04c15f98d61da207d8d46 30404 libs optional libalsaplayer0_0.99.76-9+etch1_i386.deb
 63d46351fcfaf549e0602289d9fd7139 81112 libdevel optional libalsaplayer-dev_0.99.76-9+etch1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBR++awGz0hbPcukPfAQIfeggAnRSB3v6raymKD3lJ6agZ0tBcsPhtoIU8
jDxYMTsyNLamvd9yEztpa7zHdbTlOU0BRWjJ/hLIS8XKg4O5P6zYBUFDkR8eNFJc
wSSmK23rbnh+4oV/qR+AOJ3RyTwfOPeLpgQ6lKxLzu8+em3tvpoZ504M6mcegqtB
Z9vuK5R1NXLUrXPuk67FIxDD05CtwXjWLjGworc9h7IWKnRYg8871Tz28jqr4Re5
v74dSiXKVZubH3iSe3X4UbsT23dlAWF3vsYh9uANzA7WU+gmzjk/IWEQ7yK8aRB4
zJoWuErwxncVEKDh68XpS02pOSZbPJwu+IGTqnb1K4uF/TEQkfBHyQ==
=6eML
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 24 Aug 2008 07:30:49 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 06:42:14 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.