[debbugs-tracker] bug#36910: closed (CVE patches for libmad)

emacs-bug-tracker

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debbugs-tracker] bug#36910: closed (CVE patches for libmad)

From:	GNU bug Tracking System
Subject:	[debbugs-tracker] bug#36910: closed (CVE patches for libmad)
Date:	Tue, 06 Aug 2019 07:29:04 +0000

Your message dated Tue, 06 Aug 2019 03:27:43 -0400
with message-id <address@hidden>
and subject line Re: bug#36909: CVE-2017-837{2,3,4} patches for libmad from 
Debian
has caused the debbugs.gnu.org bug report #36909,
regarding CVE patches for libmad
to be marked as done.

(If you believe you have received this mail in error, please contact
address@hidden.)


-- 
36909: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=36909
GNU Bug Tracking System
Contact address@hidden with problems

--- Begin Message --- Subject: CVE patches for libmad Date: Sat, 3 Aug 2019 05:56:31 -0700 User-agent: SquirrelMail/1.4.22

Package: libmad
Version: 0.15.1b
Tags: security
Severity: important

Hello!

I think that package "libmad" should be updated to include fixes for the
following vulnerabilities: CVE-2017-8372, CVE-2017-8373, CVE-2017-8374.
This can be done by applying md_size.diff and replacing
libmad-frame-length.patch with length-check.diff (*.diff are from Debian
GNU/Linux).

Best regards!

--- End Message ---

--- Begin Message --- Subject: Re: bug#36909: CVE-2017-837{2,3,4} patches for libmad from Debian Date: Tue, 06 Aug 2019 03:27:43 -0400 User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)

Hi,

address@hidden wrote:

> I think that package "libmad" should be updated to include fixes for the
> following vulnerabilities:
> https://security-tracker.debian.org/tracker/CVE-2017-8372,
> https://security-tracker.debian.org/tracker/CVE-2017-8373,
> https://security-tracker.debian.org/tracker/CVE-2017-8374.
> This can be done by applying md_size.diff from Debian and replacing
> libmad-frame-length.patch with length-check.diff from Debian.

I've applied the updates that you recommended in commit
aac6c53a7bc9a8d22e88a490ebc99ec79d64a05b on our 'master' branch.

Thanks very much for bringing this to our attention.

     Best,
      Mark

--- End Message ---

[Prev in Thread]

Current Thread

[Next in Thread]

[debbugs-tracker] bug#36910: closed (CVE patches for libmad), GNU bug Tracking System <=

Prev by Date: [debbugs-tracker] bug#36909: closed (CVE-2017-837{2, 3, 4} patches for libmad from Debian)
Next by Date: [debbugs-tracker] bug#36939: closed ([PATCH] Update emacs-ivy.)
Previous by thread: [debbugs-tracker] bug#36909: closed (CVE-2017-837{2, 3, 4} patches for libmad from Debian)
Next by thread: [debbugs-tracker] bug#36939: closed ([PATCH] Update emacs-ivy.)
Index(es):
- Date
- Thread