[helix-maintainers] Bug#330364: marked as done (helix-player: Helix Player Remote Format String Exploit)

Thu Sep 29 15:33:14 UTC 2005

Your message dated Thu, 29 Sep 2005 08:17:17 -0700
with message-id <E1EL09t-0005YS-00 at spohr.debian.org>
and subject line Bug#330364: fixed in helix-player 1.0.6-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 27 Sep 2005 18:32:50 +0000
>From sf at sfritsch.de Tue Sep 27 11:32:50 2005
Return-path: <sf at sfritsch.de>
Received: from mail-out.m-online.net [212.18.0.9] 
	by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
	id 1EKKG2-0000Mo-00; Tue, 27 Sep 2005 11:32:50 -0700
Received: from mail.m-online.net (svr20.m-online.net [192.168.3.148])
	by mail-out.m-online.net (Postfix) with ESMTP id BA2C8703C5;
	Tue, 27 Sep 2005 20:32:28 +0200 (CEST)
Received: from k.local (ppp-82-135-79-97.mnet-online.de [82.135.79.97])
	by mail.m-online.net (Postfix) with ESMTP id 7C638105C6F;
	Tue, 27 Sep 2005 20:32:48 +0200 (CEST)
Received: from stf by k.local with local (Exim 4.52)
	id 1EKKFq-0001j8-Fh; Tue, 27 Sep 2005 20:32:38 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Stefan Fritsch <sf at sfritsch.de>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: helix-player: Helix Player Remote Format String Exploit
X-Mailer: reportbug 3.17
Date: Tue, 27 Sep 2005 20:32:38 +0200
X-Debbugs-Cc: Debian Security Team <team at security.debian.org>
Message-Id: <E1EKKFq-0001j8-Fh at k.local>
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
	X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02

Package: helix-player
Severity: grave
Tags: security
Justification: user security hole

According to http://www.open-security.org/advisories/13, there is
another remote vulnerability in helix player.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12.3-k1
Locale: LANG=de_DE at euro, LC_CTYPE=de_DE at euro (charmap=ISO-8859-15)

---------------------------------------
Received: (at 330364-close) by bugs.debian.org; 29 Sep 2005 15:18:20 +0000
>From katie at spohr.debian.org Thu Sep 29 08:18:19 2005
Return-path: <katie at spohr.debian.org>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
	id 1EL09t-0005YS-00; Thu, 29 Sep 2005 08:17:17 -0700
From: Daniel Baumann <daniel.baumann at panthera-systems.net>
To: 330364-close at bugs.debian.org
X-Katie: $Revision: 1.56 $
Subject: Bug#330364: fixed in helix-player 1.0.6-1
Message-Id: <E1EL09t-0005YS-00 at spohr.debian.org>
Sender: Archive Administrator <katie at spohr.debian.org>
Date: Thu, 29 Sep 2005 08:17:17 -0700
Delivered-To: 330364-close at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02

Source: helix-player
Source-Version: 1.0.6-1

We believe that the bug you reported is fixed in the latest version of
helix-player, which is due to be installed in the Debian FTP archive:

helix-player_1.0.6-1.diff.gz
  to pool/main/h/helix-player/helix-player_1.0.6-1.diff.gz
helix-player_1.0.6-1.dsc
  to pool/main/h/helix-player/helix-player_1.0.6-1.dsc
helix-player_1.0.6-1_i386.deb
  to pool/main/h/helix-player/helix-player_1.0.6-1_i386.deb
helix-player_1.0.6.orig.tar.gz
  to pool/main/h/helix-player/helix-player_1.0.6.orig.tar.gz

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 330364 at bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Daniel Baumann <daniel.baumann at panthera-systems.net> (supplier of updated helix-player package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster at debian.org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thr, 29 Sep 2005 11:39:00 +0200
Source: helix-player
Binary: helix-player
Architecture: source i386
Version: 1.0.6-1
Distribution: unstable
Urgency: high
Maintainer: Daniel Baumann <daniel.baumann at panthera-systems.net>
Changed-By: Daniel Baumann <daniel.baumann at panthera-systems.net>
Description: 
 helix-player - The Helix Community's open source media player
Closes: 330364
Changes: 
 helix-player (1.0.6-1) unstable; urgency=high
 .
   * New upstream release:
     - fixes security problems addressed in CAN-2005-2170 (Closes: #330364).
Files: 
 09d324e9f9ec81927e5bbf8d9f62aa13 967 graphics optional helix-player_1.0.6-1.dsc
 788928c4a8dc183fd5d994ecb7fefa57 18229003 graphics optional helix-player_1.0.6.orig.tar.gz
 6054c1c14b2d729bb020fd0be7a55ac6 7568 graphics optional helix-player_1.0.6-1.diff.gz
 7af65436f485b6ecb02c19fc8dd07573 4208756 graphics optional helix-player_1.0.6-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iEYEARECAAYFAkM7/bEACgkQELuA/Ba9d8a1AwCfVxKGLbwoFXMmKZ53236oD5x6
HA8AoMCdH2TKTnlMdlXkYjCEDKEaqSUB
=rVsO
-----END PGP SIGNATURE-----