Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted mpg123 1.26.4-1+deb11u1 (source) into oldstable-security
Date: Tue, 26 Nov 2024 20:40:21 +0000
Signed by: Bastien ROUCARIÈS <rouca@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 24 Nov 2024 18:52:35 +0000
Source: mpg123
Architecture: source
Version: 1.26.4-1+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1086443
Changes:
 mpg123 (1.26.4-1+deb11u1) bullseye-security; urgency=medium
 .
   * Team upload
   * Fix CVE-2024-10573 (Closes: #1086443)
     An out-of-bounds write flaw was found in mpg123 when handling
     crafted streams. When decoding PCM, the libmpg123 may write past
     the end of a heap-located buffer. Consequently, heap corruption
     may happen, and arbitrary code execution is not discarded.
     The complexity required to exploit this flaw is considered hig
     as the payload must be validated by the MPEG decoder and the
     PCM synth before execution.
Checksums-Sha1:
 138450d96902f3f67d16fd63d2489ef34ff1a954 2616 mpg123_1.26.4-1+deb11u1.dsc
 d6f68d8defbb0622c677d29251a7e81df62cd32f 1050563 mpg123_1.26.4.orig.tar.bz2
 e39dc8349babfdf053a6c2aeb6c6676d19eb4892 833 mpg123_1.26.4.orig.tar.bz2.asc
 8e458518312cb6a1700416f7760f5f9952881da4 35128 mpg123_1.26.4-1+deb11u1.debian.tar.xz
 78ada2a59c7bd87eca89c6c519e75ec4f0595890 10834 mpg123_1.26.4-1+deb11u1_amd64.buildinfo
Checksums-Sha256:
 1b69d835888641bea440e90c5967db2f9edcb1c5ac58c07d6cc02c8985c61025 2616 mpg123_1.26.4-1+deb11u1.dsc
 081991540df7a666b29049ad870f293cfa28863b36488ab4d58ceaa7b5846454 1050563 mpg123_1.26.4.orig.tar.bz2
 e4d0bef9aa45533294ab69028a823c25423e491e124ac8086e592e3fec765e6b 833 mpg123_1.26.4.orig.tar.bz2.asc
 bf1706f8047e99d1b5e8663e9d2ad9af99b133210c2f4c4f752b14368d1ab236 35128 mpg123_1.26.4-1+deb11u1.debian.tar.xz
 352553f46df6bd41a00ace71443bc39607763cee35a9a0c0ae6ffaed59b28041 10834 mpg123_1.26.4-1+deb11u1_amd64.buildinfo
Files:
 ea3aa43fc402cbcfd72937f2ba2295e9 2616 sound optional mpg123_1.26.4-1+deb11u1.dsc
 af2471bad7c59ebf5d3e8e0be1798375 1050563 sound optional mpg123_1.26.4.orig.tar.bz2
 ad5e105149d26ed3043ed24108cb44d9 833 sound optional mpg123_1.26.4.orig.tar.bz2.asc
 c725e482768919a675a5693d6d890e07 35128 sound optional mpg123_1.26.4-1+deb11u1.debian.tar.xz
 dab63bccd7868e8f5077db53ea61e4e9 10834 sound optional mpg123_1.26.4-1+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmdGLVURHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF9r/xAAgbFvsRuFX0KfHJV292AdwuRoQ9sn8jrY
G9yKp2hTxEmGY42LDJlhFD3kieVnlPH2QPL0KAUGvs66VPZvtS75D/6uiX5Ppvhp
WlClElfQ3e/ekqrxaf6epAe/kALwoVMnCP4qjHNLvk2QjOscqN+ihS/Bp8YQ+QaK
4Ypd+ekL1EN3GxmGDYXzM+PpJh/0sGbNFLyfH/++mBA63RZnhQONjAYSYwzOz3QX
9bvWZFraysgcRm9zRjR5e+Dom00RZ589wm9ETjKWq3k5VlrZTfqqoZOYyQaTY4+9
cpd9c0L6SFsSO/DEDjeYH2WxPlkNn7UVA6CNEC4lIYVzthBWJ/2RIaHEE2NUiscy
CsWG26glFg2sGfBqIfv7DFXSepjE5bUTE4tO5VWc3iqohdn8qW5nA/vxzfPWqV7s
E8pTDmrYbA2kebf66DkuWaBVI2uFO1V0eo96rqSfH04eGVWwtSJSWD0qMuw5rmxw
+c7Q52b3hzP6MAapiydOr23ReZsygAyCdjlY9np0Ah8iGhWbgCTDDBqm1akX3jiA
gMhFl0i8zOOR5xrco2R8+MZ4dWTgG5mhFKw3ZnVdYoWxwmbgptFWth4wP2bb9dET
+UuRzJJv9Ez4rJOCMEQXhc0KArecKyqMhBkzexdYt6X2BqzmEEDTR4oPzzUOUUJO
g1GUFihWGyg=
=skGE
-----END PGP SIGNATURE-----
News for package mpg123
