Debian Package Tracker

general

source: mpg123 (main)
version: 1.25.10-2
maintainer: Debian Multimedia Maintainers (archive) [DMD]
uploaders: Miguel A. Colón Vélez [DMD] [dm] – Reinhard Tartler [DMD]
arch: any
std-ver: 4.1.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 1.20.1-2+deb8u1
stable: 1.23.8-1
testing: 1.25.10-2
unstable: 1.25.10-2

versioned links

1.20.1-2+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.23.8-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.25.10-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libmpg123-0
libmpg123-dev
libout123-0
mpg123

action needed

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit b1f1fd28f36f963f75af9d4e07595a453df0f46d
Author: Ondřej Nový <onovy@debian.org>
Date:   Mon Oct 1 08:34:46 2018 +0200

    d/watch: Use https protocol

Created: 2018-10-01 Last update: 2019-05-21 05:35

lintian reports 4 warnings normal

Lintian reports 4 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2018-04-12 Last update: 2019-04-09 06:37

4 ignored security issues in stretch low

There are 4 open security issues in stretch.

4 issues skipped by the security teams:

CVE-2017-12839: A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service (out-of-bounds read) or possibly have unspecified other impact via a crafted mp3 file.
CVE-2017-12797: Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow.
CVE-2017-9545: The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service (buffer over-read) via a crafted mp3 file.
CVE-2017-10683: In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. A crafted input will lead to a remote denial of service attack.

Please fix them.

Created: 2017-07-02 Last update: 2019-05-12 06:31

4 ignored security issues in jessie low

There are 4 open security issues in jessie.

4 issues skipped by the security teams:

CVE-2017-12839: A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service (out-of-bounds read) or possibly have unspecified other impact via a crafted mp3 file.
CVE-2017-12797: Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow.
CVE-2017-9545: The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service (buffer over-read) via a crafted mp3 file.
CVE-2017-10683: In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. A crafted input will lead to a remote denial of service attack.

Please fix them.

Created: 2017-07-02 Last update: 2019-05-12 06:31

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.3.0 instead of 4.1.4).

Created: 2018-08-20 Last update: 2018-12-23 17:15

news

[rss feed]

[2018-04-25] mpg123 1.25.10-2 MIGRATED to testing (Debian testing watch)
[2018-04-20] Accepted mpg123 1.25.10-2 (source) into unstable (James Cowgill)
[2018-03-16] mpg123 1.25.10-1 MIGRATED to testing (Debian testing watch)
[2018-03-10] Accepted mpg123 1.25.10-1 (source) into unstable (Sebastian Ramacher)
[2017-12-09] mpg123 1.25.8-1 MIGRATED to testing (Debian testing watch)
[2017-12-03] Accepted mpg123 1.25.8-1 (source) into unstable (Sebastian Ramacher)
[2017-10-02] mpg123 1.25.7-1 MIGRATED to testing (Debian testing watch)
[2017-09-26] Accepted mpg123 1.25.7-1 (source) into unstable (Sebastian Ramacher)
[2017-08-17] mpg123 1.25.6-1 MIGRATED to testing (Debian testing watch)
[2017-08-12] Accepted mpg123 1.25.6-1 (source) into unstable (Sebastian Ramacher)
[2017-08-12] mpg123 1.25.4-1 MIGRATED to testing (Debian testing watch)
[2017-08-06] Accepted mpg123 1.25.4-1 (source) into unstable (Sebastian Ramacher)
[2017-07-29] mpg123 1.25.3-1 MIGRATED to testing (Debian testing watch)
[2017-07-23] Accepted mpg123 1.25.3-1 (source) into unstable (Sebastian Ramacher)
[2017-07-09] mpg123 1.25.1-1 MIGRATED to testing (Debian testing watch)
[2017-07-08] Accepted mpg123 1.14.4-1+deb7u2 (source amd64) into oldoldstable (Chris Lamb)
[2017-07-03] Accepted mpg123 1.25.1-1 (source) into unstable (Sebastian Ramacher)
[2017-06-23] mpg123 1.25.0-1 MIGRATED to testing (Debian testing watch)
[2017-06-18] Accepted mpg123 1.25.0-1 (source) into unstable (Sebastian Ramacher)
[2017-04-25] Accepted mpg123 1.24.0-1 (source) into experimental (Sebastian Ramacher)
[2016-10-15] Accepted mpg123 1.14.4-1+deb7u1 (source amd64) into oldstable (Jonas Meurer)
[2016-10-12] Accepted mpg123 1.20.1-2+deb8u1 (source) into proposed-updates->stable-new, proposed-updates (James Cowgill)
[2016-10-07] mpg123 1.23.8-1 MIGRATED to testing (Debian testing watch)
[2016-10-04] Accepted mpg123 1.23.8-1 (source amd64) into unstable, unstable (Sebastian Ramacher)
[2015-09-24] mpg123 1.22.4-1 MIGRATED to testing (Britney)
[2015-09-18] Accepted mpg123 1.22.4-1 (source) into unstable (Miguel A. Colón Vélez)
[2015-09-14] Accepted mpg123 1.22.3-1 (source) into unstable (Miguel A. Colón Vélez)
[2015-07-17] mpg123 1.22.2-1 MIGRATED to testing (Britney)
[2015-07-11] Accepted mpg123 1.22.2-1 (source) into unstable (Miguel A. Colón Vélez) (signed by: Sebastian Ramacher)
[2014-09-06] mpg123 1.20.1-2 MIGRATED to testing (Britney)

bugs [bug history graph]

all: 3
RC: 0
I&N: 1
M&W: 2
F&P: 0
patch: 0

links

homepage
lintian (0, 4)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.25.10-2
4 bugs