Debian Package Tracker

general

source: mpg123 (main)
version: 1.25.13-1
maintainer: Debian Multimedia Maintainers (archive) (DMD)
uploaders: Miguel A. Colón Vélez [DMD] [DM] – Reinhard Tartler [DMD]
arch: any
std-ver: 4.4.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.20.1-2+deb8u1
oldstable: 1.23.8-1
stable: 1.25.10-2
testing: 1.25.13-1
unstable: 1.25.13-1
NEW/unstable: 1.26.0-1

versioned links

1.20.1-2+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.23.8-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.25.10-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.25.13-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libmpg123-0
libmpg123-dev
libout123-0
mpg123 (5 bugs: 0, 2, 3, 0)

action needed

A new upstream version is available: 1.26.1 high

A new upstream version 1.26.1 is available, you should consider packaging it.

Created: 2020-05-11 Last update: 2020-06-01 06:07

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.26.0-1, distribution unstable) and new commits in its VCS. You should consider whether it's time to make an upload.

Created: 2020-05-26 Last update: 2020-05-26 19:45

lintian reports 4 warnings normal

Lintian reports 4 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-05-21 Last update: 2020-05-21 00:06

4 ignored security issues in jessie low

There are 4 open security issues in jessie.

4 issues skipped by the security teams:

CVE-2017-12839: A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service (out-of-bounds read) or possibly have unspecified other impact via a crafted mp3 file.
CVE-2017-12797: Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow.
CVE-2017-10683: In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. A crafted input will lead to a remote denial of service attack.
CVE-2017-9545: The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service (buffer over-read) via a crafted mp3 file.

Please fix them.

Created: 2017-07-02 Last update: 2019-11-23 06:49

4 ignored security issues in stretch low

There are 4 open security issues in stretch.

4 issues skipped by the security teams:

CVE-2017-12839: A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service (out-of-bounds read) or possibly have unspecified other impact via a crafted mp3 file.
CVE-2017-12797: Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow.
CVE-2017-10683: In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. A crafted input will lead to a remote denial of service attack.
CVE-2017-9545: The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service (buffer over-read) via a crafted mp3 file.

Please fix them.

Created: 2017-07-02 Last update: 2019-11-23 06:49

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 4.4.1).

Created: 2020-01-21 Last update: 2020-01-21 05:06

news

[rss feed]

[2019-11-23] mpg123 1.25.13-1 MIGRATED to testing (Debian testing watch)
[2019-11-17] Accepted mpg123 1.25.13-1 (source) into unstable (Sebastian Ramacher)
[2019-09-02] mpg123 1.25.12-1 MIGRATED to testing (Debian testing watch)
[2019-08-27] Accepted mpg123 1.25.12-1 (source) into unstable (Sebastian Ramacher)
[2019-08-24] mpg123 1.25.11-1 MIGRATED to testing (Debian testing watch)
[2019-08-19] Accepted mpg123 1.25.11-1 (source) into unstable (Sebastian Ramacher)
[2018-04-25] mpg123 1.25.10-2 MIGRATED to testing (Debian testing watch)
[2018-04-20] Accepted mpg123 1.25.10-2 (source) into unstable (James Cowgill)
[2018-03-16] mpg123 1.25.10-1 MIGRATED to testing (Debian testing watch)
[2018-03-10] Accepted mpg123 1.25.10-1 (source) into unstable (Sebastian Ramacher)
[2017-12-09] mpg123 1.25.8-1 MIGRATED to testing (Debian testing watch)
[2017-12-03] Accepted mpg123 1.25.8-1 (source) into unstable (Sebastian Ramacher)
[2017-10-02] mpg123 1.25.7-1 MIGRATED to testing (Debian testing watch)
[2017-09-26] Accepted mpg123 1.25.7-1 (source) into unstable (Sebastian Ramacher)
[2017-08-17] mpg123 1.25.6-1 MIGRATED to testing (Debian testing watch)
[2017-08-12] Accepted mpg123 1.25.6-1 (source) into unstable (Sebastian Ramacher)
[2017-08-12] mpg123 1.25.4-1 MIGRATED to testing (Debian testing watch)
[2017-08-06] Accepted mpg123 1.25.4-1 (source) into unstable (Sebastian Ramacher)
[2017-07-29] mpg123 1.25.3-1 MIGRATED to testing (Debian testing watch)
[2017-07-23] Accepted mpg123 1.25.3-1 (source) into unstable (Sebastian Ramacher)
[2017-07-09] mpg123 1.25.1-1 MIGRATED to testing (Debian testing watch)
[2017-07-08] Accepted mpg123 1.14.4-1+deb7u2 (source amd64) into oldoldstable (Chris Lamb)
[2017-07-03] Accepted mpg123 1.25.1-1 (source) into unstable (Sebastian Ramacher)
[2017-06-23] mpg123 1.25.0-1 MIGRATED to testing (Debian testing watch)
[2017-06-18] Accepted mpg123 1.25.0-1 (source) into unstable (Sebastian Ramacher)
[2017-04-25] Accepted mpg123 1.24.0-1 (source) into experimental (Sebastian Ramacher)
[2016-10-15] Accepted mpg123 1.14.4-1+deb7u1 (source amd64) into oldstable (Jonas Meurer)
[2016-10-12] Accepted mpg123 1.20.1-2+deb8u1 (source) into proposed-updates->stable-new, proposed-updates (James Cowgill)
[2016-10-07] mpg123 1.23.8-1 MIGRATED to testing (Debian testing watch)
[2016-10-04] Accepted mpg123 1.23.8-1 (source amd64) into unstable, unstable (Sebastian Ramacher)

bugs [bug history graph]

all: 5
RC: 0
I&N: 2
M&W: 3
F&P: 0
patch: 0

links

homepage
lintian (0, 4)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.25.13-1
4 bugs