[Pkg-mpd-maintainers] mpd_0.24.12-1_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Mon Jun 1 22:18:59 BST 2026
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 01 Jun 2026 22:42:36 +0200
Source: mpd
Architecture: source
Version: 0.24.12-1
Distribution: unstable
Urgency: medium
Maintainer: mpd maintainers <pkg-mpd-maintainers at lists.alioth.debian.org>
Changed-By: Florian Schlichting <fsfs at debian.org>
Closes: 1138215
Changes:
mpd (0.24.12-1) unstable; urgency=medium
.
* New upstream version 0.24.12 (closes: #1138215)
+ fixes a stack buffer overflow vulnerability in the pcm_unpack_24be
function in src/pcm/Pack.cxx (CVE-2026-49127)
+ fixes a path traversal vulnerability in LocalStorage::MapFSOrThrow and
LocalStorage::MapUTF8 within the local storage plugin (CVE-2026-49128)
+ fixes a server-side request forgery vulnerability in CurlInputPlugin
(CVE-2026-49129)
+ fixes a CRLF injection vulnerability in the xspf_char_data function
within the XSPF playlist plugin (CVE-2026-49130)
* Add new files to d/copyright
* d/copyright: fix lintian warning about old FSF postal address
* Bump libcurl dependency to 7.85
* Declare compliance with Debian Policy 4.7.4
Checksums-Sha1:
a6fc0764d203483922e0a052ef10aff5f7906d97 3398 mpd_0.24.12-1.dsc
da342c8ed1ca0cc942aecacb1da5ed9b6bd790a6 1020148 mpd_0.24.12.orig.tar.xz
3b7b6d7f3405b6305e8f8192cf1171d4c6d344f2 833 mpd_0.24.12.orig.tar.xz.asc
306ed667e48e4ef30cd4713ff59f61de08318178 35836 mpd_0.24.12-1.debian.tar.xz
70a1082a3403b0b73e9d8c1fd8feaf28ef0e46ac 22115 mpd_0.24.12-1_amd64.buildinfo
Checksums-Sha256:
206c305bb32d801fb8e4087e596cf12b58ebf8ca6a478d02afedff64094648f9 3398 mpd_0.24.12-1.dsc
14223ca883c35fbf711994bcf745726cecc9d898e3d3964265cf3a2c7519a360 1020148 mpd_0.24.12.orig.tar.xz
554fdc41adba2a48406c7dbc449f2191ed851d5a082e80d42beef8860c492463 833 mpd_0.24.12.orig.tar.xz.asc
10f858970c37a11b44fe34ca34b841e4cf584b579fd647878ca5be34c3d7e804 35836 mpd_0.24.12-1.debian.tar.xz
807555946f6d81f0cd58e721d21bdfbd60d733759e0fc26f2281d2c0f9f47624 22115 mpd_0.24.12-1_amd64.buildinfo
Files:
35d7fcb66978f708bc49bfea475d6d13 3398 sound optional mpd_0.24.12-1.dsc
6c4a848e97661562fce3e20c72e6c678 1020148 sound optional mpd_0.24.12.orig.tar.xz
4c20414e8534a1d9071b19acf40d24a2 833 sound optional mpd_0.24.12.orig.tar.xz.asc
184877fd0d4ebff71445f7bbebed1dc7 35836 sound optional mpd_0.24.12-1.debian.tar.xz
26207999649769afc77bfdcf3de28a11 22115 sound optional mpd_0.24.12-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEMLI8i05qOwnqprZSEpc7bnLcB7UFAmod8hIACgkQEpc7bnLc
B7VE8w/7B+ig4rzATZ5vlMRtT5sVsd8w43NlBu+R00naAiKrBUdtqIuahd/0UzkP
S7nrpSo09aZhhhp+b3FcacTaHAG/kQrrBjzGrXvbV8NWLWGuJAVaCcoT7obebP/w
GMIahxJC8hfehjzmfx8X9Xd5nHCJxkvfBr9Bh9d1xAwMPUloYbttO1JqMuqEK+5c
Td7dsOxteVAlxyaEuZPASEVktrnyMPypzmABdp8Zyf75gxmMj88hOkotcGcKO0+2
VV5Oiy/c5L2/lMQG7dlzZuQAHbHvJqPRkSVYwf8CPtYCfob4HBpYb45bO+DOHfG2
IoVz6H+VhuwroWq9wNcXW4wdLfcCzyVKVmtM7+lA/9QE5PHw5EyNj1biWw+QC6q7
n7Jn9xOzmNSKHU0/LqZkQotxdJBVTLOJfXKXluIc4CDGD1KPwI9n4hQMAKZDhZC6
Tdtx4eRzekdr8ZRlBJ7BRIskhCYkESQaC/zpiuhJdrFnqotvNg7g4Veowwdi0Jms
5Z4e8nqB+KeGBmMX3F64IvHWRPEkGoxt/KV+hKLB5pyyOQgaJg9QzTfaJheJL0Zv
CeZVUiCiBHGY17oD8yBdhBzt6CIamT190cd1ncNRTM2GE3Q5QTG2KgUuiY65kVGO
n/f64M19MJQOYU+ZA9UVPoHEVP/fV0aQ+nDxFlXSDooAJ7jP2Hg=
=GuZd
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-mpd-maintainers/attachments/20260601/957ca48a/attachment.sig>
More information about the Pkg-mpd-maintainers
mailing list