Bug#614669: marked as done (CVE-2010-0433: Buffer overflow)

[Debian Bug Tracking System]

Your message dated Mon, 04 Jul 2011 19:50:26 +0000
with message-id <e1qdpa2-00073j...@franck.debian.org>
and subject line Bug#614669: fixed in vftool 2.0alpha-4.1
has caused the Debian Bug report #614669,
regarding CVE-2010-0433: Buffer overflow
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
614669: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614669
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: vftool
Severity: grave
Tags: security

Please see https://bugzilla.gnome.org/show_bug.cgi?id=640923
for details and a patch. (While this bug is for evince, it
also applies to vftool).

Cheers,
        Moritz

-- System Information:
Debian Release: 6.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.37-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---

--- Begin Message ---

Source: vftool
Source-Version: 2.0alpha-4.1

We believe that the bug you reported is fixed in the latest version of
vftool, which is due to be installed in the Debian FTP archive:

vftool_2.0alpha-4.1.diff.gz
  to main/v/vftool/vftool_2.0alpha-4.1.diff.gz
vftool_2.0alpha-4.1.dsc
  to main/v/vftool/vftool_2.0alpha-4.1.dsc
vftool_2.0alpha-4.1_amd64.deb
  to main/v/vftool/vftool_2.0alpha-4.1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 614...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jonathan Wiltshire <j...@debian.org> (supplier of updated vftool package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 29 Jun 2011 23:06:32 +0100
Source: vftool
Binary: vftool
Architecture: source amd64
Version: 2.0alpha-4.1
Distribution: unstable
Urgency: medium
Maintainer: Atsuhito KOHDA <ko...@debian.org>
Changed-By: Jonathan Wiltshire <j...@debian.org>
Description: 
 vftool     - a tool to generate VF files for dvi2ps/dvi2dvi
Closes: 614669
Changes: 
 vftool (2.0alpha-4.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * debian/patch-3:
     - fix CVE-2011-0433, a buffer overflow in linetoken() in parseAFM.c
     Closes: #614669
Checksums-Sha1: 
 a0f8a251926d4d89485a6b235038992b3726b6c4 1598 vftool_2.0alpha-4.1.dsc
 7d52d9e349f230e6816a3345b99488b5c353285d 4826 vftool_2.0alpha-4.1.diff.gz
 5be692f4993e0b401bd5600799addf1c2bd23129 45988 vftool_2.0alpha-4.1_amd64.deb
Checksums-Sha256: 
 926555ae2dbc5e69dc4889009b3db689bdb607a48c07d5e05ad52472032942bb 1598 
vftool_2.0alpha-4.1.dsc
 f48ccf0a52be5c7e6b3344537f10a2e98243d81b2af8998b6d86822f426f038a 4826 
vftool_2.0alpha-4.1.diff.gz
 eebc14f1e50987be68bf859361ad09fadab28d1cee8bc7836fdbcf6111eb1361 45988 
vftool_2.0alpha-4.1_amd64.deb
Files: 
 27a5d9d6a37481118a580d732df0ff07 1598 tex optional vftool_2.0alpha-4.1.dsc
 36128e45213c44b9c1eaf9f6a44daad5 4826 tex optional vftool_2.0alpha-4.1.diff.gz
 c0c6fc9584ce6c95e51bc6013cc3b422 45988 tex optional 
vftool_2.0alpha-4.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJOC6VjAAoJEFOUR53TUkxRv4EP/Aw26kYo2bhv7nm92C+/SOU5
CBLwE3QELSmtwMLkRn+16LiJbecXXh1x28zzwwOuZ9Xtdj2pY3rqzFDvg33HbMyv
lVYzsZbEVk8ABfWom9t7GCHiOrqG1+V+CCHWXK0BTV+3Zq/heldp2m1D3o0dHV2i
dx1V5BiAbTq3NTJbiYFnL8XQByedYXp2A8Cp+ORecO79d1ZBtQn9CrDih+mnF+zf
ou7bUuIf+tAkXR1ge0S77v9+nhNxd8RlNDIBGN2wqyRZWuyTwidJCZwBy2RXJLOj
XicP7WIaYRhcQGUVhd7h/+QO8eSmRzgXR47Pwo+XoqYcSyJyIRqRkO4TkNzQ1NtO
EGl9J9pzIr2gZbn3ke+V7WmjjcZwzPtVfRatQ8Skw1lPAEOJlTOldRPgiH0+KR00
29hx/fcDDxAXnKDZ19n6YSqFcPwGQt7qWpOWpGeHyeDu3+sWSJlPBMqWldTxm5qG
nAiDcXign+umyfjkm+Y9anYB+YOIxOqrD0WHtuHVvk1a+g6JO8ilxYonZHzuSgqq
S1vv9N968ZvVM7rbP6GOGeWd6xtsyuMCeSeG8QCWwFpkxcCdYdFu3n8NgLJKV3Ax
4k2Z72Z/LUCR0PxQiOQg4XTbSNXii4+CRJN9YfxdTTPFfWOyzQ/G3m06uS670JnM
10elTIyzn7bP1caH5ruV
=3omA
-----END PGP SIGNATURE-----

--- End Message ---