Bug#614669: marked as done (CVE-2010-0433: Buffer overflow)

[Debian Bug Tracking System]

Your message dated Tue, 05 Jul 2011 07:54:41 +0000
with message-id <e1qe0sv-0005ph...@franck.debian.org>
and subject line Bug#614669: fixed in vftool 2.0alpha-3+lenny1
has caused the Debian Bug report #614669,
regarding CVE-2010-0433: Buffer overflow
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
614669: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614669
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: vftool
Severity: grave
Tags: security

Please see https://bugzilla.gnome.org/show_bug.cgi?id=640923
for details and a patch. (While this bug is for evince, it
also applies to vftool).

Cheers,
        Moritz

-- System Information:
Debian Release: 6.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.37-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---

--- Begin Message ---

Source: vftool
Source-Version: 2.0alpha-3+lenny1

We believe that the bug you reported is fixed in the latest version of
vftool, which is due to be installed in the Debian FTP archive:

vftool_2.0alpha-3+lenny1.diff.gz
  to main/v/vftool/vftool_2.0alpha-3+lenny1.diff.gz
vftool_2.0alpha-3+lenny1.dsc
  to main/v/vftool/vftool_2.0alpha-3+lenny1.dsc
vftool_2.0alpha-3+lenny1_amd64.deb
  to main/v/vftool/vftool_2.0alpha-3+lenny1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 614...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jonathan Wiltshire <j...@debian.org> (supplier of updated vftool package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 29 Jun 2011 23:06:32 +0100
Source: vftool
Binary: vftool
Architecture: source amd64
Version: 2.0alpha-3+lenny1
Distribution: oldstable
Urgency: medium
Maintainer: Atsuhito KOHDA <ko...@debian.org>
Changed-By: Jonathan Wiltshire <j...@debian.org>
Description: 
 vftool     - a tool to generate VF files for dvi2ps/dvi2dvi
Closes: 614669
Changes: 
 vftool (2.0alpha-3+lenny1) oldstable; urgency=medium
 .
   * Non-maintainer upload.
   * debian/patch-3:
     - fix CVE-2011-0433, a buffer overflow in linetoken() in parseAFM.c
     Closes: #614669
Checksums-Sha1: 
 f77cced9a1ad1894cdb0a0aa371781618f3dd901 1622 vftool_2.0alpha-3+lenny1.dsc
 ac9644cee42cdfbfe94a22de43b97bdce512e3d0 4449 vftool_2.0alpha-3+lenny1.diff.gz
 58ed28b113a70aa2de2a504bd158e86059d16f77 45876 
vftool_2.0alpha-3+lenny1_amd64.deb
Checksums-Sha256: 
 448fa0d91ed0e5bfc483453cb11f4f59012f2427cb0728860708d61c494e6692 1622 
vftool_2.0alpha-3+lenny1.dsc
 af8f385cbb8da6150c9cf8430ae4e01072ea616b9727db2c51e4a50e2bfc4e38 4449 
vftool_2.0alpha-3+lenny1.diff.gz
 3be495a5d7e49bac5596b7ef230fe772d4de3fa1d485c2feb1e258c27fc6769a 45876 
vftool_2.0alpha-3+lenny1_amd64.deb
Files: 
 1395f519b0244b851e7308c34d5bf83d 1622 tex optional vftool_2.0alpha-3+lenny1.dsc
 a587b6603e15e273d9b9d16302d08b35 4449 tex optional 
vftool_2.0alpha-3+lenny1.diff.gz
 0a111f5e6bafa1377f97e72816531c5b 45876 tex optional 
vftool_2.0alpha-3+lenny1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJOEjQIAAoJEFOUR53TUkxRkqkP/2kpyVdEJo+eW1ATzCu1gssx
76XF3Bh7UN78nEqAtRztlid3q59bJQpSat6uQe8Jc1jujoiz+zic9aJ9ZodDcUmc
EWleev9CwGg5dou954jnlab6ssscMp8GXE+WO5B50R9DhCrpxg5W6352xd7CtSF0
7EOREaQPLM0wcvsxUjbHjBltIWOINYu6eqYI35JgWWZWNkxlyUwXalHIw0t1R8+D
e49DtZGn23zE+VIv+WL8bBfrW35sZd/9MwOyeJDOwQkdMeBCzhSvnyZ+vwxzQxXR
3fECOcvx27UqvgrkJjS9f0e4Y7hiqMPN4dunmBA2AfwhRyog/yoMTw5O9Kwc+96C
h1UVxsjHHxKHe1lve66zzMBOsVE7HLM1oV3tG9dym7yeLAjMXEg3JWH6vPi8FkAP
Ry3KDwH7sQC5CkIxEymifpKFaytTt2kUyK6PurWlU71pIBlDDqPLiDRwfJ3F7Sd7
VCTK+MtIKJkoSLlL/SQ0PrfqLTS21X4FgV4lx1MQJjyw8tZZLyEY8z61eK627HTo
V0N36/GvbROsm7sZhTfO+9RWWbj9rPj6DInDRKOHXzMzI46jlMqjKXJePRozsaf/
lQnBPMpvVHqbbvLwFHYSh22s78yxknbN6TGeDYWAeZkRQt3TuizcbrUR/0jpsurL
D4VR3kCjYbmnwQkWyCA6
=1yCS
-----END PGP SIGNATURE-----

--- End Message ---