Your message dated Sun, 07 Aug 2016 06:03:38 +0000 with message-id <e1bwhbs-0006bu...@franck.debian.org> and subject line Bug#833570: fixed in fontconfig 2.11.0-6.5 has caused the Debian Bug report #833570, regarding fontconfig: CVE-2016-5384: possible double free due to insufficiently validated cache files to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 833570: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833570 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: fontconfig Version: 2.11.0-6.3 Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for fontconfig. CVE-2016-5384[0]: possible double free due to insufficiently validated cache files If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-5384 [1] https://cgit.freedesktop.org/fontconfig/commit/?id=7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: fontconfig Source-Version: 2.11.0-6.5 We believe that the bug you reported is fixed in the latest version of fontconfig, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 833...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated fontconfig package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 06 Aug 2016 10:24:50 +0200 Source: fontconfig Binary: fontconfig fontconfig-config fontconfig-udeb libfontconfig1-dev libfontconfig1 libfontconfig1-dbg Architecture: all source Version: 2.11.0-6.5 Distribution: unstable Urgency: high Maintainer: Keith Packard <kei...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 833570 Description: fontconfig - generic font configuration library - support binaries fontconfig-config - generic font configuration library - configuration fontconfig-udeb - generic font configuration library - minimal runtime (udeb) libfontconfig1 - generic font configuration library - runtime libfontconfig1-dbg - generic font configuration library - debugging symbols libfontconfig1-dev - generic font configuration library - development Changes: fontconfig (2.11.0-6.5) unstable; urgency=high . * Non-maintainer upload. * CVE-2016-5384: Possible double free due to insufficiently validated cache files (Closes: #833570) Package-Type: udeb Checksums-Sha1: e0df2e97cec01994160b2fdc12056c1586cb6c73 2180 fontconfig_2.11.0-6.5.dsc a2448565e5450d9f9534be525c6b04cd1fac39d6 1074160 fontconfig_2.11.0-6.5.debian.tar.xz 1a42d41f9077ad5730534847c63cf78e540f95e7 271034 fontconfig-config_2.11.0-6.5_all.deb Checksums-Sha256: a16c1cab872522871c0540f9b28fac5a257735665c580e85baea9419851c29ca 2180 fontconfig_2.11.0-6.5.dsc 2e3b04bda15eb8b6f803de2333e1ec993e43a8857a4fdfff6fcc0e99318e5ed7 1074160 fontconfig_2.11.0-6.5.debian.tar.xz 69ccaed58be72ba10d3ee0b331675db898a8bc55a2c4b1c7fedea11a3ee53d6c 271034 fontconfig-config_2.11.0-6.5_all.deb Files: c5eefe1cc1d1d6c9475abcd6ca95a511 2180 fonts optional fontconfig_2.11.0-6.5.dsc 03a839b5b8f3863031b199fd6e182cfa 1074160 fonts optional fontconfig_2.11.0-6.5.debian.tar.xz 67da2431c38d642416563c33e925c23e 271034 fonts optional fontconfig-config_2.11.0-6.5_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJXpaFnAAoJEAVMuPMTQ89EZvUP/iZ12t+fZfxWWsV0AU2LQVdt wzwc+Cw4DFWCOfiqM8Gr2/t905aypD77OXgVyq3FjY36jboSFs4BDBZdKdpTJyxX vXghcN9BuZTYMmpmteXlgffTd+FOPWLkCGGf27+ZIODA3oqoSb6a1put0RoJBWeS zJSL6q+H16c8jCTYF8R31fM4XJG4ZroQaf+FqtLXJBlOGVRjCBxLODlwkfA5XdpE X8a7sWC0RqFjdXCj1Uu3IA/VIM6lu7B9ENqBa9t8dJQpTr8vze/3TRb9P9LkBSSa SjaYHpzBTwz+/mNOedHxXQu8PvKb+qhBhWJyE/rRcMk0ecxmneqetdNJKfb0TMta lBEmRi4YQ9Xc3OiVdh6fu4llf27yUibfmr0ldMfEVUXtmR3ToeQxHXN4pzeJLs3O Ux2pTlWWpTIGU3pTfjw0rFUKYTIC1KvVI/G5QSWyx/CPc+1U/wfmr/YtK3SqrN0m 2UW4ctuAICvX31Ah8rkCTYoFy23EbISFf+Zmua3611Ros2Bx3A0Js9ulOKj8rPvd QVZ3rhKY5C6vx9MpmPZ+CPKfSfN8bqDBcTIKHn6PfHuFjjucFxeDoc2E+XwFffu/ zcD89ShVVLwh8P69d8Ya3YJcB5EWMURr1LYzjwSkndH7dYzeQCWP1gt48xnQNyGa 8k91AmTgP22rKyQO5A7F =5RO1 -----END PGP SIGNATURE-----
--- End Message ---
