Your message dated Tue, 16 Aug 2016 22:32:11 +0000 with message-id <e1bzmu3-0002zx...@franck.debian.org> and subject line Bug#833570: fixed in fontconfig 2.11.0-6.3+deb8u1 has caused the Debian Bug report #833570, regarding fontconfig: CVE-2016-5384: possible double free due to insufficiently validated cache files to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 833570: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833570 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: fontconfig Version: 2.11.0-6.3 Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for fontconfig. CVE-2016-5384[0]: possible double free due to insufficiently validated cache files If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-5384 [1] https://cgit.freedesktop.org/fontconfig/commit/?id=7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: fontconfig Source-Version: 2.11.0-6.3+deb8u1 We believe that the bug you reported is fixed in the latest version of fontconfig, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 833...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated fontconfig package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 06 Aug 2016 10:15:01 +0200 Source: fontconfig Binary: fontconfig fontconfig-config fontconfig-udeb libfontconfig1-dev libfontconfig1 libfontconfig1-dbg Architecture: all source Version: 2.11.0-6.3+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Keith Packard <kei...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 833570 Description: fontconfig - generic font configuration library - support binaries fontconfig-config - generic font configuration library - configuration fontconfig-udeb - generic font configuration library - minimal runtime (udeb) libfontconfig1 - generic font configuration library - runtime libfontconfig1-dbg - generic font configuration library - debugging symbols libfontconfig1-dev - generic font configuration library - development Changes: fontconfig (2.11.0-6.3+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2016-5384: Possible double free due to insufficiently validated cache files (Closes: #833570) Package-Type: udeb Checksums-Sha1: 12acc3d083ca9312827b49f610a19646b95d28c2 2235 fontconfig_2.11.0-6.3+deb8u1.dsc 3a3edfe295f508c070d41a0444ef8ab5e3b4b675 319652 fontconfig_2.11.0.orig.tar.xz 5a9648edfdbef78b333403358869c29ec79a30a4 1073796 fontconfig_2.11.0-6.3+deb8u1.debian.tar.xz 9c6a6c01b3521f481edc7caf198399d2b4571dbb 273876 fontconfig-config_2.11.0-6.3+deb8u1_all.deb Checksums-Sha256: c496170e75ece48a19c5b60745eef5522b62ae1a817c23125ebd9745bc255fcd 2235 fontconfig_2.11.0-6.3+deb8u1.dsc f19c7366d59dc4e79eaf3eedabd44b6375b238f29316db5020a183c7d9a78db9 319652 fontconfig_2.11.0.orig.tar.xz a8140c4576a2c43614930e8a307966018551ae71ad448af5f75faf4f47f70173 1073796 fontconfig_2.11.0-6.3+deb8u1.debian.tar.xz f7963c0338fd031101f3f684a4e37306eefcd05094220947dd9cb7388a2fe85f 273876 fontconfig-config_2.11.0-6.3+deb8u1_all.deb Files: 923f59ffab4662dc3b41182cc860d2ed 2235 fonts optional fontconfig_2.11.0-6.3+deb8u1.dsc cd76258284e900d05951e42c07db1b69 319652 fonts optional fontconfig_2.11.0.orig.tar.xz 09cc0e152a9d59570f93e0873bf04bbc 1073796 fonts optional fontconfig_2.11.0-6.3+deb8u1.debian.tar.xz ec38a9f319d9110d827560f11b14b244 273876 fonts optional fontconfig-config_2.11.0-6.3+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJXpZ4vAAoJEAVMuPMTQ89EdMAP/0+6gyic/og7mJ2+fjn/E9kX jMzXPiwtdWWngresX/jEhZMMcgiUXHBKpk5jmFS6kb4cYQllPWRg+dP7oRoeiLKC FaFMp+0pHtzWEEf8/Pp3iiU/eDp17ntWZGuFmWaIqD0z6HywN3IBYaZ2jJU5YGgN owdxjNC5y/tHj20DH1mK1KMLELrWrS6sQP6CIjuwKZRZ0TV7nxKukKt7NDRTuQqU zh2VluNwcch22jGijj+Myln/i2OsraWBSG9j3kro1DwELuEyyfnIu8rN4EA+weBS HHCVAr6MAJlEg4VFRPL6j51LtOpj0zZk7ibSR3BK8t11L0xDzv7+CglkoDK5TmTo KgeOvB7NI07zJ3ov+IvnDh9Atna7TqA/z/d5IjkBPknmsphxq534jeza7sisaSkv 3EbhiPDrMx1oeXb7w2iURBufSpUwQBQtbC37F8IHc6XTkd+iQCcngNKlhWjR3Es0 jMYq3yyWJqg9eFRkIb3JJgFIymNE5nw6XLliootppXnan9wa7UJ2BDAsGqsBX/rm 1nrOgt5yx0o6eq+mMCe3aiIcPDZ0K/i9MPcGZXno9j8dtuTFO/sMIeGAhstBiX5F gq9NTqUDAvNjWlpmI1I0w23bMAVBVvvnQpoh01KdgdQFD+KY8mMIyRdk7bgd+yYz CYEHI0fJ6GkrmzXe2sBq =1q9b -----END PGP SIGNATURE-----
--- End Message ---
