Your message dated Sat, 29 Apr 2017 13:32:08 +0000 with message-id <e1d4sto-000ala...@fasolo.debian.org> and subject line Bug#861220: fixed in freetype 2.5.2-3+deb8u2 has caused the Debian Bug report #861220, regarding freetype: CVE-2017-8105 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 861220: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861220 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: freetype Version: 2.5.2-3 Severity: important Tags: upstream patch security Hi, the following vulnerability was published for freetype. CVE-2017-8105[0]: | FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a | heap-based buffer overflow related to the t1_decoder_parse_charstrings | function in psaux/t1decode.c. It is fixed by the upstream commit [1]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-8105 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105 [1] http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: freetype Source-Version: 2.5.2-3+deb8u2 We believe that the bug you reported is fixed in the latest version of freetype, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 861...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated freetype package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 27 Apr 2017 12:05:02 +0200 Source: freetype Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb Architecture: source Version: 2.5.2-3+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Steve Langasek <vor...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 856971 861220 861308 Description: freetype2-demos - FreeType 2 demonstration programs libfreetype6 - FreeType 2 font engine, shared library files libfreetype6-dev - FreeType 2 font engine, development files libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb) Changes: freetype (2.5.2-3+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. . [ Moritz Mühlenhoff ] * CVE-2016-10244 (Closes: #856971) . [ Salvatore Bonaccorso ] * [psaux] Better protect `flex' handling (CVE-2017-8105) (Closes: #861220) * t1_builder_close_contour: Add safety guard (CVE-2017-8287) (Closes: #861308) Package-Type: udeb Checksums-Sha1: ab498f8ec8aab60d331b85c5ce9897209e4dc93f 2283 freetype_2.5.2-3+deb8u2.dsc 0ae3785e031a0d46e430ab42ee2eaf4a7091c3a5 70170 freetype_2.5.2-3+deb8u2.diff.gz Checksums-Sha256: e63b0cc18482fe5971880271c2dbacd6957288608fef8c40fe127db79a9008dd 2283 freetype_2.5.2-3+deb8u2.dsc 0247f57efcb83b208fc1967520a53ecf21c5aca9ee2c433238914622e6938259 70170 freetype_2.5.2-3+deb8u2.diff.gz Files: 0282d8e1dd99197f4b9b1023f92cec6d 2283 libs optional freetype_2.5.2-3+deb8u2.dsc 7ff276dc4d6efbb47ad1d6bcd7787679 70170 libs optional freetype_2.5.2-3+deb8u2.diff.gz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlkB2O9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EFF4P/jeyi0TXZIS3iw/6ftsRd97XqWeZ4G+/ PuRgw8Cwdo4uGpv0rI9EmJtBcInNSnmixiQEEo6SuiVJ9t8sWPSBadASQGr3WHSJ wvdt0RujodUJy+c1o3Q/pEqmIwPr68B1p5b8oAEJol1nemvVssxCPZzsdp0fEWBS HpEk52pR4c4EBStipJrPcEcfXfruAHmFRxvzLxQmi1SAEt2ldGEMVaj4MvDu8Ky5 Rm70pTd8sSSV+qk2r59Cwv21DheMTDaWT7Vh6+9yu7E+UXuG7X2Ns0UcgZqpSLCj sgyyIHpK26duZzCdOBni3V9BIe0JLlET+yR9kqBBAY1kXKZRX3bXOZQN6x1rjBjS tx8vh4QxH7h+c+OC5xEJK+7Umi+L8TMIC+eHL0ZjlZXBBQ4lAC2FJpva4Cc9YqFN CXBM/vbIEaBGCcKr3nUFaruRZNAlomHVxlo7E/OkfdzXerYrAcO0aLNg1RzEmVgG +gzHvq3wFceZf0i1Qf3vKn1tMauFMjUgJFlpAYdk/9+sa/tA4pjdFU2Lm4+/ED8W PE+L2dPqEhsvmx4YinhhYr4cNBb1NDc9q1zJe/oLTH5c6t4PNB6gSjHjE6xsgnm5 Ll6vch2fCYHZuldr+rM+sV6eER4ArnGbKZ1Tl7xH2eR4sfe39qUAjPrP5OXw8oUj oscqQJ72WLIW =BlJJ -----END PGP SIGNATURE-----
--- End Message ---
