Your message dated Sat, 29 Apr 2017 19:48:41 +0000 with message-id <e1d4ymd-0008qi...@fasolo.debian.org> and subject line Bug#861308: fixed in freetype 2.6.3-3.2 has caused the Debian Bug report #861308, regarding freetype: CVE-2017-8287: out-of-bounds write via t1_builder_close_contour function to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 861308: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861308 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: freetype Version: 2.5.2-3 Severity: grave Tags: upstream security patch Justification: user security hole Hi, the following vulnerability was published for freetype. CVE-2017-8287[0]: | FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a | heap-based buffer overflow related to the t1_builder_close_contour | function in psaux/psobjs.c. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-8287 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287 [1] http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: freetype Source-Version: 2.6.3-3.2 We believe that the bug you reported is fixed in the latest version of freetype, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 861...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated freetype package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 27 Apr 2017 20:57:40 +0200 Source: freetype Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb Architecture: source Version: 2.6.3-3.2 Distribution: unstable Urgency: high Maintainer: Steve Langasek <vor...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 861220 861308 Description: freetype2-demos - FreeType 2 demonstration programs libfreetype6 - FreeType 2 font engine, shared library files libfreetype6-dev - FreeType 2 font engine, development files libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb) Changes: freetype (2.6.3-3.2) unstable; urgency=high . * Non-maintainer upload. * Better protect `flex' handling (CVE-2017-8105) (Closes: #861220) * t1_builder_close_contour: Add safety guard (CVE-2017-8287) (Closes: #861308) Package-Type: udeb Checksums-Sha1: c8672f631d38b6684af53448469240937cd3c6cf 2292 freetype_2.6.3-3.2.dsc 96981e12e9c1a00a6d0e8d31bdd7a26e48115e46 40027 freetype_2.6.3-3.2.diff.gz Checksums-Sha256: 631d4fa321885bb0b950abc4061eb1a720fd249a14b940e4aa10dd78ce2a19b2 2292 freetype_2.6.3-3.2.dsc ca45f666d5bf5bcdadbff72f0c8d7335c36e2174e9fd07ef658a9def6eac6aff 40027 freetype_2.6.3-3.2.diff.gz Files: 5b21bc1915de5c9d4239217ff6af1b27 2292 libs optional freetype_2.6.3-3.2.dsc 09486b0596d13e5dc0a296601a5bdef1 40027 libs optional freetype_2.6.3-3.2.diff.gz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlkCRWRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EahQP/3otwdThLFp3kLGgi7O81lZ7lKRUCugK pv6mukeKWrZt4H0AAUKYoW6YMQI3oLNVDqIop2Kmd0D49NlPABKI2OwkRsxwM9Tp hS56v3j+vg1biqmZbyXMPLpTOtu8zco9wu2ez3ICMY7qlWwSEUQlfHktia/gXYpz Kul5TwfagTlJ37lFdpF6MgJh0KT8IECC3FrVqavL6SGjSmhAZUDK1Ho3tax3zJ2+ aBk31RKYoTzPSIfAQYMOyZufrTczetHUx17+yCYypF2RMyXIeomDFQu2Z6oPIQqW M2S6CLWN3iUAyj8T2QCxvfdiptAcblSkCSsyewckmjdz3bc3L4pyD5Thi1wYpPWJ 3trYFhugz+4gs0iDi+/M/jjaxn9SuPL4fYRFM+bu+T8qFXBLLWdjUvck7sE/iNw1 Kicn9ZHapgvJjBVI4a31yjYyMNLVVh24XOjJesN1Qoiqs+b3ngSL4laOaEpmkVtQ APXy8yyoH0IUgCAnuDywBQZX0jS9k3o/q29gLi/ZjDvkQFxBoTIMd/0zyZ0QcyU8 ouw1K3xzCyzxH6uElv3yEW/IPk6gJwIDHNuqhLFBOl7QApaZ8FIqspohDqhjKu4F HrhOJ9WGWFGvsQq24DGORVqoadYpbwzp0ks8Yc1NtbPSJRbtnb/r+RlSfu39SzF3 8qa3XZ2IDzwL =9hJI -----END PGP SIGNATURE-----
--- End Message ---
