On Sat, Aug 13, 2016 at 10:33:32AM +0200, Julien Cristau wrote:
> Control: tag -1 moreinfo
> 
> On Thu, Jun 30, 2016 at 22:19:11 +0200, Moritz Muehlenhoff wrote:
> 
> > Package: release.debian.org
> > Severity: normal
> > Tags: jessie
> > User: release.debian....@packages.debian.org
> > Usertags: pu
> > 
> > Attached debdiff fixes a non-severe security issue in harfbuzz.
> > I've been using that for a few weeks on my jessie desktop.
> > 
> > Cheers,
> >         Moritz
> > 
> > diff -Nru harfbuzz-0.9.35/debian/changelog harfbuzz-0.9.35/debian/changelog
> > --- harfbuzz-0.9.35/debian/changelog        2014-10-30 13:58:05.000000000 
> > +0100
> > +++ harfbuzz-0.9.35/debian/changelog        2016-05-30 23:50:45.000000000 
> > +0200
> > @@ -1,3 +1,10 @@
> > +harfbuzz (0.9.35-2+deb8u1) jessie; urgency=medium
> > +
> > +  * Backport upstream commit 613e630617074eb9b62b794cc37c9b42a7fb079b to 
> > address
> > +    CVE-2016-2052
> > +
> > + -- Moritz Mühlenhoff <j...@debian.org>  Mon, 30 May 2016 23:49:46 +0200
> > +
> >  harfbuzz (0.9.35-2) unstable; urgency=medium
> >  
> >    * debain/clean: Remove test/shaping/*.pyc during clean
> 
> According to https://bugzilla.redhat.com/show_bug.cgi?id=1301553#c6
> CVE-2016-2052 is linked to a different commit, can you clarify?

Hmm, there seems to have been some reshuffling of CVE mappings, also another
minor issue came up. I'll revise.

Cheers,
        Moritz

Reply via email to