Your message dated Sat, 27 Jul 2019 08:39:28 +0000
with message-id <[email protected]>
and subject line Bug#933075: fixed in fig2dev 1:3.2.7a-7
has caused the Debian Bug report #933075,
regarding fig2dev: CVE-2019-14275
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
933075: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933075
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: fig2dev
Version: 1:3.2.7a-6
Severity: normal
Tags: security upstream
Forwarded: https://sourceforge.net/p/mcj/tickets/52/
Control: found -1 1:3.2.7a-5
Hi,
The following vulnerability was published for fig2dev.
CVE-2019-14275[0]:
| Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the
| calc_arrow function in bound.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-14275
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14275
[1] https://sourceforge.net/p/mcj/tickets/52/
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: fig2dev
Source-Version: 1:3.2.7a-7
We believe that the bug you reported is fixed in the latest version of
fig2dev, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Roland Rosenfeld <[email protected]> (supplier of updated fig2dev package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 27 Jul 2019 09:42:52 +0200
Source: fig2dev
Architecture: source
Version: 1:3.2.7a-7
Distribution: unstable
Urgency: medium
Maintainer: Roland Rosenfeld <[email protected]>
Changed-By: Roland Rosenfeld <[email protected]>
Closes: 933075
Changes:
fig2dev (1:3.2.7a-7) unstable; urgency=medium
.
* 40_circle_arrowhead: Do not segfault on circle/half circle arrowheads
with a magnification larger 42. This fixes CVE-2019-14275.
(Closes: #933075).
Checksums-Sha1:
d42809818f414aab43072875f47719a75803f936 2232 fig2dev_3.2.7a-7.dsc
170cf702816927298404a03ee053e8a27c022811 219824 fig2dev_3.2.7a-7.debian.tar.xz
65a7af3b0b8cf20c2b954e1563934cb4e2748dd2 8694 fig2dev_3.2.7a-7_source.buildinfo
Checksums-Sha256:
3d65fa20ae15e1d0ff0092f0df56cc94d72164a8743e33b4e216dfff092ac1f2 2232
fig2dev_3.2.7a-7.dsc
dd7d6d55ea82e6ddd04efd49fd8547b424f81da6d2e841e682e4ab8994b92e98 219824
fig2dev_3.2.7a-7.debian.tar.xz
1a105feed94e478c01bcb40046625dbc4b3bba1f6edbe1b04e0ded3b46ab2963 8694
fig2dev_3.2.7a-7_source.buildinfo
Files:
943a9d55d346b656f5aceb2aaa0ee901 2232 graphics optional fig2dev_3.2.7a-7.dsc
f33365bc3af98e8552e92a27bfb74cea 219824 graphics optional
fig2dev_3.2.7a-7.debian.tar.xz
90ce9e8c7a027489a91343d1a9a2e4ab 8694 graphics optional
fig2dev_3.2.7a-7_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEErC+9sQSUPYpEoCEdAnE7z8pUELIFAl08AMoACgkQAnE7z8pU
ELLn1g/+OEVVkS3aaUwXdaT7nsp68YjYKtvlL1zprHz+GyubIwt96YLD0sdkYGoB
iSkhnY45J3d3j5uNoBucTC/UyW28QTVlnzxq3B2gTxKn5oTp+ttptRc+E/x8QxWp
lLLsT22wEox2D8aJviPj0KcvozjSRo0kJ5ocR/YN5bK0uGzE47xt/vCgBOg1VIHi
xMUHKc+BPXKkjoWDUM9ZYkJzZuWTvcPuUEK6zzA1oOiuDLWbTvuvlCXy24AidHs+
yPiTTqaU9MyBVSrLOl2z1dUzqVjik1d/Cz3ngWFaBYoDZuvRHA9MJfgTHFtDzowk
/fJOgLiTA8k0wY+aBHqTUL+UrC4TFzhOQlOk7xFMG87LxVbCUru9VNFdJMKQCVwp
9Wt5twWoPxwreWmsn4D4WNTuxBrh7zYa9e7R+hCpXcKFelxurt6H/PsW1atsgxu7
UZDX5mcjhxuqPfTQEedm7qLt2ZTRtqO9GHgmWqrbABF+sTYTRdbTksUy7K3IE5ct
2FmVQiHJKILRh/M6T/jqjMMx1NBEuLqZyu8CkMqta8Uvc7hP11g4jkrJY0XV9NQk
vZ/Ox72Gb5xoIje5VgnLNgj/Lj8e3BY+Z55PnQXQRLxFyditH2Q/WcZG5LRu8jGd
uH8sq5/gXpb3kWHeK6uxQ1Ga2OPfpoK/x2zrv1WjIY8tLOVGcRk=
=7pQR
-----END PGP SIGNATURE-----
--- End Message ---
