Your message dated Wed, 21 Aug 2019 21:32:10 +0000
with message-id <[email protected]>
and subject line Bug#933075: fixed in fig2dev 1:3.2.7a-5+deb10u1
has caused the Debian Bug report #933075,
regarding fig2dev: CVE-2019-14275
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
933075: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933075
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: fig2dev
Version: 1:3.2.7a-6
Severity: normal
Tags: security upstream
Forwarded: https://sourceforge.net/p/mcj/tickets/52/
Control: found -1 1:3.2.7a-5
Hi,
The following vulnerability was published for fig2dev.
CVE-2019-14275[0]:
| Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the
| calc_arrow function in bound.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-14275
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14275
[1] https://sourceforge.net/p/mcj/tickets/52/
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: fig2dev
Source-Version: 1:3.2.7a-5+deb10u1
We believe that the bug you reported is fixed in the latest version of
fig2dev, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Roland Rosenfeld <[email protected]> (supplier of updated fig2dev package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 27 Jul 2019 09:51:53 +0200
Source: fig2dev
Architecture: source
Version: 1:3.2.7a-5+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Roland Rosenfeld <[email protected]>
Changed-By: Roland Rosenfeld <[email protected]>
Closes: 933075
Changes:
fig2dev (1:3.2.7a-5+deb10u1) buster; urgency=medium
.
* 40_circle_arrowhead: Do not segfault on circle/half circle arrowheads
with a magnification larger 42. This fixes CVE-2019-14275.
(Closes: #933075).
* Adapt salsa CI pipeline to buster release.
Checksums-Sha1:
194a419c88deb63f49cb48519f482af8fd591f51 2264 fig2dev_3.2.7a-5+deb10u1.dsc
43a7f7fa6565a558e340dc2d3009a0bbdc3b3327 219412
fig2dev_3.2.7a-5+deb10u1.debian.tar.xz
8e69955536dc7f06c527127c1b60b3d92739079f 8726
fig2dev_3.2.7a-5+deb10u1_source.buildinfo
Checksums-Sha256:
352b9283c20ced4d64833a3a0bcbb3469a7b73d95ef9c9d05c8591682413404c 2264
fig2dev_3.2.7a-5+deb10u1.dsc
fb5347b70e0d5829f2caf2cede45859312589a129ee7af6256bd229048592c48 219412
fig2dev_3.2.7a-5+deb10u1.debian.tar.xz
f922ffbbfa2386be9726f036c7121d0b68446004d0f514ef68f2e26c06f009d8 8726
fig2dev_3.2.7a-5+deb10u1_source.buildinfo
Files:
e2553f8dc439eb5967353afe8272a4a8 2264 graphics optional
fig2dev_3.2.7a-5+deb10u1.dsc
441cabdbf8361148a7bcfc2fdcd70a49 219412 graphics optional
fig2dev_3.2.7a-5+deb10u1.debian.tar.xz
8c3d0365c91a4ffc82b96ad0a02314c0 8726 graphics optional
fig2dev_3.2.7a-5+deb10u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEErC+9sQSUPYpEoCEdAnE7z8pUELIFAl1dBAoACgkQAnE7z8pU
ELKhjg/+L6l4+mJxbgxVqls28BrwHIVU3Ri9lZy3ocXRQ1inUJqrM8QH0yoS4FVg
tyhY+FctEjbsYLuCtjc3Yw3cchoQUWgX6eS95T29ZqdfRZIao5cOWG5W0aKO5M/1
ZEUC1Ubmpr1G/CcgpCdgTN3Dmm6LyKI5xlsll7NmTjA4saQAhGSXxZmh4ksqs1Nv
OoLAqc6DrSkAU5ffuuNxQ0GqvOJPL/vtaGOAXG9HdPVD0hwPbnRnLqVd2r86djGR
Afx6HmrIs0XuXpxUxrF7/N2FHKZxCRyKVgaU+ZPFg8DRx3wcbhi3tmry/Y0jacim
7SE5Pu7aKQP+Icy2vrpRaUNbRWUXKb/1e//hkGJCNgPC7JGGMUtKbAbbb3afTvPd
vzCA0bjyEv5a8mT7bzK1LVXtS8CJlAtjJTnBYM8I0uE6jxCI1AS+m9/Qu/LOW/pC
vpcsZN/ZVbCGU+K4piSCxui9tOZqMZ1DsvNN/yvPRIyd3rj8ubVd3Cd+Iq2EA/14
SJfKBhJVLmIBMgT50mvVFmKwZKRBg6D3RTdp06xd4HGFQ5HjumSuwNKjY153Iv3F
2wG0p1UHMtCEM4gQVz6kNWY3aL82k6zGIZoUYR8Dv5nimFnCCDf94x9Zi41ppwv9
bdamch4BGBzo+yFslDSyqQ5X0H8/z7MqcC7AFfTB2ItNt7yWseE=
=tOtW
-----END PGP SIGNATURE-----
--- End Message ---
