Your message dated Wed, 21 Aug 2019 22:19:06 +0000
with message-id <[email protected]>
and subject line Bug#933075: fixed in fig2dev 1:3.2.6a-2+deb9u2
has caused the Debian Bug report #933075,
regarding fig2dev: CVE-2019-14275
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
933075: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933075
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: fig2dev
Version: 1:3.2.7a-6
Severity: normal
Tags: security upstream
Forwarded: https://sourceforge.net/p/mcj/tickets/52/
Control: found -1 1:3.2.7a-5
Hi,
The following vulnerability was published for fig2dev.
CVE-2019-14275[0]:
| Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the
| calc_arrow function in bound.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-14275
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14275
[1] https://sourceforge.net/p/mcj/tickets/52/
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: fig2dev
Source-Version: 1:3.2.6a-2+deb9u2
We believe that the bug you reported is fixed in the latest version of
fig2dev, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Roland Rosenfeld <[email protected]> (supplier of updated fig2dev package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 27 Jul 2019 10:22:45 +0200
Source: fig2dev
Architecture: source
Version: 1:3.2.6a-2+deb9u2
Distribution: stretch
Urgency: medium
Maintainer: Roland Rosenfeld <[email protected]>
Changed-By: Roland Rosenfeld <[email protected]>
Closes: 933075
Changes:
fig2dev (1:3.2.6a-2+deb9u2) stretch; urgency=medium
.
* 40_circle_arrowhead: Do not segfault on circle/half circle arrowheads
with a magnification larger 42. This fixes CVE-2019-14275.
(Closes: #933075).
* Adapt salsa CI pipeline to stretch release.
Checksums-Sha1:
bce64f4410f2f8162f972f3539b9c44605c2b402 2076 fig2dev_3.2.6a-2+deb9u2.dsc
e86aa904214cff5b165514c8114389ad32371662 210392
fig2dev_3.2.6a-2+deb9u2.debian.tar.xz
4d64ee46fbcb64197dfbd17fd272ae26740f07ce 8655
fig2dev_3.2.6a-2+deb9u2_source.buildinfo
Checksums-Sha256:
12d88ef4df4791b2bec58baae61cbf377358089d9c5ebe6cfbf247b9f0a6debe 2076
fig2dev_3.2.6a-2+deb9u2.dsc
ee7c674cc14da4654c84d165a51afcaca4994b9a08c4b3436d80187c9caac950 210392
fig2dev_3.2.6a-2+deb9u2.debian.tar.xz
2562f489df6be837e898749d1e44f751d4e07986b0bb5fcfe478093ab07a0415 8655
fig2dev_3.2.6a-2+deb9u2_source.buildinfo
Files:
6527d2e38a84a23e5fbb513e754afc96 2076 graphics optional
fig2dev_3.2.6a-2+deb9u2.dsc
aa083f9b2aaeb40f274f1b8b29675f48 210392 graphics optional
fig2dev_3.2.6a-2+deb9u2.debian.tar.xz
1c0e633c90e05a3b1581dc2404254825 8655 graphics optional
fig2dev_3.2.6a-2+deb9u2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEErC+9sQSUPYpEoCEdAnE7z8pUELIFAl08DdsACgkQAnE7z8pU
ELJI7BAAnIsl7WCIx8YIjF0tlbDbI6hfIOv/3p4fq3Yza0dd+7VUmGl5OjuJLhqr
BPj9yxDC0vwXcjQmlezlv0pZVRI+6BB1n+HcTcmMdwLNGql8fq/houhV82H4S4KT
VXnWNnbzRvDaIx7rMXtShX7emgKbt2o9IkRlMO7nHkxuhW4s4sjpzaQmFjSTTu+8
wQwK3uRFWpgBakBSxyfhzrgbKZn6iavXWq9YEh5E0kSw+4RP3SZVCOpItRmHq/s5
MLN5GOpo28mW+hAr+GK8kXFr93FzyzPle2ON2k7tRr4etcPh1DK48qPczaktpNkF
30DQCW6gfPq3q12huNKdYCYuB7rEEBnIz/6cSjwPUq5aiHjTcggA2tRZIDP8+rAy
Cio28bM67XvqmS6f811hxemOaJrqNDMTehIZ3acsGqTiN5LLRBKuKm7gq+m8v91r
t4BdZTU6DBPJ7NqIzyFqFNOsIzYQrfNmXfvtBKDQZsRDB6ml1pjDzn3MDfGBP476
vhfUBDYFG/jfCIWivTZZiM1GdhoxXNVnvOQp9gWu/Ht0hzFMBnJChQpAn2a11Ob4
vON/9v10fYg+AYm0BU9hQgERRMcz28r9iuqte3a+p3BWnX+SOZTMou/K3jSRUH37
AKr19x4cf0dqYARWNeo2gwJiFVxGvAZ2wnB/T6WOIEUOrnM1i6k=
=oWnD
-----END PGP SIGNATURE-----
--- End Message ---
