Your message dated Mon, 06 Jan 2020 21:34:35 +0000
with message-id <[email protected]>
and subject line Bug#946628: fixed in fig2dev 1:3.2.7b-3
has caused the Debian Bug report #946628,
regarding fig2dev: CVE-2019-19746
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
946628: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946628
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: fig2dev
Version: 1:3.2.7b-2
Severity: normal
Tags: security upstream
Forwarded: https://sourceforge.net/p/mcj/tickets/57/
Hi,
The following vulnerability was published for fig2dev.
CVE-2019-19746[0]:
| make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation
| fault and out-of-bounds write because of an integer overflow via a
| large arrow type.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-19746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19746
[1] https://sourceforge.net/p/mcj/tickets/57/
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: fig2dev
Source-Version: 1:3.2.7b-3
We believe that the bug you reported is fixed in the latest version of
fig2dev, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Roland Rosenfeld <[email protected]> (supplier of updated fig2dev package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 06 Jan 2020 22:13:27 +0100
Source: fig2dev
Architecture: source
Version: 1:3.2.7b-3
Distribution: unstable
Urgency: medium
Maintainer: Roland Rosenfeld <[email protected]>
Changed-By: Roland Rosenfeld <[email protected]>
Closes: 946628 946866
Changes:
fig2dev (1:3.2.7b-3) unstable; urgency=medium
.
[ Debian Janitor ]
* Add missing colon in closes line.
* Set upstream metadata fields: Archive, Bug-Submit (from
./configure).
.
[ Roland Rosenfeld ]
* Update upstream metadata and add several fields.
* 31_CVE-2019-19746: Reject huge arrow types causing integer overflow.
This fixes CVE-2019-19746 (Closes: #946628).
* 30_CVE-2019-19555: Add test to the patch.
* 32_fgets2getline: Replace most calls to fgets() by getline() in
read.c. This fixes CVE-2019-19797 (Closes: #946866).
Checksums-Sha1:
92f67f03a5ad1c7f382b63e078dcf7b1f1ecde09 2232 fig2dev_3.2.7b-3.dsc
9c13e49ab34baac8baa985cc0af57609d4123618 228772 fig2dev_3.2.7b-3.debian.tar.xz
7476f69b9b1952e3935875c53f8cc98ba71a664b 8989 fig2dev_3.2.7b-3_source.buildinfo
Checksums-Sha256:
4ea06726d71284dfa2470e2a9b84c841217d281b67a9552f9ddeecbc1b7b20bb 2232
fig2dev_3.2.7b-3.dsc
ea7c2bdff463a1f66db5cd317e2d3a8a89a839383a3355d72d14114291a0df41 228772
fig2dev_3.2.7b-3.debian.tar.xz
c21237cfa412fa1ef3aa99a7587eeae97a8b802058e52294868eacbc73027ef4 8989
fig2dev_3.2.7b-3_source.buildinfo
Files:
6aec2e5f6c2825a847eedec2c8347927 2232 graphics optional fig2dev_3.2.7b-3.dsc
24e4725f411241a0d5053826f751db3b 228772 graphics optional
fig2dev_3.2.7b-3.debian.tar.xz
bb6843611522534d77610efa25339295 8989 graphics optional
fig2dev_3.2.7b-3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEErC+9sQSUPYpEoCEdAnE7z8pUELIFAl4ToyYACgkQAnE7z8pU
ELLcGhAAn1yxBuOzcQgUPUdyYwAaoldr0hheTJsjXdk12Dz+SyzH2EyqZqrfgoZA
fYnkifFncQjzRH7vkhuVZEw6mtC1D0TeG9bmM1XdTVnW3kWMqlvC0H0Rqe+sMeY4
HikFdO+b+TGv3RnZFkSpqni9eZnOsognF/MVc/TunztbhXgvhjca9QHzbM1tpdeL
Vb0qsDN6uX/3i2eGgFYMX40S0fU968eSj7HcTtr8CR9Z05euHP1Cz0syhfRles7x
k7qaNXioqok6zWPidcQP6Jc5qQhUV7nAl6LQKE8ZttVOxs7qtrnPW0teZfmBqWo7
JkJXpVN0TaKh/0V21de+BGxgLzmctUAQQ5xuA13bq6A6s0Ox43mSD3fGHl8rr5yQ
58GyPOi0C/Jw9J9gAs9FZuVrX0MI78Omza55GxZkMgszweuZINBOaNO8wiJwWO2p
IaQRKsB87aZdXYSJUZNE/jhE3rJkkti589w2Ur6xpgflziLgfsKnvOxxAoBC/do6
aOPCyzEPdJrg7odCDcAlb77cAiy3hS1fdRwKYUqIqbhtSrtYHgKwAChjTv1NSo/m
W0p6io/zau5vysDXUnwPw1cheQSriQ8DQn2Zzk1q8hKaIEsTHz83s5v57mpGAFh8
fpKVb6mVJFW7ui/G70hW9EnNc/AdBc4gDEkxSzlE99gKQo9tPtQ=
=645g
-----END PGP SIGNATURE-----
--- End Message ---
