Bug#959800: marked as done (potential double-free in libfontconfig due to bad backported commit)

[Debian Bug Tracking System]

Your message dated Thu, 14 May 2020 17:03:27 +0000
with message-id <e1jzhgz-000fg7...@fasolo.debian.org>
and subject line Bug#959800: fixed in fontconfig 2.13.1-4.1
has caused the Debian Bug report #959800,
regarding potential double-free in libfontconfig due to bad backported commit
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
959800: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959800
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libfontconfig1
Version:|2.13.1-4|

One of the commits backported in 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956157
to fix fontconfig memory leaks has a bug that introduces a potential 
double-free error.
See https://gitlab.freedesktop.org/fontconfig/fontconfig/-/issues/237 for 
details, and
https://gitlab.freedesktop.org/fontconfig/fontconfig/-/merge_requests/94 for a 
proposed
fix for upstream.

This has resulted in crash reports for Firefox when running on bullseye/sid 
installations,
see https://bugzilla.mozilla.org/show_bug.cgi?id=1633467.

I would suggest either taking the fix from the libfontconfig merge request 94 
(above),
or reverting the backport of 61573ad5f7c4dd0860d613d99d0086433240eb75 until the 
issue is
resolved upstream, as it would be better to leak than to risk a double-free 
error.

--- End Message ---

--- Begin Message ---

Source: fontconfig
Source-Version: 2.13.1-4.1
Done: Julien Cristau <jcris...@debian.org>

We believe that the bug you reported is fixed in the latest version of
fontconfig, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 959...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julien Cristau <jcris...@debian.org> (supplier of updated fontconfig package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 13 May 2020 12:21:13 +0200
Source: fontconfig
Architecture: source
Version: 2.13.1-4.1
Distribution: unstable
Urgency: medium
Maintainer: Debian freedesktop.org maintainers 
<pkg-freedesktop-maintain...@lists.alioth.debian.org>
Changed-By: Julien Cristau <jcris...@debian.org>
Closes: 959800
Changes:
 fontconfig (2.13.1-4.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Cherry-pick an extra upstream patch to fix a regression in 2.13.1-4.
     Closes: #959800.  Thanks, Jonathan Kew!
Checksums-Sha1:
 2266209aaa1c5e91baaae866c355ecac7222403b 2716 fontconfig_2.13.1-4.1.dsc
 231df160fc34234047461a09cdcadc1eacac6444 55044 
fontconfig_2.13.1-4.1.debian.tar.xz
Checksums-Sha256:
 98e8ea1faf9ee20879ec871666c7663782d2a448a683fb88b6250099e77408ce 2716 
fontconfig_2.13.1-4.1.dsc
 e7205ae9fd675ebff5d6b1ddf4570405194337b2b8acc6e5cfc2a491d5e88f2a 55044 
fontconfig_2.13.1-4.1.debian.tar.xz
Files:
 527e8b6faab1234eb128b1c68d56875e 2716 fonts optional fontconfig_2.13.1-4.1.dsc
 fbd4e15da9139b4ef9d07d0358b651a5 55044 fonts optional 
fontconfig_2.13.1-4.1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAl679AMUHGpjcmlzdGF1
QGRlYmlhbi5vcmcACgkQnbAjVVb4z61W6hAAj0rJ+vxksPlD3w1jJ9v3eYCkJ0Er
/07JeWe/mtp6f0Fo4V8KZrP8zFgAX350ODuKwNZO2HVr2BfxASfkfA6cF8IhEScU
rTmxK9ZLeH5iabxnQTC4tDgZWFWGfS35zFUH0hbPoeZv7mT8y5MS1SpSXgLQRZs3
X96Kal+NlJZUtPLTG6ReojJoGoy3BNo9h6q99Hhe2Y52ezicB/q6ENiARpR6x97C
T64rc1MpVXAbOevnMnWaJbzJmiCkQjc+P9JSEv5hiu1q8HheLKzjatS15Dc7eaGp
3qib0dnA/Vyt3JmIWFv+7wZPLkrarxcHSNh+Nla8R4bqNdrBlbJS+EaDTzbaJgRI
YEhGeuW5tLq3QTsSF8GTZxO7aZ7NeC50dXQjK7PmhbbmLclYF6UXacnIKmETc+mS
SjOgUal+x2taZJiRf2ChCfyqcsjIgj4JBy1FQPibeGlnJNJCqZjp/XK4Xgkqkl65
fNtLaBLeqYVCvmZFHjwX0M2b9nXNwjF0VkLyzI1jjunMZeSUGK3HIdEX1zS8aO0a
bTFoPg+cxf19i1SIWRTrB4NEPmyRi5T43X04bvlUIVY7gMAXRJA69rXNiOXTGiUo
gEoTwphlaCnZA0u0YPoV2CUWkLGEUFf0YWg1TK11N7Sw56FwIGBDDs/KN0goTDkW
NaIRavq7e2Avon0=
=jrbF
-----END PGP SIGNATURE-----

--- End Message ---