Your message dated Thu, 15 Sep 2022 22:09:21 +0000
with message-id <[email protected]>
and subject line Bug#1013673: fixed in harfbuzz 5.1.0-1
has caused the Debian Bug report #1013673,
regarding harfbuzz: CVE-2022-33068
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1013673: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013673
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: harfbuzz
Version: 2.7.4-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/harfbuzz/harfbuzz/issues/3557
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for harfbuzz.
CVE-2022-33068[0]:
| An integer overflow in the component hb-ot-shape-fallback.cc of
| Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS)
| via unspecified vectors.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-33068
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33068
[1] https://github.com/harfbuzz/harfbuzz/issues/3557
[2]
https://github.com/harfbuzz/harfbuzz/commit/62e803b36173fd096d7ad460dd1d1db9be542593
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: harfbuzz
Source-Version: 5.1.0-1
Done: Jeremy Bicha <[email protected]>
We believe that the bug you reported is fixed in the latest version of
harfbuzz, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jeremy Bicha <[email protected]> (supplier of updated harfbuzz package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 15 Sep 2022 17:14:37 -0400
Source: harfbuzz
Built-For-Profiles: noudeb
Architecture: source
Version: 5.1.0-1
Distribution: experimental
Urgency: medium
Maintainer: أحمد المحمودي (Ahmed El-Mahmoudy)
<[email protected]>
Changed-By: Jeremy Bicha <[email protected]>
Closes: 1010435 1013673
Changes:
harfbuzz (5.1.0-1) experimental; urgency=medium
.
* Team upload
.
[ Jeremy Bicha ]
* New upstream release (Closes: #1010435)
- Includes fix for CVE-2022-33068 (Closes: #1013673)
* Build with meson
* Build-Depend on dh-sequence-gir
* Build-Depend on libchafa-dev
* debian/*.symbols: Add new symbols
* debian/libharfbuzz0b.docs: TODO is no longer provided
* Add debian/gbp.conf
* Enable all hardening flags
* Bump Standards-Version to 4.6.1
.
[ Laurent Bigonville ]
* debian/control.in: Switch dependencies from libfreetype6-dev to
libfreetype-dev
.
[ Simon McVittie ]
* Update upstream metadata to point to repository on Github
.
[ Steve Langasek ]
* debian/tests/build: Make cross-test-friendly
Checksums-Sha1:
7909fcd319aa10c4faeb74f5ef9b4db4f0a8194a 2706 harfbuzz_5.1.0-1.dsc
f67f9a69ed7fdc604fa9c1f719fbe7d9b98b3e6b 15183424 harfbuzz_5.1.0.orig.tar.xz
3036dd63e5c2d9a9d7ab772a62b878452876f91f 11268 harfbuzz_5.1.0-1.debian.tar.xz
8ed67b69770e32fdf87b01fb286f6e98175ab7bb 11083
harfbuzz_5.1.0-1_source.buildinfo
Checksums-Sha256:
b93b9a3c6ef7df1afbf71bf3a4ff6ef8521dbd96023c6dde0d5e54fad77ed63d 2706
harfbuzz_5.1.0-1.dsc
2edb95db668781aaa8d60959d21be2ff80085f31b12053cdd660d9a50ce84f05 15183424
harfbuzz_5.1.0.orig.tar.xz
9eeb71fc4f0caff4a33794e88b24136c166b289b6d27e50b97d51b0a06b35cad 11268
harfbuzz_5.1.0-1.debian.tar.xz
ef07de1b93c927145dfbc7089f677022d9dfe64951ff7a6b74b067eea6c4ec14 11083
harfbuzz_5.1.0-1_source.buildinfo
Files:
a634ce2ab095803eac3132263dfd8303 2706 libs optional harfbuzz_5.1.0-1.dsc
76faebc692afe666520cc158430f1a14 15183424 libs optional
harfbuzz_5.1.0.orig.tar.xz
6a9cc31deef4d7b862550dbb370d985f 11268 libs optional
harfbuzz_5.1.0-1.debian.tar.xz
06f0e78da2a97af7deb8fce5dce7177b 11083 libs optional
harfbuzz_5.1.0-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAmMjlpwACgkQ5mx3Wuv+
bH0ioA//SeNqqlHm6rv5abc7n8/H18OgzlsIzjC+J2Xqi/7xdMkdmqNqLMO+wKKZ
XjQ11KB1DAcGbJCBHFnesbUJxF1fjdYUuh6KZ+qz3K4tajIM8fImBM3igTdIMnV+
EYihdt1vbFaYYMtzSl35PwvONWHEY4anf6HkOCFt/87V3RqpLU5gW3T4tr/TFgxs
S5aigxmTOfn7vpjks06VUC9UYg0KVEu++1Iby+NtL2JUwGoEA1uWd9wOOWWt6KJ8
u4499zHJNIHwKyOu5jTCT8Y88n9m9mcztvh6W/jdWkNZanxuwv8bfCXJFtYc5+jq
TWAdrr4ny2TZPm8cj4sqNCj38UWzjaHJj/nUN1jbl4p2y8NubjvHXm4iq9IVSHRK
bezcHAkqkq9uZbMYMQ4oARWXWW43RZPyqmadm/SGNU23Pkxwk4ozu5lXpQCbd6vc
WutXF7yikUXkCiObHOMjhkYAZqtm0ArbK+yc5GKCZIlpVdTFfqz2fVCn4nQRVt5a
yDh5ZYYcPiNChh9/AAQCqpDOtJZXyZmWZgkwuD9XUxgO4qHlVcIPXvcd7pTQ+EQH
phV98fIF4FP8WfJQ2iEOlnCSPtFg/5/i5AQCrgzAW6PHpa+KCFug8/pe8nWUL2rb
5kHHkjzatfwRsFKMuB5JYJOb8yEwJXZHDaFc+2rYMy3cXx8hv34=
=pSjM
-----END PGP SIGNATURE-----
--- End Message ---
