Your message dated Thu, 22 Sep 2022 11:53:46 +0000
with message-id <[email protected]>
and subject line Bug#1013673: fixed in harfbuzz 5.2.0-2
has caused the Debian Bug report #1013673,
regarding harfbuzz: CVE-2022-33068
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1013673: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013673
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: harfbuzz
Version: 2.7.4-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/harfbuzz/harfbuzz/issues/3557
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for harfbuzz.
CVE-2022-33068[0]:
| An integer overflow in the component hb-ot-shape-fallback.cc of
| Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS)
| via unspecified vectors.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-33068
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33068
[1] https://github.com/harfbuzz/harfbuzz/issues/3557
[2]
https://github.com/harfbuzz/harfbuzz/commit/62e803b36173fd096d7ad460dd1d1db9be542593
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: harfbuzz
Source-Version: 5.2.0-2
Done: Jeremy Bicha <[email protected]>
We believe that the bug you reported is fixed in the latest version of
harfbuzz, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jeremy Bicha <[email protected]> (supplier of updated harfbuzz package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 22 Sep 2022 06:28:46 -0400
Source: harfbuzz
Built-For-Profiles: noudeb
Architecture: source
Version: 5.2.0-2
Distribution: unstable
Urgency: medium
Maintainer: أحمد المحمودي (Ahmed El-Mahmoudy)
<[email protected]>
Changed-By: Jeremy Bicha <[email protected]>
Closes: 1010435 1013673
Changes:
harfbuzz (5.2.0-2) unstable; urgency=medium
.
* Team upload
* Release to unstable
.
harfbuzz (5.2.0-1) experimental; urgency=medium
.
* Team upload
* New upsream release
.
harfbuzz (5.1.0-1) experimental; urgency=medium
.
* Team upload
.
[ Jeremy Bicha ]
* New upstream release (Closes: #1010435)
- Includes fix for CVE-2022-33068 (Closes: #1013673)
* Build with meson
* Build-Depend on dh-sequence-gir
* Build-Depend on libchafa-dev
* debian/*.symbols: Add new symbols
* debian/libharfbuzz0b.docs: TODO is no longer provided
* Add debian/gbp.conf
* Enable all hardening flags
* Bump Standards-Version to 4.6.1
.
[ Laurent Bigonville ]
* debian/control.in: Switch dependencies from libfreetype6-dev to
libfreetype-dev
.
[ Simon McVittie ]
* Update upstream metadata to point to repository on Github
.
[ Steve Langasek ]
* debian/tests/build: Make cross-test-friendly
Checksums-Sha1:
9471a92d718254e68c86d40e023b825e1c29436b 2706 harfbuzz_5.2.0-2.dsc
94b5d7a9df01b3de7249f8cef402e676128bb16d 11288 harfbuzz_5.2.0-2.debian.tar.xz
e3d9165dc263c140350865b15b7b81806dbb96a0 11085
harfbuzz_5.2.0-2_source.buildinfo
Checksums-Sha256:
4bfd1fc7f915a6e94672cfcf0223f312c6827c1e52425de04b51006eb8e6f2e3 2706
harfbuzz_5.2.0-2.dsc
091bd761e734cb982ef9ca8571d99ea761b669b6246e0a69e161604700945fae 11288
harfbuzz_5.2.0-2.debian.tar.xz
67dc89ff782cb740a10137775d43ea3a3787a1c0140e2ea719011d02b425e09b 11085
harfbuzz_5.2.0-2_source.buildinfo
Files:
b53c81f82d457968d1f1b2ce55eb0aa6 2706 libs optional harfbuzz_5.2.0-2.dsc
8418399f20774d34f2947f87b265d798 11288 libs optional
harfbuzz_5.2.0-2.debian.tar.xz
10d17614e8743f86a9a3dca0992e3755 11085 libs optional
harfbuzz_5.2.0-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAmMsOT4ACgkQ5mx3Wuv+
bH1w4BAA0Zh2/5UMmGGC4Iv0Xk3kYpyXcieGe5DpvlokAQqT8F5FGjv6fpgWG4EZ
d03qknWQnhX3GqEm/5+nhVW4FUFQ0kRRxLG8Ofs0m5v7Ix1TQNneZFduUDE+lA2k
mt2d+dKHBDmsasrrU6ems9CFZkV3OgQF4hTDo8ZDPeaFU6/G/EyytWlLTcHwf3/d
ZTkT0j+AS7ZP+0jGvZEzY6U1Xh4y7g10rzHArSH3uBW2bTCINL73WWD7Q3S25ekK
bQOgzWV5Q2T3Qaf+vLNdU9w4EVipF49JT3KtVNiNiI9BK1lm08322wmA2rOwC4Wl
f7if5hX0OVu/ByanNMXB8CEiMdQ2DSujrc8JZAUSBbqTj/gbGPsA4nOHK99OcTWA
cZahvU0jAoZIAGgjlYDX3oP1xUFCHTA+FNYsD8olKK7W2kaoYTENYHi6BF3c5+2X
9loo14kcOfuR+EXdVIiVMCj1CthnQX/5h3INbZ/1VFpT5r+mKXmw9ZaAhd7CHu1u
WNI4ojqRYdW3NmvtQuOM+vWEgx5bhJOrsLaVZvqFQNY1lYNnD6mbxIhgJPq/rjfk
is94GkEqhzoLHy+0385nkxpNOBDsAshPtU66TXVOx27lSZBbjedRAFznuvxBgWSz
VYXQEDhR6fJRP7vFCUsvadNbKn0m2eTYmBfog/V7+xFAyFB1oA8=
=ZzNK
-----END PGP SIGNATURE-----
--- End Message ---
