Bug#614669: marked as done (CVE-2010-0433: Buffer overflow)

[Debian Bug Tracking System]

Your message dated Tue, 05 Jul 2011 07:54:42 +0000
with message-id <e1qe0sw-0005q1...@franck.debian.org>
and subject line Bug#614669: fixed in vftool 2.0alpha-4+squeeze1
has caused the Debian Bug report #614669,
regarding CVE-2010-0433: Buffer overflow
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
614669: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614669
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: vftool
Severity: grave
Tags: security

Please see https://bugzilla.gnome.org/show_bug.cgi?id=640923
for details and a patch. (While this bug is for evince, it
also applies to vftool).

Cheers,
        Moritz

-- System Information:
Debian Release: 6.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.37-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---

--- Begin Message ---

Source: vftool
Source-Version: 2.0alpha-4+squeeze1

We believe that the bug you reported is fixed in the latest version of
vftool, which is due to be installed in the Debian FTP archive:

vftool_2.0alpha-4+squeeze1.diff.gz
  to main/v/vftool/vftool_2.0alpha-4+squeeze1.diff.gz
vftool_2.0alpha-4+squeeze1.dsc
  to main/v/vftool/vftool_2.0alpha-4+squeeze1.dsc
vftool_2.0alpha-4+squeeze1_i386.deb
  to main/v/vftool/vftool_2.0alpha-4+squeeze1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 614...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jonathan Wiltshire <j...@debian.org> (supplier of updated vftool package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 29 Jun 2011 23:06:32 +0100
Source: vftool
Binary: vftool
Architecture: source i386
Version: 2.0alpha-4+squeeze1
Distribution: stable
Urgency: medium
Maintainer: Atsuhito KOHDA <ko...@debian.org>
Changed-By: Jonathan Wiltshire <j...@debian.org>
Description: 
 vftool     - a tool to generate VF files for dvi2ps/dvi2dvi
Closes: 614669
Changes: 
 vftool (2.0alpha-4+squeeze1) stable; urgency=medium
 .
   * Non-maintainer upload.
   * debian/patch-3:
     - fix CVE-2011-0433, a buffer overflow in linetoken() in parseAFM.c
     Closes: #614669
Checksums-Sha1: 
 b7aad909bd9efa21ed08e9f36e336a2a753c8615 1626 vftool_2.0alpha-4+squeeze1.dsc
 039eb5cecdbe4422869d9e6521dc160aedc67204 4841 
vftool_2.0alpha-4+squeeze1.diff.gz
 585dbc0897521e26817bcdd98692c9ab79181913 35460 
vftool_2.0alpha-4+squeeze1_i386.deb
Checksums-Sha256: 
 139dd3235fbe7b7ca93c179d89e2f7d7683ae8295df1dda3963959aef02dd09c 1626 
vftool_2.0alpha-4+squeeze1.dsc
 06ad98b6eb31b2c5dd596ed51037f6c8d469bfcf00a4d28b5abd25274b959d93 4841 
vftool_2.0alpha-4+squeeze1.diff.gz
 03b7245bf9ea40c202eade956d225d95addd9b613a7646052bb5a44360e8c6b2 35460 
vftool_2.0alpha-4+squeeze1_i386.deb
Files: 
 73b2160429c0b0b5c8000739c16bef96 1626 tex optional 
vftool_2.0alpha-4+squeeze1.dsc
 40164af7c1b853d2cf6146e591a1b41c 4841 tex optional 
vftool_2.0alpha-4+squeeze1.diff.gz
 fdfec8e8309c922852fe51f8918a65e4 35460 tex optional 
vftool_2.0alpha-4+squeeze1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJOEjHMAAoJEFOUR53TUkxRQIIP/j+uYJko5UnebuiLHSaRmoEO
+28OzY1T3WzlVlSTZmWuZbrioi7fK6t8W/aPbTJsMUkO0ZRuKa2n7r5d0YqaxXul
NeiuP4F6sJJqEr4CqIRjBI8/1HPg7rFvwADi2F3MRcRJNth3gQg3OkLvB6wozbG9
wJNYCJHivtrEeaswiuEWLRPU4FhEUbnUFxh7VCNtiTLU6FOTLnMRgPiu1KlYMqDB
5CGDLp7fgKYuetXhJtNblXWrpAviuN9O4QXNcO/RZMtAMecm9pOwdI/HaAgS616C
hJ0vZcDSeIJMX3x+de0mLnSEcP582yP2HrEK9nRxT4Nqd6ML+ynWBUMvwN0CH8j8
Ur0cNidNAa0whfGbl+xQH90pw3h9TFrC25bYbI4WSPr3O7cFhSDTwBRcMkcy6p1u
duLK3Z4Gi+VO5nbt3MAvdhayx9UFzren1P/lzXt8savec2hkkHeg56c0xybBDPGA
EygVOs/BVxlT62aroJwvfpMID91+CLstG0senUJFIbUnMTeNi7wqHL9a88kDg7sA
AQhIX+bgUhbuHqMe/ywbsDuILg0KrOzaC7qwUCQJcUhzBEUQhEsdVAoRL1lzIKJh
1QBUwX7WDUYzPmlAYtTswoMK7vq4RD7lh7nIvPE5cUQqZl5Mx91phFL7ZtETW7fh
sUAyFeKenuXrxFBLB4jE
=QdZK
-----END PGP SIGNATURE-----

--- End Message ---