On Tue, 2016-09-06 at 22:21 +0200, Moritz Mühlenhoff wrote: > On Sat, Aug 13, 2016 at 10:33:32AM +0200, Julien Cristau wrote: > > Control: tag -1 moreinfo > > > > On Thu, Jun 30, 2016 at 22:19:11 +0200, Moritz Muehlenhoff wrote: > > > > > Package: release.debian.org > > > Severity: normal > > > Tags: jessie > > > User: [email protected] > > > Usertags: pu > > > > > > Attached debdiff fixes a non-severe security issue in harfbuzz. > > > I've been using that for a few weeks on my jessie desktop. > > > > > > Cheers, > > > Moritz > > > > > > diff -Nru harfbuzz-0.9.35/debian/changelog > > > harfbuzz-0.9.35/debian/changelog > > > --- harfbuzz-0.9.35/debian/changelog 2014-10-30 13:58:05.000000000 > > > +0100 > > > +++ harfbuzz-0.9.35/debian/changelog 2016-05-30 23:50:45.000000000 > > > +0200 > > > @@ -1,3 +1,10 @@ > > > +harfbuzz (0.9.35-2+deb8u1) jessie; urgency=medium > > > + > > > + * Backport upstream commit 613e630617074eb9b62b794cc37c9b42a7fb079b to > > > address > > > + CVE-2016-2052 > > > + > > > + -- Moritz Mühlenhoff <[email protected]> Mon, 30 May 2016 23:49:46 +0200 > > > + > > > harfbuzz (0.9.35-2) unstable; urgency=medium > > > > > > * debain/clean: Remove test/shaping/*.pyc during clean > > > > According to https://bugzilla.redhat.com/show_bug.cgi?id=1301553#c6 > > CVE-2016-2052 is linked to a different commit, can you clarify? > > Hmm, there seems to have been some reshuffling of CVE mappings, also another > minor issue came up. I'll revise.
Any news on that? Regards, Adam
