Your message dated Sun, 10 Nov 2019 09:15:46 +0000 with message-id <e1itjjy-000ejj...@fasolo.debian.org> and subject line Bug#944327: fixed in fribidi 1.0.7-1.1 has caused the Debian Bug report #944327, regarding fribidi: CVE-2019-18397 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 944327: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944327 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: fribidi Version: 1.0.7-1 Severity: grave Tags: security upstream Justification: user security hole Control: found -1 1.0.5-3.1 Control: fixed -1 1.0.5-3.1+deb10u1 Hi, The following vulnerability was published for fribidi. CVE-2019-18397[0]: | stack buffer overflow in the fribidi_get_par_embedding_levels_ex() | function in lib/fribidi-bidi.c The update for buster is already pending for release. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-18397 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18397 [1] https://github.com/fribidi/fribidi/commit/034c6e9a1d296286305f4cfd1e0072b879f52568 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: fribidi Source-Version: 1.0.7-1.1 We believe that the bug you reported is fixed in the latest version of fribidi, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 944...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated fribidi package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 08 Nov 2019 13:36:50 +0100 Source: fribidi Architecture: source Version: 1.0.7-1.1 Distribution: unstable Urgency: high Maintainer: Debian Hebrew Packaging Team <team+heb...@tracker.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 944327 Changes: fribidi (1.0.7-1.1) unstable; urgency=high . * Non-maintainer upload. * Truncate isolate_level to FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL (CVE-2019-18397) (Closes: #944327) Checksums-Sha1: f1600a09a120794ed6c0cc9aea073d725779512d 2444 fribidi_1.0.7-1.1.dsc 0b1483fcd3036f619c0edd464dc3ff0aa0897f52 8908 fribidi_1.0.7-1.1.debian.tar.xz Checksums-Sha256: 716cfa7b98103104c2dec36d90427d91185a7dfb96cf7ae0854713a830e5da87 2444 fribidi_1.0.7-1.1.dsc bef9430be691d1790754431c7fe2f0b33235e406fce3956c9a67e1c1268390ef 8908 fribidi_1.0.7-1.1.debian.tar.xz Files: a40ac0861d62522dd496be7c25f73fda 2444 libs optional fribidi_1.0.7-1.1.dsc 9aea7c2a9fec1074daf9e51d7a99a28d 8908 libs optional fribidi_1.0.7-1.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl3FYqhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EQiMP/ioiD0NHor/4qOMcd3OV115dN2MaJhCu drBgpHZ5nY60cZOVonS9G2Jlm4dxCabYcFiNH4w1UmrqqCUDUuAy1VNDK7yJyGDq yPMz3j+jAs1F4zY1JK2amG9fCgFNjQUKh/DFfObvxHEWB5408yxCTLv99a9KEQmZ BaYtRtYEZpgG0em0sCPtkzoaP7BKsATad5a50PWMUiTQIBJ4TFmpOuPbxQry56Ae 75MgKb11l6hZBeOs8470ddO8YEtAJXogG0/XeB2XX46lJf7tghWVwyL1flYLwkHB QNNQjO8WbnkMYspmTLdy+awsBQwZ6Mhq5jK/MW7ZS86F6F7M4PDgvtYJ+XYs1qWd Ht4h+p7XBgeSbuD3mTxwifeHlUyZLneXu8IcAtc8oukZeRqyRfzoXzJhv1P3ua4/ AKHIBfJEf/sFUsVOlhZRgV4wAsogrClLvC85m1TrJume/1oBqbbtubaxcTPX5nzL 4X6NVHxbHggtYuiQfCX958HH8B5VMzhfeUSHPsW3F1QJKYSaUosUUK2TpM9rFmBO /fYb5vuZed4LWS9c7MO4a30pbROUkhlYhN+ObOMcPnaq0uWUsogQpqJYllztjijJ lrq9Ilz2/AhxSQ3Wy1yxCxpKK/qq2gflQWD8YFzY3cqQEq5lxvRs7RXamPmZs8f4 x2++ZYOOORsj =pydT -----END PGP SIGNATURE-----
--- End Message ---
