Your message dated Sun, 11 Mar 2018 13:06:20 +0000 with message-id <e1ev0g8-0009el...@fasolo.debian.org> and subject line Bug#892590: fixed in graphite2 1.3.11-2 has caused the Debian Bug report #892590, regarding graphite2: CVE-2018-7999: null pointer dereference in Segment() to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 892590: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892590 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: graphite2 Version: 1.3.10-8 Severity: important Tags: patch security upstream Forwarded: https://github.com/silnrsi/graphite/issues/22 Control: found -1 1.3.11-1 Hi, the following vulnerability was published for graphite2. CVE-2018-7999[0]: | In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference | vulnerability was found in Segment.cpp during a dumbRendering | operation, which may allow attackers to cause a denial of service or | possibly have unspecified other impact via a crafted .ttf file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-7999 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7999 [1] https://github.com/silnrsi/graphite/issues/22 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: graphite2 Source-Version: 1.3.11-2 We believe that the bug you reported is fixed in the latest version of graphite2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 892...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Rene Engelhard <r...@debian.org> (supplier of updated graphite2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 11 Mar 2018 13:22:48 +0100 Source: graphite2 Binary: libgraphite2-3 libgraphite2-dev libgraphite2-doc libgraphite2-utils Architecture: source Version: 1.3.11-2 Distribution: unstable Urgency: medium Maintainer: Debian LibreOffice Maintainers <debian-openoffice@lists.debian.org> Changed-By: Rene Engelhard <r...@debian.org> Description: libgraphite2-3 - Font rendering engine for Complex Scripts -- library libgraphite2-dev - Development files for libgraphite2 libgraphite2-doc - Documentation for libgraphite2 libgraphite2-utils - Font rendering engine for Complex Scripts -- utilities Closes: 892590 Changes: graphite2 (1.3.11-2) unstable; urgency=medium . * backport upstream commit db132b4731a9b4c9534144ba3a18e65b390e9ff6 to fix CVE-2018-7999 (closes: #892590) Checksums-Sha1: c54f5403a152c1c46a9b9c47d737dc54cd7c6934 2367 graphite2_1.3.11-2.dsc 6af74012e1ee2e3bbbe37bf566e813c9071c4329 14068 graphite2_1.3.11-2.debian.tar.xz 23f1fa1688b07a3e73b98713531a4f84a156fce9 5888 graphite2_1.3.11-2_source.buildinfo Checksums-Sha256: 3c2f5ed2b6021e9a18456215d5d01354434f14577dbc862f7f53c8ce62200d71 2367 graphite2_1.3.11-2.dsc c47ef4ae6edfa6ce02483f347e67786b0fce089515087370ccc10f22ad711f90 14068 graphite2_1.3.11-2.debian.tar.xz ff13382914e545994b7545f55ec1f7debe28ea2c00358f3835147c1531e8c64a 5888 graphite2_1.3.11-2_source.buildinfo Files: e3e86f9fc17231443ac44d37858c3df6 2367 libs optional graphite2_1.3.11-2.dsc 6cae45b9d01aca8ef59bd1c85a6c31f3 14068 libs optional graphite2_1.3.11-2.debian.tar.xz d55af4850dfc6797e1d678784232ede7 5888 libs optional graphite2_1.3.11-2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE4S3qRnUGcM+pYIAdCqBFcdA+PnAFAlqlI8wACgkQCqBFcdA+ PnDYvg//VGUmGJgACNWYFP8mTGxb0qvuLrTjypu2paCABxO3u74WnLJXkmjtEdl5 wY1p4Nnzhr1xeXdTo3kDVJcwSgCAoXK5O2HXMSQeV7o+r3IXfLVJxnFY6c9PeamB YMJ9PWP6gfprUylSjZzGz3M5r4J+UwchuIShsqO1zGqAUEZDxO90d8pkQKsMLGks 4+Jl4Tb37zX7QqpQhyHJSDt9Ll/OWVAJrkfs276y+vLf7WjZmdgyvea9YLgnl9Op slnAUpRFD4aDymPfMN3hDtrefi0h8zIXrms9VsBWBRJ8Y9/A4AH5GUa6ub9I1H1u YXcbyWdzlbskTQ7YEBXRWZLXkOJW1xNtBvVch3uwvOstx8u8j9dH4OP6RiZlZXqV kmJLTKuA2sEnD3CdR+qRXRRuEWQK+UUONmXGIAVWuxSWMTKxDcha2k+x8UXD2J6w beCKW/XqfUM4Xj7EMRyBe95y+1t+nsJ8ACQlVqUOAwQTpAqqNZkxaOupKUill3hi njZFQN5psm+7/AKjbcxJlgYmPQ4Cd41aaGbpuCysoUE0zqIT0fzdLijpSzUq0Sha MeKCYb1ksIyK4J/yJDVlPSHjQ4a7wfQeARPk5SnaxeQrJOxwO12wwQSvy0n1UXvO HwgxpV/liiNSHSSi5EivDRoQ5vhEqI90QXV1hJuymjerdWNBfo8= =eLJq -----END PGP SIGNATURE-----
--- End Message ---
