Your message dated Wed, 4 Dec 2019 23:16:14 +0100
with message-id <[email protected]>
and subject line Bug#946176: fixed in fig2dev 1:3.2.7b-2
has caused the Debian Bug report #946176,
regarding fig2dev: CVE-2019-19555
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
946176: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946176
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: fig2dev
Version: 1:3.2.7b-1
Severity: normal
Tags: security upstream
Forwarded: https://sourceforge.net/p/mcj/tickets/55/
Hi,
The following vulnerability was published for fig2dev.
CVE-2019-19555[0]:
| read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based
| buffer overflow because of an incorrect sscanf.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-19555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19555
[1] https://sourceforge.net/p/mcj/tickets/55/
[2]
https://sourceforge.net/p/mcj/fig2dev/ci/19db5fe6f77ebad91af4b4ef0defd61bd0bb358f/
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: fig2dev
Source-Version: 1:3.2.7b-2
Seems, that I had a little typo in the changelog, so this bug wasn't
automatically fixed :-(
So here's a manually created closing mail.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 04 Dec 2019 22:04:13 +0100
Source: fig2dev
Architecture: source
Version: 1:3.2.7b-2
Distribution: unstable
Urgency: medium
Maintainer: Roland Rosenfeld <[email protected]>
Changed-By: Roland Rosenfeld <[email protected]>
Changes:
fig2dev (1:3.2.7b-2) unstable; urgency=medium
.
* 30_CVE-2019-19555: Allow Fig v2 text strings ending with multiple ^A.
This fixes CVE-2019-19555. Closes (#946176).
Checksums-Sha1:
39272cf622de36a0eaf798ce7d563b69e13edb08 2232 fig2dev_3.2.7b-2.dsc
ab108c93d0a66832862acd8d87f7fea78cb66a68 211100 fig2dev_3.2.7b-2.debian.tar.xz
7b173f2ceb22456dae48abd9c27b3325dbd7a4f8 8942 fig2dev_3.2.7b-2_source.buildinfo
Checksums-Sha256:
0b6e2a249604cb3c2e2239f138eaeabf7eaaf10940c77a18b290c903c6f1e5e3 2232
fig2dev_3.2.7b-2.dsc
f9ff6fad8b6f19151ed170b72444e83f8123ddd5a190c86172267a04f151f4b0 211100
fig2dev_3.2.7b-2.debian.tar.xz
1cab7f8849c2484196ca84f8b6e6ffb7bf0f7721497ec374ad83f550e2d4d3a7 8942
fig2dev_3.2.7b-2_source.buildinfo
Files:
dcefd6ff3184090f2d75d90db2762110 2232 graphics optional fig2dev_3.2.7b-2.dsc
7a06915f08e4aa9b251a96da32299691 211100 graphics optional
fig2dev_3.2.7b-2.debian.tar.xz
1482d9e358ebf125c904c451a2893e0d 8942 graphics optional
fig2dev_3.2.7b-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEErC+9sQSUPYpEoCEdAnE7z8pUELIFAl3oIHEACgkQAnE7z8pU
ELIFvQ/7BJp9h3/JMpp+bW+cIX+7oqVJJ2DdsU8VPeGHJhx1fnFS/z5qFGLkiH98
tNy8x6V0ESW5mJWxyrvfObfSfhygUoJksyt8EhHE/5l2Ee1qsXdZ/p1oTobT1Ty4
hV1WyC0FOTJgrWKIj+QPszDW5w/Fw7YY/B+uVfDow+JFAslQk2eNoOcwO+YowaFL
45mZxZG4jLjcNwGoMC7yFmWVVQecBZ486bfBPHgl4tT8izyRKveK7mU3JNXTUM0R
LR5HShEt7pjTXj3M6VX0FReqN+zKiPemQAD3huHBk+DBh/wsQ8SLfn1poAV0UBRQ
u95uVLF9uJDrIJbMnZdoCdKq4EBZawtPoaBy+xjlCUSgyGZoAl3ykXCtXFk1087X
mRLcODrLM5F5TUbdk/VXh0k5B8o6Q+pqgrZp3ijAyJvBnvXYN2Qby05rIVu9tj1D
FxZ5Ou6FwXWrfUvaq5kEL0ba4ASS8sxuJJchiC1lp4mQ6OP00Agmj9L/nZ4mg0aD
7KLS27cLPUGEN+QQZMMbSdQiJdKQU/skoQtdQMwBtKRZauFwRADMKL4G1XuUeUhc
tm3S6g1TnqcCm0iCcwquv8xW+pe34ciLz8etY7n3OpwFsuKVSog9OzsCV7hLiqNK
qZzRj1qbe+piuNPcF1dHt2G7yz3nYyhb05wpJ1Hcg3NQtp7oQoU=
=EdSH
-----END PGP SIGNATURE-----
--- End Message ---
