Control: tag -1 moreinfo On Thu, Jun 30, 2016 at 22:19:11 +0200, Moritz Muehlenhoff wrote:
> Package: release.debian.org > Severity: normal > Tags: jessie > User: release.debian....@packages.debian.org > Usertags: pu > > Attached debdiff fixes a non-severe security issue in harfbuzz. > I've been using that for a few weeks on my jessie desktop. > > Cheers, > Moritz > > diff -Nru harfbuzz-0.9.35/debian/changelog harfbuzz-0.9.35/debian/changelog > --- harfbuzz-0.9.35/debian/changelog 2014-10-30 13:58:05.000000000 +0100 > +++ harfbuzz-0.9.35/debian/changelog 2016-05-30 23:50:45.000000000 +0200 > @@ -1,3 +1,10 @@ > +harfbuzz (0.9.35-2+deb8u1) jessie; urgency=medium > + > + * Backport upstream commit 613e630617074eb9b62b794cc37c9b42a7fb079b to > address > + CVE-2016-2052 > + > + -- Moritz Mühlenhoff <j...@debian.org> Mon, 30 May 2016 23:49:46 +0200 > + > harfbuzz (0.9.35-2) unstable; urgency=medium > > * debain/clean: Remove test/shaping/*.pyc during clean According to https://bugzilla.redhat.com/show_bug.cgi?id=1301553#c6 CVE-2016-2052 is linked to a different commit, can you clarify? Thanks, Julien
