On Sat, Aug 13, 2016 at 10:33:32AM +0200, Julien Cristau wrote:
> Control: tag -1 moreinfo
>
> On Thu, Jun 30, 2016 at 22:19:11 +0200, Moritz Muehlenhoff wrote:
>
> > Package: release.debian.org
> > Severity: normal
> > Tags: jessie
> > User: release.debian....@packages.debian.org
> > Usertags: pu
> >
> > Attached debdiff fixes a non-severe security issue in harfbuzz.
> > I've been using that for a few weeks on my jessie desktop.
> >
> > Cheers,
> > Moritz
> >
> > diff -Nru harfbuzz-0.9.35/debian/changelog harfbuzz-0.9.35/debian/changelog
> > --- harfbuzz-0.9.35/debian/changelog 2014-10-30 13:58:05.000000000
> > +0100
> > +++ harfbuzz-0.9.35/debian/changelog 2016-05-30 23:50:45.000000000
> > +0200
> > @@ -1,3 +1,10 @@
> > +harfbuzz (0.9.35-2+deb8u1) jessie; urgency=medium
> > +
> > + * Backport upstream commit 613e630617074eb9b62b794cc37c9b42a7fb079b to
> > address
> > + CVE-2016-2052
> > +
> > + -- Moritz Mühlenhoff <j...@debian.org> Mon, 30 May 2016 23:49:46 +0200
> > +
> > harfbuzz (0.9.35-2) unstable; urgency=medium
> >
> > * debain/clean: Remove test/shaping/*.pyc during clean
>
> According to https://bugzilla.redhat.com/show_bug.cgi?id=1301553#c6
> CVE-2016-2052 is linked to a different commit, can you clarify?
Hmm, there seems to have been some reshuffling of CVE mappings, also another
minor issue came up. I'll revise.
Cheers,
Moritz
