Your message dated Sat, 28 Dec 2024 18:19:15 +0000
with message-id <e1trbp9-00ag8t...@fasolo.debian.org>
and subject line Bug#1091529: fixed in harfbuzz 10.1.0-2
has caused the Debian Bug report #1091529,
regarding harfbuzz: CVE-2024-56732
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1091529: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091529
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: harfbuzz
Version: 10.1.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for harfbuzz.
CVE-2024-56732[0]:
| HarfBuzz is a text shaping engine. Starting with 8.5.0 through
| 10.0.1, there is a heap-based buffer overflow in the
| hb_cairo_glyphs_from_buffer function.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-56732
https://www.cve.org/CVERecord?id=CVE-2024-56732
[1] https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-qmp9-xqm5-jh6m
[2]
https://github.com/harfbuzz/harfbuzz/commit/1767f99e2e2196c3fcae27db6d8b60098d3f6d26
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: harfbuzz
Source-Version: 10.1.0-2
Done: Jeremy Bícha <jbi...@ubuntu.com>
We believe that the bug you reported is fixed in the latest version of
harfbuzz, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1091...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jeremy Bícha <jbi...@ubuntu.com> (supplier of updated harfbuzz package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 28 Dec 2024 12:53:25 -0500
Source: harfbuzz
Built-For-Profiles: noudeb
Architecture: source
Version: 10.1.0-2
Distribution: unstable
Urgency: high
Maintainer: أحمد المحمودي (Ahmed El-Mahmoudy)
<aelmahmo...@users.sourceforge.net>
Changed-By: Jeremy Bícha <jbi...@ubuntu.com>
Closes: 1091529
Changes:
harfbuzz (10.1.0-2) unstable; urgency=high
.
* Team upload
* SECURITY UPDATE: Heap-based buffer overflow (Closes: #1091529)
- Cherry-pick upstream fix for the hb_cairo_glyphs_from_buffer function
- CVE-2024-56732
* debian/upstream/metadata: Add security contact
Checksums-Sha1:
10cb958c841f8fc02be3206bbec9dd69aa16c2b1 2864 harfbuzz_10.1.0-2.dsc
327a448d282d12ba0a5ece4a18fd0bf3becb589d 20740 harfbuzz_10.1.0-2.debian.tar.xz
b8ed73d8c404234a548aab03f5939a738de2401c 11405
harfbuzz_10.1.0-2_source.buildinfo
Checksums-Sha256:
c79e3ea8bde0627472ea4f76017ca75fa4fe3b89c339dc8f27f5b0813a2a5f8c 2864
harfbuzz_10.1.0-2.dsc
4dbe422fcfc93e755e2f85be8da97024c6590b82cb9948557cb38086694e06d2 20740
harfbuzz_10.1.0-2.debian.tar.xz
b5dffbdb770a6c78e4f9b7276a087ca4e2bf578303626b6ff001ec5a13a7242d 11405
harfbuzz_10.1.0-2_source.buildinfo
Files:
4558de312de25b689736f8fd02471a56 2864 libs optional harfbuzz_10.1.0-2.dsc
f41c8dbab6707424b474856c3d035c61 20740 libs optional
harfbuzz_10.1.0-2.debian.tar.xz
5b337049136a7c4c6d580d39828cb849 11405 libs optional
harfbuzz_10.1.0-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAmdwP08ACgkQ5mx3Wuv+
bH21yxAAorkOWj2fgqn9G/kf75KIYNO+xxVY23o86IrcMA2c0MKUv8Zo/ST52yY2
CvDIEr58DlTFcXgIaR1+n55u37is96gfIoHWue6w58gnvJj1iK1OSKie7/0Z8xuK
z66+medWobSixQSdlm062PDUkLdSBfjejC1uqmxKFDF6swla7YDJ4DV7tA2ekq7j
A3lYpvUPJl6NTQ0X56EiybCppwbsc0QltbXhH4YDbn/XHqdzJZhVC7394QaT6VSn
l2e29+IL6FCBSGQpSoYQQOrax0jI5T1BJ7yBr7tEOOw8Vqp8R+LXBZbF8jHNKL/J
cheuSDGi3b1T7uvh1+fafOrOjR79QEXDYTQjxVxKv4dLdNOFQMqi5gWav7M5vrjs
1GySSz3G91yUgL5rFx6EBRKNlE4obmTsTDJ3ASUDwqYlT6l2lKSEhyhPlIfHbTry
kZLpaFZh78VbcdEUrXbJ0rLifBeZcQ9waRe+vRMF/oanH1UWwWnLOfpBqQGd8DwN
86UkyHpHaeWwpBzJfNdL4pICow+TvI1lEu+HcXsjEe5qFnb9WTS5qsCe5fN+u8t7
8ZTBtHLEIHEXvXl1Zi5QA+7Syn2cBezt9Ub9q8oBlkd177ECQ3n8B/cXeUCT/iFY
WJMWJC+/5RwsBUaCAdG4jmruupsiyKMsHeO2ySbTKtYig6Z0Cpg=
=Yi9U
-----END PGP SIGNATURE-----
pgpXwhC0lDaYw.pgp
Description: PGP signature
--- End Message ---
