Bug#829136: jessie-pu: package harfbuzz/0.9.35-2+deb8u1
Control: tag -1 moreinfo
On Thu, Jun 30, 2016 at 22:19:11 +0200, Moritz Muehlenhoff wrote:
> Package: release.debian.org
> Severity: normal
> Tags: jessie
> User: release.debian.org@packages.debian.org
> Usertags: pu
>
> Attached debdiff fixes a non-severe security issue in harfbuzz.
> I've been using that for a few weeks on my jessie desktop.
>
> Cheers,
> Moritz
>
> diff -Nru harfbuzz-0.9.35/debian/changelog harfbuzz-0.9.35/debian/changelog
> --- harfbuzz-0.9.35/debian/changelog 2014-10-30 13:58:05.000000000 +0100
> +++ harfbuzz-0.9.35/debian/changelog 2016-05-30 23:50:45.000000000 +0200
> @@ -1,3 +1,10 @@
> +harfbuzz (0.9.35-2+deb8u1) jessie; urgency=medium
> +
> + * Backport upstream commit 613e630617074eb9b62b794cc37c9b42a7fb079b to address
> + CVE-2016-2052
> +
> + -- Moritz Mühlenhoff <jmm@debian.org> Mon, 30 May 2016 23:49:46 +0200
> +
> harfbuzz (0.9.35-2) unstable; urgency=medium
>
> * debain/clean: Remove test/shaping/*.pyc during clean
According to https://bugzilla.redhat.com/show_bug.cgi?id=1301553#c6
CVE-2016-2052 is linked to a different commit, can you clarify?
Thanks,
Julien
Reply to: