Bug#829136: jessie-pu: package harfbuzz/0.9.35-2+deb8u1

To: Moritz Muehlenhoff <jmm@debian.org>, 829136@bugs.debian.org
Subject: Bug#829136: jessie-pu: package harfbuzz/0.9.35-2+deb8u1
From: Julien Cristau <jcristau@debian.org>
Date: Sat, 13 Aug 2016 10:33:32 +0200
Message-id: <[🔎] 20160813083332.GJ6230@betterave.cristau.org>
Reply-to: Julien Cristau <jcristau@debian.org>, 829136@bugs.debian.org
In-reply-to: <146731795168.4675.13717626581831239686.reportbug@pisco.westfalen.local>
References: <146731795168.4675.13717626581831239686.reportbug@pisco.westfalen.local>

Control: tag -1 moreinfo

On Thu, Jun 30, 2016 at 22:19:11 +0200, Moritz Muehlenhoff wrote:

> Package: release.debian.org
> Severity: normal
> Tags: jessie
> User: release.debian.org@packages.debian.org
> Usertags: pu
> 
> Attached debdiff fixes a non-severe security issue in harfbuzz.
> I've been using that for a few weeks on my jessie desktop.
> 
> Cheers,
>         Moritz
> 
> diff -Nru harfbuzz-0.9.35/debian/changelog harfbuzz-0.9.35/debian/changelog
> --- harfbuzz-0.9.35/debian/changelog	2014-10-30 13:58:05.000000000 +0100
> +++ harfbuzz-0.9.35/debian/changelog	2016-05-30 23:50:45.000000000 +0200
> @@ -1,3 +1,10 @@
> +harfbuzz (0.9.35-2+deb8u1) jessie; urgency=medium
> +
> +  * Backport upstream commit 613e630617074eb9b62b794cc37c9b42a7fb079b to address
> +    CVE-2016-2052
> +
> + -- Moritz Mühlenhoff <jmm@debian.org>  Mon, 30 May 2016 23:49:46 +0200
> +
>  harfbuzz (0.9.35-2) unstable; urgency=medium
>  
>    * debain/clean: Remove test/shaping/*.pyc during clean

According to https://bugzilla.redhat.com/show_bug.cgi?id=1301553#c6
CVE-2016-2052 is linked to a different commit, can you clarify?

Thanks,
Julien

Reply to:

Prev by Date: Linux 4.9 will be next LTS
Next by Date: Processed: Re: Bug#829136: jessie-pu: package harfbuzz/0.9.35-2+deb8u1
Previous by thread: Bug#829136: jessie-pu: package harfbuzz/0.9.35-2+deb8u1
Next by thread: Processed: Re: Bug#829136: jessie-pu: package harfbuzz/0.9.35-2+deb8u1
Index(es):
- Date
- Thread