Bug#829136: jessie-pu: package harfbuzz/0.9.35-2+deb8u1
On Tue, 2016-09-06 at 22:21 +0200, Moritz Mühlenhoff wrote:
> On Sat, Aug 13, 2016 at 10:33:32AM +0200, Julien Cristau wrote:
> > Control: tag -1 moreinfo
> >
> > On Thu, Jun 30, 2016 at 22:19:11 +0200, Moritz Muehlenhoff wrote:
> >
> > > Package: release.debian.org
> > > Severity: normal
> > > Tags: jessie
> > > User: release.debian.org@packages.debian.org
> > > Usertags: pu
> > >
> > > Attached debdiff fixes a non-severe security issue in harfbuzz.
> > > I've been using that for a few weeks on my jessie desktop.
> > >
> > > Cheers,
> > > Moritz
> > >
> > > diff -Nru harfbuzz-0.9.35/debian/changelog harfbuzz-0.9.35/debian/changelog
> > > --- harfbuzz-0.9.35/debian/changelog 2014-10-30 13:58:05.000000000 +0100
> > > +++ harfbuzz-0.9.35/debian/changelog 2016-05-30 23:50:45.000000000 +0200
> > > @@ -1,3 +1,10 @@
> > > +harfbuzz (0.9.35-2+deb8u1) jessie; urgency=medium
> > > +
> > > + * Backport upstream commit 613e630617074eb9b62b794cc37c9b42a7fb079b to address
> > > + CVE-2016-2052
> > > +
> > > + -- Moritz Mühlenhoff <jmm@debian.org> Mon, 30 May 2016 23:49:46 +0200
> > > +
> > > harfbuzz (0.9.35-2) unstable; urgency=medium
> > >
> > > * debain/clean: Remove test/shaping/*.pyc during clean
> >
> > According to https://bugzilla.redhat.com/show_bug.cgi?id=1301553#c6
> > CVE-2016-2052 is linked to a different commit, can you clarify?
>
> Hmm, there seems to have been some reshuffling of CVE mappings, also another
> minor issue came up. I'll revise.
Any news on that?
Regards,
Adam
Reply to: