Bug#840444: marked as done (libxtst: CVE-2016-7951 CVE-2016-7952)
Your message dated Tue, 06 Dec 2016 00:49:58 +0000
with message-id <E1cE3xG-000Hno-OU@fasolo.debian.org>
and subject line Bug#840444: fixed in libxtst 2:1.2.3-1
has caused the Debian Bug report #840444,
regarding libxtst: CVE-2016-7951 CVE-2016-7952
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
840444: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840444
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: libxtst: CVE-2016-7951 CVE-2016-7952
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Tue, 11 Oct 2016 17:55:12 +0200
- Message-id: <147620129815.16878.15042000327664213153.reportbug@eldamar.local>
Source: libxtst
Version: 2:1.2.2-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerabilities were published for libxtst.
CVE-2016-7951[0]:
for all of the integer overflows
CVE-2016-7952[1]:
for all of the other mishandling of the reply data
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-7951
[1] https://security-tracker.debian.org/tracker/CVE-2016-7952
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libxtst
Source-Version: 2:1.2.3-1
We believe that the bug you reported is fixed in the latest version of
libxtst, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 840444@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Emilio Pozuelo Monfort <pochu@debian.org> (supplier of updated libxtst package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 06 Dec 2016 01:38:08 +0100
Source: libxtst
Binary: libxtst6 libxtst6-udeb libxtst-dev libxtst-doc
Architecture: source
Version: 2:1.2.3-1
Distribution: unstable
Urgency: low
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Emilio Pozuelo Monfort <pochu@debian.org>
Description:
libxtst-dev - X11 Record extension library (development headers)
libxtst-doc - X11 Record extension library (documentation)
libxtst6 - X11 Testing -- Record extension library
libxtst6-udeb - X11 Testing -- Record extension library (udeb)
Closes: 840444
Changes:
libxtst (2:1.2.3-1) unstable; urgency=low
.
[ Andreas Boll ]
* New upstream release.
- Fixes CVE-2016-7951 and CVE-2016-7952 (Closes: #840444).
* Bump libx11-dev build-dep to 2:1.6.0 per configure.ac.
* Let uscan verify tarball signatures.
* Remove Cyril from Uploaders.
* Update a bunch of URLs in packaging to https.
* Fix lintian error: pre-depends-directly-on-multiarch-support.
.
[ Julien Cristau ]
* Bump debhelper build-dep to 8.1.3 for ${misc:Pre-Depends}.
.
[ Emilio Pozuelo Monfort ]
* Bump debhelper compat to 10.
* Switch from xsfbs to dh.
* Switch to -dbgsym packages.
* Bump Standards-Version to 3.9.8, no changes.
* Drop automake and libtool build-dependencies, debhelper takes care
of that now.
* Drop unneeded override for dh_installchangelogs, it already installs
the upstream ChangeLog automatically.
Checksums-Sha1:
f03361fc1c07e7be3e4dc9ef11bc58afe819d9b4 2243 libxtst_1.2.3-1.dsc
496c9a35afc99f7d81ccb69025c8bf1feb717b8d 400197 libxtst_1.2.3.orig.tar.gz
40b43bad4ef7cb55548c9e7514baf0fdcb8a0d06 10177 libxtst_1.2.3-1.diff.gz
Checksums-Sha256:
979f05e505ea319c3f75955e10345338f77a512f5a6a0a887d6f4633d6bd4633 2243 libxtst_1.2.3-1.dsc
a0c83acce02d4923018c744662cb28eb0dbbc33b4adc027726879ccf68fbc2c2 400197 libxtst_1.2.3.orig.tar.gz
c4739fc7ccda7caaffcf36f934b7c33463390e71d567c7d62f635db1946b74ed 10177 libxtst_1.2.3-1.diff.gz
Files:
bf88f02f422d6cda2ac04b645aa4d7cb 2243 x11 optional libxtst_1.2.3-1.dsc
2534e6015a52e0bb7b6f9148ca180028 400197 x11 optional libxtst_1.2.3.orig.tar.gz
0b3415fbe16bfdc8478023760c804365 10177 x11 optional libxtst_1.2.3-1.diff.gz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlhGCH8ACgkQnUbEiOQ2
gwJO2Q//YoFK1SRsG7gxrQpD9VBCJXakl3rgbblYOIdTmNWUX7TN2zGDxdm881AS
G4giz82ahqubPmM/xODq2kVZLs65LHZ9btlEiHTFlNDJeTqtQcySLIPppUNRryUL
WKLxHrBEITjlyXZmPIata9dxj7ICQ0KIE802KlCInQB2EmWRdBoHsboU2qUhCXRf
P/H+ke1mFrfd3XGsdpRK7w9aVc+DvYmBPIH3WcpjS9meGAJ6sljFELNANq1L/ZWA
a1jTn6ARNoW3IYid5Y7GibUF6uNEl+KTWPpTlZ/YnJAZ3d9pBwyjyXXl271SWgn4
auDztgVs9N9o8jbgn1aM1+s93v2F/Z46Eyvdf4rzml+ftzq+F8nOAiNAi0atdbF2
IOEL61g2odzPtT7fdgqAjQgL6Hxil0lZtIiiOAydRjOITJfQDwe59iBtw0XakLXs
41D0+D2PZ/LF2FyoA4Cue7Oukf0p4UZNzBWqnpd9IAuQIWE6iUof/YIi5zJyEwnN
2eFeLGhepncML3rVbU3mzn1n1R7q/KIjf0PCBZUv13MpY397JBZfU7KsVe/B2q7W
+0SF30E+hvLZDDtZ4kVZaWRZxELYgwYRZtRsKt1QfMc0b70WJ+Ivg4Ejm5BL+RAm
e+NOGAaT2N/8SIMqhBW7aQMZaRBmsrRIPl9+lypbno5bxEafB80=
=Wdoa
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: