Bug#840439: marked as done (libx11: CVE-2016-7942 CVE-2016-7943)
Your message dated Tue, 06 Dec 2016 00:49:52 +0000
with message-id <E1cE3xA-000HmQ-Mr@fasolo.debian.org>
and subject line Bug#840439: fixed in libx11 2:1.6.4-1
has caused the Debian Bug report #840439,
regarding libx11: CVE-2016-7942 CVE-2016-7943
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
840439: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840439
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: libx11: CVE-2016-7942 CVE-2016-7943
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Tue, 11 Oct 2016 17:32:16 +0200
- Message-id: <147619993610.12589.11907496860263657858.reportbug@eldamar.local>
Source: libx11
Version: 2:1.6.2-3
Severity: important
Tags: security upstream patch
Hi,
the following vulnerabilities were published for libx11.
CVE-2016-7942[0], CVE-2016-7943[1].
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-7942
[1] https://security-tracker.debian.org/tracker/CVE-2016-7943
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libx11
Source-Version: 2:1.6.4-1
We believe that the bug you reported is fixed in the latest version of
libx11, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 840439@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Emilio Pozuelo Monfort <pochu@debian.org> (supplier of updated libx11 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 06 Dec 2016 01:38:30 +0100
Source: libx11
Binary: libx11-6 libx11-6-udeb libx11-data libx11-dev libx11-xcb1 libx11-xcb-dev libx11-doc
Architecture: source
Version: 2:1.6.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Emilio Pozuelo Monfort <pochu@debian.org>
Description:
libx11-6 - X11 client-side library
libx11-6-udeb - X11 client-side library (udeb)
libx11-data - X11 client-side library
libx11-dev - X11 client-side library (development headers)
libx11-doc - X11 client-side library (development documentation)
libx11-xcb-dev - Xlib/XCB interface library (development headers)
libx11-xcb1 - Xlib/XCB interface library
Closes: 840439
Changes:
libx11 (2:1.6.4-1) unstable; urgency=medium
.
[ Andreas Boll ]
* New upstream release.
- Fixes CVE-2016-7942 and CVE-2016-7943 (Closes: #840439).
* Bump libxcb1-dev build-dep to 1.11.1 per configure.ac.
* Update a bunch of URLs in packaging to https.
.
[ Julien Cristau ]
* Update d/upstream/signing-key.asc with Matthieu Herrb's key.
.
[ Emilio Pozuelo Monfort ]
* Cherry-pick upstream commit 20a3f99 to plug a memory leak in the
security fix.
* Bump debhelper compat to 10.
* Switch from old debhelper to dh.
* Drop workaround for old tarballs not shipping some files.
* Switch to -dbgsym packages.
* Bump Standards-Version to 3.9.8, no changes.
* Drop libtool and automake build dependencies, debhelper takes
care of that for us now.
Checksums-Sha1:
690e78ff1b54d67dc60ed62d5bab9a7f98edbf35 2397 libx11_1.6.4-1.dsc
04acc1fb67fe3752c3be65f906c8b0ecd2df3ccb 3095115 libx11_1.6.4.orig.tar.gz
bd4c87682c9071c0244b2e3f8b2e0129fccbc38f 41775 libx11_1.6.4-1.diff.gz
Checksums-Sha256:
94762379bf2eb4b1550e9e0faa27ce7996eaddf956f7a2fa40c36ecc1826d527 2397 libx11_1.6.4-1.dsc
5d7fbb9e15c27900ea8963218a59750b674a8d7c94161b66e96fcfbdaa1c6263 3095115 libx11_1.6.4.orig.tar.gz
c792cc19650c26cd14a7218e0adaf879da40b1f4e803f0e14d4cd7d8eaeb2292 41775 libx11_1.6.4-1.diff.gz
Files:
7dbb71d860fcb37d6c339ed144521f0e 2397 x11 optional libx11_1.6.4-1.dsc
f60fb9f397090ed7d75c8c8873014d1e 3095115 x11 optional libx11_1.6.4.orig.tar.gz
dd82c0a6640552fdc4ae54168f53df68 41775 x11 optional libx11_1.6.4-1.diff.gz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlhGCJcACgkQnUbEiOQ2
gwKSnBAAySF7knPtvsUpc1wS55edUfNedhNT4x73vz19VmAMglFPFTQ2/kq5gFlo
ZR+zmJzb3Vvjwb/L20oK+9CwrDk+GA0CwNPUlfdTIkw2/nCcLny0lYicLbB81dW4
AFWJI7VGY2+DaHyxLDQZJtjCT22HyOYlnfUN+SMMR0+eviKdTd2OHJ9OtWG6c/aM
/lJzdLacy6EREFqrG4OB5sTOOxd0EUuWmIa6eD+ZnN8DAy6GLlU5qq9Xr0PomDCF
s5eT6r4W9hWiXkGIUGpWp7q2g748UlsZGWyBXfes0f8XqFVioddOR3Gkis1wPePt
RKwypCTIIWXVYNoQvBc0UgsG6nKF3CwpATTXYUMdBqBCLiXPxYJYODxpQsvat2OX
VdqPw/oTdvAo5hy4tuRPC0wtUSYrrqpFicJV4ip2J7SxwAdFW6v5nEr0szfEIqNA
1IuPp+jiDlNT7ZwTApHJWynOeYL5qO2bOnu5ABzJfETbImOUFRotrU1+VO4DNXN0
7By36Z/qU0qKktnLn5BuXUg0c2fuSE3EF3dmsR/bClkS8CKPGNoqV9Sjgj7ML74j
Ev1JDKBi/VyLPmI0qOz8spexektkawqsQ/1unq7uXSCuMJ4098t1WyeRD7xNmv2I
FeQszGSA1A7bFR8MZP+9CK0cBac7+QdGau6UYmKH+1u87CpB/SU=
=HQ/m
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: