Bug#840441: marked as done (libxrandr: CVE-2016-7947 CVE-2016-7948)
Your message dated Tue, 06 Dec 2016 23:34:54 +0000
with message-id <E1cEPGA-000Dxu-2H@fasolo.debian.org>
and subject line Bug#840441: fixed in libxrandr 2:1.5.1-1
has caused the Debian Bug report #840441,
regarding libxrandr: CVE-2016-7947 CVE-2016-7948
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
840441: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840441
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: libxrandr: CVE-2016-7947 CVE-2016-7948
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Tue, 11 Oct 2016 17:43:22 +0200
- Message-id: <147620060217.14290.5357964990399134754.reportbug@eldamar.local>
Source: libxrandr
Version: 2:1.4.2-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerabilities were published for libxrandr.
CVE-2016-7947[0]:
for all of the integer overflows
CVE-2016-7948[1]:
for all of the other mishandling of the reply data
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-7947
[1] https://security-tracker.debian.org/tracker/CVE-2016-7948
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libxrandr
Source-Version: 2:1.5.1-1
We believe that the bug you reported is fixed in the latest version of
libxrandr, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 840441@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Emilio Pozuelo Monfort <pochu@debian.org> (supplier of updated libxrandr package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 07 Dec 2016 00:17:09 +0100
Source: libxrandr
Binary: libxrandr2 libxrandr-dev
Architecture: source
Version: 2:1.5.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Emilio Pozuelo Monfort <pochu@debian.org>
Description:
libxrandr-dev - X11 RandR extension library (development headers)
libxrandr2 - X11 RandR extension library
Closes: 840441
Changes:
libxrandr (2:1.5.1-1) unstable; urgency=medium
.
[ Andreas Boll ]
* New upstream release.
- Fixes CVE-2016-7947 and CVE-2016-7948 (Closes: #840441).
* Update d/upstream/signing-key.asc with Matthieu Herrb's key.
* Update a bunch of URLs in packaging to https.
* Bump Standards-Version to 3.9.8, no changes needed.
.
[ Emilio Pozuelo Monfort ]
* Bump debhelper compat to 10.
+ --with autoreconf is enabled by default now. Drop build-deps on
dh-autoreconf, automake and libtool.
* debhelper installs to debian/tmp by default, no need to specify it.
* Switch to -dbgsym packages.
* Pass -c4 to dpkg-gensymbols.
* Drop no longer needed dpkg-dev versioned build-dependency.
Checksums-Sha1:
f7a10997e48045f1153dd0abb511318091366bad 2046 libxrandr_1.5.1-1.dsc
d2d194a00914e863e51bac7c438b437dd490280f 388607 libxrandr_1.5.1.orig.tar.gz
13ba483839c2cc1c4a0638004ef1b1eba09c26e8 16386 libxrandr_1.5.1-1.diff.gz
Checksums-Sha256:
0d7102ab75fdfe06534e842d5dcac8430614c61a061ab12794e2285712b0b103 2046 libxrandr_1.5.1-1.dsc
2baa7fb3eca78fe7e11a09b373ba898b717f7eeba4a4bfd68187e04b4789b0d3 388607 libxrandr_1.5.1.orig.tar.gz
42262cbc2117ea559a4e16a02c6ea6478554aa2128d9fe1e141da07006612a1d 16386 libxrandr_1.5.1-1.diff.gz
Files:
6a1617088d5a0f050951c8c40db03aae 2046 x11 optional libxrandr_1.5.1-1.dsc
59e90a544ee8cf706cf11e3027339f60 388607 x11 optional libxrandr_1.5.1.orig.tar.gz
93e04c9ac48b26d2b3662a6ccbc45d11 16386 x11 optional libxrandr_1.5.1-1.diff.gz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlhHRxwACgkQnUbEiOQ2
gwKadw//QMV6/PJHxV+Ankm1ufj7a5Ou4rf8edZ5HgRmXR6zfS3wKn/71/AUOMRm
OqKhb6eqvYbf3FCIka35a1By6yfW/j+9OFvv0lYakUgRfKhkQWj2vvUiQZX6lzHF
Zwa1pJK5lBmxv/Sx6d3HJTLRxBtsRe+qjWUwP+6S8SopDyktEiyp3LBlqLZ8oVAs
f2pfqxZgCXyoIsjHkY/NeV1jSW5qKM0XFjapIwX7OLAP6xwFt0NjGxZtQU2ICC5H
jDCXoMzWFPcHh2K6nBPq40M83iduHXBhoNyimyz+q21DgZZf+rcwd8ckVJbJ0j90
F4oiEYJYF05MuDz1JQKK5nN9OZZpAjkegrSKoZSGa7xRt4QKnSDXhGhJKbSJztoQ
6ESDUdCkHW2PzmStjpvLKhsC/xhgLiCq6oGqCHVgTfOJxKchEHSpcLrF+HCUpasC
Juy8k23YB30avILbMSLJGAm2pQJbhdxlezq+pt9RQBqXtdN2AAyRzjBNJuoQJNTA
zy3gn6C+3YWZTKomDDHjNDTSvNkxn4Hvc/U6MtOkfsLZWLNLiFkrzY1PVABV4/OH
YE36mmalvKPlc3MbnrImcLE4qnUySZ9/0macpSjVbR5lxLJy5wdGTZH2PyYGnCYr
Mq551QuUeKJeqAkfixynYi2BaXY45nxjGTMxxwyx0NFvgYDqGv8=
=h56z
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: