Bug#906012: marked as done (libxcursor: CVE-2015-9262)

To: Chris Lamb <lamby@debian.org>
Subject: Bug#906012: marked as done (libxcursor: CVE-2015-9262)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Fri, 24 Aug 2018 13:51:14 +0000
Message-id: <[🔎] handler.906012.D906012.15351184312630.ackdone@bugs.debian.org>
Reply-to: 906012@bugs.debian.org
References: <E1ftCQf-000Fdu-QL@fasolo.debian.org> <[🔎] 1534144288.3106836.1472094864.6CCC8480@webmail.messagingengine.com>

Your message dated Fri, 24 Aug 2018 13:47:09 +0000
with message-id <E1ftCQf-000Fdu-QL@fasolo.debian.org>
and subject line Bug#906012: fixed in libxcursor 1:1.1.14-1+deb9u2
has caused the Debian Bug report #906012,
regarding libxcursor: CVE-2015-9262
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
906012: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906012
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Subject: libxcursor: CVE-2015-9262
From: Chris Lamb <lamby@debian.org>
Date: Mon, 13 Aug 2018 08:11:28 +0100
Message-id: <[🔎] 1534144288.3106836.1472094864.6CCC8480@webmail.messagingengine.com>

Package: libxcursor
Version: 1:1.1.14-1+deb8u1
X-Debbugs-CC: team@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerability was published for libxcursor.

CVE-2015-9262[0]:
| _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows
| remote attackers to cause denial of service or potentially code
| execution via a one-byte heap overflow.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-9262
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9262


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

--- End Message ---

--- Begin Message ---

To: 906012-close@bugs.debian.org
Subject: Bug#906012: fixed in libxcursor 1:1.1.14-1+deb9u2
From: Chris Lamb <lamby@debian.org>
Date: Fri, 24 Aug 2018 13:47:09 +0000
Message-id: <E1ftCQf-000Fdu-QL@fasolo.debian.org>

Source: libxcursor
Source-Version: 1:1.1.14-1+deb9u2

We believe that the bug you reported is fixed in the latest version of
libxcursor, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 906012@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Chris Lamb <lamby@debian.org> (supplier of updated libxcursor package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 13 Aug 2018 09:09:13 +0200
Source: libxcursor
Binary: libxcursor1 libxcursor1-udeb libxcursor1-dbg libxcursor-dev
Architecture: source amd64
Version: 1:1.1.14-1+deb9u2
Distribution: stretch
Urgency: high
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
 libxcursor-dev - X cursor management library (development files)
 libxcursor1 - X cursor management library
 libxcursor1-dbg - X cursor management library (unstripped)
 libxcursor1-udeb - X cursor management library (udeb)
Closes: 906012
Changes:
 libxcursor (1:1.1.14-1+deb9u2) stretch; urgency=high
 .
   * Fix a denial of service or potentially code execution via
     a one-byte heap overflow. (CVE-2015-9262) (Closes: #906012)
Checksums-Sha1:
 61d56a3532404d89e20e2b22e97efb5d96e387b1 2334 libxcursor_1.1.14-1+deb9u2.dsc
 873a91831946cdedc0724b1d048c8041d958807c 374910 libxcursor_1.1.14.orig.tar.gz
 7ca624b1c6f12855a28f2b41b5c99d1ad5180046 19765 libxcursor_1.1.14-1+deb9u2.diff.gz
 56294fe5750c1ad9740012641471b3c6d3586839 42552 libxcursor-dev_1.1.14-1+deb9u2_amd64.deb
 cd74f7f46bb5ebc7259670ba64f2c19c1f4217f2 67360 libxcursor1-dbg_1.1.14-1+deb9u2_amd64.deb
 92c44fd03cea00982d9e71e4eaa8db9b63772dd3 17170 libxcursor1-udeb_1.1.14-1+deb9u2_amd64.udeb
 c1beb12a2ba565210c904ddec30d6c08da1b3aeb 34910 libxcursor1_1.1.14-1+deb9u2_amd64.deb
 7318b023cf8df91a17ca718a9b89c67a75005713 7405 libxcursor_1.1.14-1+deb9u2_amd64.buildinfo
Checksums-Sha256:
 c7d9fb3b4aee36b317f62a8a04697931ac2356f9ebf7f8937c7e9ac8a41034ea 2334 libxcursor_1.1.14-1+deb9u2.dsc
 be0954faf274969ffa6d95b9606b9c0cfee28c13b6fc014f15606a0c8b05c17b 374910 libxcursor_1.1.14.orig.tar.gz
 5b56f9b5f9327471ddfd8c5f8a349d93faded3b40e9eb1d0ea1b5129e2db84a3 19765 libxcursor_1.1.14-1+deb9u2.diff.gz
 3182938f4b8511866710badfd20e4aa660ae1793913c0a7d1ba86cbeb3bd0fb6 42552 libxcursor-dev_1.1.14-1+deb9u2_amd64.deb
 2404b00ca789d27b89648fd1d8ea7a3979c9e19c2d3805512ff8dcbd58832802 67360 libxcursor1-dbg_1.1.14-1+deb9u2_amd64.deb
 5e14ce0ac6ff0e10a8f810bfb7509a396656f692fe7815b8211b40e8e29e2f42 17170 libxcursor1-udeb_1.1.14-1+deb9u2_amd64.udeb
 af4908f3f2bcfe78586823eaf8ed65d838936cb26698c520538717367d836dc6 34910 libxcursor1_1.1.14-1+deb9u2_amd64.deb
 31d48b5b9b82246905c2fe498e0aacf47349d213e83a5b4914c2c8610385ad65 7405 libxcursor_1.1.14-1+deb9u2_amd64.buildinfo
Files:
 acc990e11509e6996276e263eb38af7b 2334 devel optional libxcursor_1.1.14-1+deb9u2.dsc
 39c8423de190d64f1c52fbc00022e52c 374910 devel optional libxcursor_1.1.14.orig.tar.gz
 dc7bc23048569d80495f18b076a064c2 19765 devel optional libxcursor_1.1.14-1+deb9u2.diff.gz
 17d70baeb33edddef81d8ef7d6e4498f 42552 libdevel optional libxcursor-dev_1.1.14-1+deb9u2_amd64.deb
 04c9c4056789bf6402371767af684966 67360 debug extra libxcursor1-dbg_1.1.14-1+deb9u2_amd64.deb
 648df027c161c02dc54410065e3db85b 17170 debian-installer optional libxcursor1-udeb_1.1.14-1+deb9u2_amd64.udeb
 28b8f760545fba07638cb8af00361965 34910 libs optional libxcursor1_1.1.14-1+deb9u2_amd64.deb
 c3a05658c7a25c0b437ae2482cb4fdff 7405 devel optional libxcursor_1.1.14-1+deb9u2_amd64.buildinfo
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlt1yxUACgkQHpU+J9Qx
Hlj0hA//bTDkRUU2l1NHsfM/Vp8HaQgerMWW19U+QQSVPp9klWv67DTZpyDfn1eg
Y1LCtZWpL9wNbkFFygBE7c4m92Ew6sbPkWFrwLL3wrpRGtI76a3dEwRe71x3oAkC
uOci9RvEQwZir2+A9QoXEaoU3D10lO4k9G1p8G8Z0LQNRXK/RynJaUiG5mxZn8Fu
H8xm/ZqK2wEXwvhS0aexSGCdfoJB7fJNLDorbqJrL00Mrw++EiSEmaL7fDIGdgTE
RNqs+gm5RZplJC/1gqIMQWSH87Uz4yHq/3lBWzS1V75MgIZM0AyJVHz4ksqBeIPL
2O9zGFPxv2fwL0BZyQSA0iXbNcZ+mBfzN/UL8NtcA+DRyT/HdZeGNrKTS6vy2leX
FQtM8XJXaeljxH1UHNO8th3Z3FO7N6isVwe2a+fpG5dj/C+tjpgKGl0eAW8h9jB2
I1oQvzjFZPznI27IZQzaeVh/wzrWmCiPY5Pw6QT3fdH4yXoloxYbZfGw6bK0CfHU
ziVEkn9YDEo/lAptt79+p1zvP9O4UoFaZJBa9wX3ydA9ggnK2F+3NnbQRK2UHLnL
jfMylSOIImrMey960WgPgood8DRCKbiQIfd7bBwKrd1y+xU3iv6iZSCVSLCatHQX
h0wS93qPYHA2ImS+6diIYFtTOtYhP8C37+GdfrwNhA1nrzafo4U=
=vWgu
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#906012: libxcursor: CVE-2015-9262
  - From: Chris Lamb <lamby@debian.org>

Prev by Date: Bug#907152: vulkan: Porting to non-linux systems
Next by Date: libxcursor_1.1.14-1+deb9u2_amd64.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Previous by thread: Bug#906012: marked as done (libxcursor: CVE-2015-9262)
Next by thread: Bug#906012: libxcursor: CVE-2015-9262
Index(es):
- Date
- Thread