Debian Bug report logs -
#907302
CVE-2018-15864 CVE-2018-15863 CVE-2018-15862 CVE-2018-15861 CVE-2018-15859 CVE-2018-15858 CVE-2018-15857 CVE-2018-15856 CVE-2018-15855 CVE-2018-15854 CVE-2018-15853
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Sun, 26 Aug 2018 08:45:01 UTC
Severity: important
Tags: security, upstream
Found in version libxkbcommon/0.8.0-1
Fixed in version libxkbcommon/0.8.2-1
Done: Timo Aaltonen <tjaalton@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#907302; Package src:libxkbcommon.
(Sun, 26 Aug 2018 08:45:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian X Strike Force <debian-x@lists.debian.org>.
(Sun, 26 Aug 2018 08:45:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: libxkbcommon
Severity: important
Tags: security
Please see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15862
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15861
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15859
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15857
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15856
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15855
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15854
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15853
All fixed in the 0.8.2 release. None of these warrant a DSA.
Cheers,
Moritz
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Sun, 26 Aug 2018 13:03:02 GMT) (full text, mbox, link).
Marked as found in versions libxkbcommon/0.8.0-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Sun, 26 Aug 2018 13:03:05 GMT) (full text, mbox, link).
Reply sent
to Timo Aaltonen <tjaalton@debian.org>:
You have taken responsibility.
(Thu, 30 Aug 2018 11:21:07 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Thu, 30 Aug 2018 11:21:07 GMT) (full text, mbox, link).
Message #14 received at 907302-close@bugs.debian.org (full text, mbox, reply):
Source: libxkbcommon
Source-Version: 0.8.2-1
We believe that the bug you reported is fixed in the latest version of
libxkbcommon, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 907302@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Timo Aaltonen <tjaalton@debian.org> (supplier of updated libxkbcommon package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 30 Aug 2018 14:06:12 +0300
Source: libxkbcommon
Binary: libxkbcommon0 libxkbcommon-dev libxkbcommon-doc libxkbcommon-x11-0 libxkbcommon-x11-dev
Architecture: source
Version: 0.8.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Timo Aaltonen <tjaalton@debian.org>
Description:
libxkbcommon-dev - library interface to the XKB compiler - development files
libxkbcommon-doc - library interface to the XKB compiler - documentation
libxkbcommon-x11-0 - library to create keymaps with the XKB X11 protocol
libxkbcommon-x11-dev - library to create keymaps with the XKB X11 protocol - development
libxkbcommon0 - library interface to the XKB compiler - shared library
Closes: 907302
Changes:
libxkbcommon (0.8.2-1) unstable; urgency=medium
.
* New upstream release (Closes: #907302).
- Fixes CVE-2018-15853 CVE-2018-15854 CVE-2018-15855 CVE-2018-15856
CVE-2018-15857 CVE-2018-15858 CVE-2018-15859 CVE-2018-15861
CVE-2018-15862 CVE-2018-15863 CVE-2018-15864.
* control: Update vcs urls.
* control: Priority optional for all packages.
Checksums-Sha1:
2a9042816356ce1891768cd5e0df8af05a7090d1 2122 libxkbcommon_0.8.2-1.dsc
c0f4736828a0c80fcf18220c5ce2f7393cb68dd3 614828 libxkbcommon_0.8.2-1.tar.gz
848211d7ee74d1ad9f17e5030a7116980bd6401e 6975 libxkbcommon_0.8.2-1_source.buildinfo
Checksums-Sha256:
053c4578baf2e236af87ed450e8621447c1468e8db51461ce960c2b3d78af1bb 2122 libxkbcommon_0.8.2-1.dsc
373fb14dcc3913f894b86221d6e6473dadbc52e14c277b4b42d1af7d7fe37a1a 614828 libxkbcommon_0.8.2-1.tar.gz
7378955c27c4d7df525cb1d8f763b93ea5640b251424f6a94ac64f5d3e13611c 6975 libxkbcommon_0.8.2-1_source.buildinfo
Files:
f5822b69d540702ca8dab7bc1d430f8d 2122 x11 optional libxkbcommon_0.8.2-1.dsc
3f3b7350072a7a7a69c7db8029593cb9 614828 x11 optional libxkbcommon_0.8.2-1.tar.gz
09d6dbe11259b07ac70c046d59b42aa2 6975 x11 optional libxkbcommon_0.8.2-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEdS3ifE3rFwGbS2Yjy3AxZaiJhNwFAluHz7oACgkQy3AxZaiJ
hNw2CBAAlyZpX7f4sitUF5ryPVcyJKZnyoTtb5oMfgbyAG9YRHG6JIRvuF6/BVky
owAydK9OHDy7D9/Nv6uBmwFF9ralVe6VvGY5rkKnoXMqryUZm/p0cdBjQqYi4GVt
jZzhJ/O7oFqPlco0ElGH4tSn3jq2a7yvzv2BOb9a3gxGz2JojJCtdguR9AjNSGiu
/rAqy9rck80bmpKaIGKgW6by1TL+ZPar9nFpFaU4fYZEtLm/aim56H4v01J4EMa+
RIfoo0PuP5Qo85Tc1XtS8LmUcmSaBMCebvkCYi7T2YzznNZ8b531d/ln7KIOOhvq
PQdkpXNJDj097RKnmhBwzMOP6EXvkAQWz5yx6c+qWJtitIA3GoXdCAzdOD9cK06R
kWDjYQaePhNc8WpFVHLTZ9wOPM8sBXVr+tQ5BdDZ7q/FJm7GcGoMCjhMKH92Hfpo
TqtLIQ7xWXwN/48JxAxfkcOd5BtB0T/HSw2lkRcm7VcOb8AMeHZI82C5iQrPKp19
hMqT4wto2qslhRY7q5lNrXVD5HlTf/QnI3e9lZyB0vNjtYDDmWdIYubSSxaFdo56
i/ZZe24uk7BybW/mcWUC71+rGteSIF2nvvdjXjLiPTu1RuFgZu/LqKjDKEiOfoYR
bVZIDljNkH45AqHVoTPtcU1jMV+Zw6hGz1yxt+aJt+B8V5jYONE=
=0qh8
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 02 Oct 2018 07:25:21 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:57:27 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon