Debian Bug report logs -
#919321
CVE-2019-6246
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Anton Gladky <gladk@debian.org>:
Bug#919321; Package src:svgpp.
(Mon, 14 Jan 2019 22:27:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Anton Gladky <gladk@debian.org>.
(Mon, 14 Jan 2019 22:27:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: svgpp
Severity: grave
Tags: security
Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6246
It will also be affected by CVE-2019-6247 and CVE-2019-6245, as agg
doesn't provide a shared library...
So make sure to add a versioned build-deps on the fixed agg when
that's done.
Cheers,
Moritz
Added tag(s) fixed-upstream.
Request was from debian-bts-link@lists.debian.org
to control@bugs.debian.org.
(Mon, 21 Jan 2019 17:30:35 GMT) (full text, mbox, link).
Reply sent
to Anton Gladky <gladk@debian.org>:
You have taken responsibility.
(Mon, 21 Jan 2019 21:54:07 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Mon, 21 Jan 2019 21:54:07 GMT) (full text, mbox, link).
Message #14 received at 919321-close@bugs.debian.org (full text, mbox, reply):
Source: svgpp
Source-Version: 1.2.3+dfsg1-4
We believe that the bug you reported is fixed in the latest version of
svgpp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 919321@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Anton Gladky <gladk@debian.org> (supplier of updated svgpp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 21 Jan 2019 22:41:04 +0100
Source: svgpp
Binary: libsvgpp-dev libsvgpp-doc
Architecture: source
Version: 1.2.3+dfsg1-4
Distribution: unstable
Urgency: medium
Maintainer: Anton Gladky <gladk@debian.org>
Changed-By: Anton Gladky <gladk@debian.org>
Description:
libsvgpp-dev - SVG-framework with parsers for various syntaxes and adapters. Dev
libsvgpp-doc - SVG-framework with parsers for various syntaxes and adapters. Doc
Closes: 884700 919321
Changes:
svgpp (1.2.3+dfsg1-4) unstable; urgency=medium
.
[ Ondřej Nový ]
* d/control: Deprecating priority extra as per policy 4.0.1
* Use 'python3 -m sphinx' instead of sphinx-build for building docs
* d/control: Remove Testsuite field, not needed anymore
* d/control: Set Vcs-* to salsa.debian.org
.
[ Anton Gladky ]
* [5d0f0bc] Fix CVE-2019-6246. (Closes: #919321)
* [f3060a6] Set compat level 11
* [a3e759c] Fix some privacy-breaches
.
[ Matthias Klose ]
* [60dacd9] autopkg tests: Build with -g1, same as done for the build.
(Closes: #884700)
Checksums-Sha1:
0faa6216a5e19e3badeec9580bfdd80ad8cb1fd1 2093 svgpp_1.2.3+dfsg1-4.dsc
d120a59a81ce3177e4076c5593bd1b7dc9e1ec44 4896 svgpp_1.2.3+dfsg1-4.debian.tar.xz
87a5c0bf480a97548c744467b6dfac906947d21f 6307 svgpp_1.2.3+dfsg1-4_source.buildinfo
Checksums-Sha256:
d5a8610ad2bcb61348cdd5881eb8ab31abca6b4caf87c093bb2752a04f05fd41 2093 svgpp_1.2.3+dfsg1-4.dsc
249d1a7c60cc85ab3bb3a49e82ecc6648e9d0f0dc08b21c7f8d21d52a460bc41 4896 svgpp_1.2.3+dfsg1-4.debian.tar.xz
e127714e82fa2dd594d1dce825947faa57bf372bf6e86806fa87ac538bc2cf1f 6307 svgpp_1.2.3+dfsg1-4_source.buildinfo
Files:
8429a529c64f7de159576b316ec982b5 2093 libs optional svgpp_1.2.3+dfsg1-4.dsc
02de3af9a52b1a7433139afe79e80154 4896 libs optional svgpp_1.2.3+dfsg1-4.debian.tar.xz
e6c5bc349de1f0f3a49b381081608c14 6307 libs optional svgpp_1.2.3+dfsg1-4_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAlxGPKgACgkQ0+Fzg8+n
/wYjhQ/+Kjdzylh0NB/OrJIbgILMwBRL1lFcEvvUGEMcVDTgxgKokQqw7cYHW3XH
oDN/sKlhuaOmOWOojzfuQlbdXus0CQt10nrBNdce967h4LuhsdeGrnvAVqCCoMu/
4GaIpy5motPkT3Yitn+sPCuOuLtBTXNoNL3hhke6AJVeDA0HNd/ZK/9PnFvv7IHJ
lIPsm3tb1Wzw2gD3KW2FvjS9YeBhYcqS6UIBK3ituRs4l+FVY4ghKdg7GPxn32l9
M22kP9w3BmyuxfD5CZM6qkSQ64RtOfVeg3hQa6teajr8OIYAcF4QUrZ7OuJBKOs1
HtCkt4Tmcd85s2pIKBoVaGlIRS1JIcebf6UwGFdJWumjdUI7ynjXn/UOxldjUpdM
H/LcKEQHQ9hx19puD71MW/2WW5GmEA35VwfW6lsdHnOIJq9jUv+bbALa+zlUIuyg
oOZE7ROSHMM6gnkpzZ/pYjpFFVjhSCiLnq+ivorabkC8ahh+yw0FyQM7+T3ULe6z
3TjXY0y3yQpIRaA0elJtAbfQFRIbHfWRqLJH7bwTrtKEjXn1ffNNLRasEGJD71ks
eoVp5q1z5XwHP2Tkch9Pr0TP2CWPdopBYRaErAMD3iSRCsQejV7KzYPShmzIS0fc
kL8Y7DLDV/rbNrkqx844tumOTzZIWKRdUhCmkkM7RGChe+EBv8o=
=03E+
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 08 Mar 2019 07:27:16 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:11:51 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon