Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

libxfixes: CVE-2016-7944

Related Vulnerabilities: CVE-2016-7944  

Source

Debian Bug report logs - #840442
libxfixes: CVE-2016-7944

version graph

Package: src:libxfixes; Maintainer for src:libxfixes is Debian X Strike Force <debian-x@lists.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Tue, 11 Oct 2016 15:48:02 UTC

Severity: important

Tags: patch, security, upstream

Found in versions libxfixes/1:5.0-4, libxfixes/1:5.0.2-1

Fixed in versions libxfixes/1:5.0-4+deb7u2, libxfixes/1:5.0.3-1

Done: Emilio Pozuelo Monfort <pochu@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#840442; Package src:libxfixes. (Tue, 11 Oct 2016 15:48:04 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian X Strike Force <debian-x@lists.debian.org>. (Tue, 11 Oct 2016 15:48:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libxfixes: CVE-2016-7944
Date: Tue, 11 Oct 2016 17:46:04 +0200
Source: libxfixes
Version: 1:5.0.2-1
Severity: important
Tags: security upstream patch

Hi,

the following vulnerability was published for libxfixes.

CVE-2016-7944[0]

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-7944

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Marked as found in versions libxfixes/1:5.0-4. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 15 Oct 2016 04:42:04 GMT) (full text, mbox, link).

Added tag(s) pending. Request was from Andreas Boll <andreas.boll.dev@gmail.com> to control@bugs.debian.org. (Tue, 25 Oct 2016 10:15:06 GMT) (full text, mbox, link).

Marked as fixed in versions libxfixes/1:5.0-4+deb7u2. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 29 Oct 2016 18:54:05 GMT) (full text, mbox, link).

Reply sent to Emilio Pozuelo Monfort <pochu@debian.org>:
You have taken responsibility. (Mon, 05 Dec 2016 19:21:10 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Mon, 05 Dec 2016 19:21:10 GMT) (full text, mbox, link).

Message #16 received at 840442-close@bugs.debian.org (full text, mbox, reply):

From: Emilio Pozuelo Monfort <pochu@debian.org>
To: 840442-close@bugs.debian.org
Subject: Bug#840442: fixed in libxfixes 1:5.0.3-1
Date: Mon, 05 Dec 2016 19:18:24 +0000
Source: libxfixes
Source-Version: 1:5.0.3-1

We believe that the bug you reported is fixed in the latest version of
libxfixes, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 840442@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emilio Pozuelo Monfort <pochu@debian.org> (supplier of updated libxfixes package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 05 Dec 2016 19:17:34 +0100
Source: libxfixes
Binary: libxfixes3 libxfixes3-udeb libxfixes-dev
Architecture: source
Version: 1:5.0.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Emilio Pozuelo Monfort <pochu@debian.org>
Description:
 libxfixes-dev - X11 miscellaneous 'fixes' extension library (development headers)
 libxfixes3 - X11 miscellaneous 'fixes' extension library
 libxfixes3-udeb - X11 miscellaneous 'fixes' extension library (udeb)
Closes: 840442
Changes:
 libxfixes (1:5.0.3-1) unstable; urgency=medium
 .
   [ Andreas Boll ]
   * New upstream release.
     - Fixes CVE-2016-7944 (Closes: #840442).
   * Update d/upstream/signing-key.asc with Matthieu Herrb's key.
   * Fix Vcs-* URLs.
   * Update a bunch of URLs in packaging to https.
 .
   [ Emilio Pozuelo Monfort ]
   * Bump debhelper compat to 10.
     + dh-autoreconf is now enabled by default.
     + --disable-silent-rules is passed to configure automatically.
Checksums-Sha1:
 4cf306512eedac397aa7be73996f684b385fcdba 2040 libxfixes_5.0.3-1.dsc
 5b3f9ae580286eeb90ef6833f22ccc95c45011fa 360412 libxfixes_5.0.3.orig.tar.gz
 29694ad77f022ac7833f45c2d78452ad9a0e6c0b 15140 libxfixes_5.0.3-1.diff.gz
Checksums-Sha256:
 87c1c491d8ff261b5a723c6c6aa974f315ff6f25f47425285a62065cbf944025 2040 libxfixes_5.0.3-1.dsc
 9ab6c13590658501ce4bd965a8a5d32ba4d8b3bb39a5a5bc9901edffc5666570 360412 libxfixes_5.0.3.orig.tar.gz
 95b9688465531c60ff372bf8a2eb5fdd456970cbbb679ba13e54d24af44fb904 15140 libxfixes_5.0.3-1.diff.gz
Files:
 61c0ec988bbcbec5b2a881b0b35082b2 2040 x11 optional libxfixes_5.0.3-1.dsc
 fd07d0d77e92b0a72ca1740a72322837 360412 x11 optional libxfixes_5.0.3.orig.tar.gz
 a8bb9daa2a26e508ec4cf7dbe0605da0 15140 x11 optional libxfixes_5.0.3-1.diff.gz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlhFuIgACgkQnUbEiOQ2
gwIh+RAAnsSKAXAGwlcUycnL+kVlx2cm+tLT8Y24UuX9EoSTjzhjsHptqGQ7ih4o
oY9xydzwrhY29d5ZlvinZZKmjmbRqu7umcnOrbnXZlQWqal4384EhEgRwR/Ym6zq
l49RzlehAORFRep5kT6Ymyj/q0QVd3GlUcx89193AJOY38h/QuUOlkcRQYDC7jha
tThTCSAZ3NJqkky2f1pDgSG38+R8ojsXNANWM6nmujsvoB4lbxgMBgKotLdFv9Zw
xtTwMJvvycMAKSmnosVVrhVk968OY4In0om/bn/II/6w0RHyRDaKzF4uzod11bbk
7nGzr3Bg/KKQhdWaB6lZXy51T2h+7acZFr0p4cEy4lHbeUhAYTvRshmNJOjrOmiu
C7PvmpiG3Vmyejvjyi5+UxgzcA95AFEYO1C0W6cGSNQNhmp+yuFVVK22ov/UJsZQ
YMe/WGOP9Zi0hYiPjl/bAytAef6fRDSzEjgEUGducP95JmDhprFm32u0QWOdskmz
Mjp+7CNKNt3ovhSeT8oIRGCSbq5/Ue23ImXZ85oJ7ST+OxFolR3kd/n9sFzquKom
RQwScXRWdu6WWbxFh6+NRcsyA/lWQ92PUx6si1jzHb0khxvBr3xcM0dTzF3VlcQs
Il7H9deCjbn+OsSVJ6pclxpdVSCUi2Pu3CTNN52ByX7FdGGAuXo=
=n0ka
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 27 Jan 2017 09:25:16 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 13:46:23 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started