Debian Bug report logs -
#963778
CVE-2020-13999
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Fri, 26 Jun 2020 19:45:02 UTC
Severity: important
Tags: security
Found in version libemf/1.0.12-1
Fixed in version libemf/1.0.13-1
Done: bap@debian.org (Barak A. Pearlmutter)
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Barak A. Pearlmutter <bap@debian.org>:
Bug#963778; Package src:libemf.
(Fri, 26 Jun 2020 19:45:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Barak A. Pearlmutter <bap@debian.org>.
(Fri, 26 Jun 2020 19:45:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: libemf
Severity: important
Tags: security
Please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13999
Cheers,
Moritz
Reply sent
to bap@debian.org (Barak A. Pearlmutter):
You have taken responsibility.
(Fri, 26 Jun 2020 22:36:04 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Fri, 26 Jun 2020 22:36:04 GMT) (full text, mbox, link).
Message #10 received at 963778-close@bugs.debian.org (full text, mbox, reply):
Source: libemf
Source-Version: 1.0.13-1
Done: bap@debian.org (Barak A. Pearlmutter)
We believe that the bug you reported is fixed in the latest version of
libemf, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 963778@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Barak A. Pearlmutter <bap@debian.org> (supplier of updated libemf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 26 Jun 2020 23:21:35 +0100
Source: libemf
Architecture: source
Version: 1.0.13-1
Distribution: unstable
Urgency: medium
Maintainer: Barak A. Pearlmutter <bap@debian.org>
Changed-By: Barak A. Pearlmutter <bap@debian.org>
Closes: 963778
Changes:
libemf (1.0.13-1) unstable; urgency=medium
.
* New upstream version
- addresses security issue CVE-2020-13999 (closes: #963778)
- CVE-2020-11863, CVE-2020-11864, CVE-2020-11865, CVE-2020-11866 were
addressed in 1.0.12.
Checksums-Sha1:
700352827691d1108e9ed285fe88f05be6ae144a 2496 libemf_1.0.13-1.dsc
e3fb05cfe6ce080ba178602c2c252d9ed3360487 154280 libemf_1.0.13.orig.tar.xz
bd91655de2fe7bdaa3d28239eac39829e99822ad 30208 libemf_1.0.13-1.debian.tar.xz
702226a3b95df59e9123ce7fe1943ec7d7a35d2a 10310 libemf_1.0.13-1_source.buildinfo
Checksums-Sha256:
0aa0cbbff9a88805b72d102476e4dad7ec969a13d8ad4c60447ea1d171413de7 2496 libemf_1.0.13-1.dsc
f20f9597ed6e7db5de92c9d2c584beb0f0ae60cec5de29c2ff9065c97ff38f3b 154280 libemf_1.0.13.orig.tar.xz
587901f52aa374d683b02767b73a2a3efdfc5d993a19e87932082540fe7cccd1 30208 libemf_1.0.13-1.debian.tar.xz
fec845306bd702a6edadc3cc394470090994beea43614dec59b627f9bec8fe12 10310 libemf_1.0.13-1_source.buildinfo
Files:
ea3dc60f7a0745b9ff0376a3aa97bc04 2496 libs optional libemf_1.0.13-1.dsc
068659a542210b6f800d76aa41d773e2 154280 libs optional libemf_1.0.13.orig.tar.xz
bf929d4af94a59602ee89ecdc241790a 30208 libs optional libemf_1.0.13-1.debian.tar.xz
93a0d3a7589c237bb497d170bc8f4595 10310 libs optional libemf_1.0.13-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEEZPQp426hHMLZZlRvEltXR14ZDRgFAl72da4PHGJhcEBkZWJp
YW4ub3JnAAoJEBJbV0deGQ0Y8cwP/AvLzHiWEDzhTbeY2/IAKp4N54lJD3cLM/8+
7lemIKkBrtOKm2G/PefoUim0MiuYcBkKeA6jUqPdVxGcZuia0mTmLdjx7c7jb9Cn
KOKsUioWgfZlSgkZRHMW5FI2+t2DsJCW09qVwBsf+gjF5T+ZS6joTeILqimpa2nl
zYnDF9zfqq/9xSIKGOWxYQUZkcYe42LsM2wjax3H9GKd9CZZN0AA6k1+g2mQ/48S
F3LHBJNnViFROYT6mqQIIDz4b8Ou+ITV3fEwLolxNsQvNRpyYxuo6/G8xtlncI2S
RGqDsOb3gvIKAH9y1uoGJZh6cLnhyGK85PStHZSCIRxAUD7c/W6DTok6l7AT5dj9
aHCzpRfZ/UkjmgPubB9h5KoGFbfcVifpurvL0nS52/JKaP5b4v4U/ENjKWC/4p1E
DSYaJLFoilKnQ+lfuDUQuMEOIz5GQox0aKml0zqKwGxwUU/qu9REILR93EhdHGeT
cr8stdxgLln2KEEjpAV5um+i6odEf1+R/yE8deH6ZIshtkXu42mF6fCEk4hCG+Py
giDpoIQpTdB0UwANIxFAXsvDKgbFFuXhzK5+qWfli12Spyy9P0dKXxmZshSISqyF
iEPnZcEL+4t/J4WZBYaNuL6QbaxFxBmKWO9363S3+TdMGuF4b8JkHSN9zkDTY36B
hYhuMSnd
=GvRN
-----END PGP SIGNATURE-----
Marked as found in versions libemf/1.0.12-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Sat, 27 Jun 2020 03:54:03 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sat Jun 27 09:11:01 2020;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon