Debian Package Tracker

From: Dylan Aïssi <daissi@debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted transfig 1:3.2.5.e-4+deb8u2 (source amd64) into oldoldstable
Date: Tue, 21 Jan 2020 21:10:14 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 21 Jan 2020 21:49:04 +0100
Source: transfig
Binary: transfig
Architecture: source amd64
Version: 1:3.2.5.e-4+deb8u2
Distribution: jessie-security
Urgency: medium
Maintainer: Roland Rosenfeld <roland@debian.org>
Changed-By: Dylan Aïssi <daissi@debian.org>
Description:
 transfig   - Utilities for converting XFig figure files
Changes:
 transfig (1:3.2.5.e-4+deb8u2) jessie-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2018-16140: Buffer underwrite vulnerability in get_line()
      allows an attacker to write prior to the beginning of the
      buffer via a crafted .fig file.
   * CVE-2019-14275: Stack-based buffer overflow in the calc_arrow
      function in bound.c.
   * CVE-2019-19555: Stack-based buffer overflow because of an
      incorrect sscanf.
Checksums-Sha1:
 11e1410b25c3ae491606b39b04a39db88dcff92b 2018 transfig_3.2.5.e-4+deb8u2.dsc
 27aa9691bf84f8775db9be39c453a8132148bad1 531256 transfig_3.2.5.e.orig.tar.gz
 45e051945b79ce5383e268ddeade38bbaaf3ba64 226808 transfig_3.2.5.e-4+deb8u2.debian.tar.xz
 f0aa7f0e105f76ac08c1b8d7843999b02320aff5 635232 transfig_3.2.5.e-4+deb8u2_amd64.deb
Checksums-Sha256:
 12dc05e27b813e565ac99a15b3419e91128b93ef8705624697e9528d93f1cbcc 2018 transfig_3.2.5.e-4+deb8u2.dsc
 8ec5a8f13254dd155622ed3ee0fda1382b1e2b5882d83b9aca1871f12a3e7744 531256 transfig_3.2.5.e.orig.tar.gz
 fbff7e5a0792e658ee5c24ccfda163fe97ac05153c8a41adbfa4359ec136a881 226808 transfig_3.2.5.e-4+deb8u2.debian.tar.xz
 bf53302d7a178afe7635b4d5610d365a8ba891b29b5dff7d22ad545de907f52f 635232 transfig_3.2.5.e-4+deb8u2_amd64.deb
Files:
 8f412b6126c8851438ce42c5c9a2b592 2018 graphics optional transfig_3.2.5.e-4+deb8u2.dsc
 f547c67a93422c72039204f159f53ea9 531256 graphics optional transfig_3.2.5.e.orig.tar.gz
 99b77180f118826ea1357306160dfe1c 226808 graphics optional transfig_3.2.5.e-4+deb8u2.debian.tar.xz
 59ca0c23a4b8418642bc72d5371913b5 635232 graphics optional transfig_3.2.5.e-4+deb8u2_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEmjwHvQbeL0FugTpdYS7xYT4FD1QFAl4nZfsSHGRhaXNzaUBk
ZWJpYW4ub3JnAAoJEGEu8WE+BQ9U9msP/ij0UdC95DE+WuLQHGZ95PsTEi25OreQ
dOB1AuWyu0CFXz+ow/Ic8/LxmQ5Pbmh6uyVW2w56RJggRuPdqDouJ9HcoVhbvbHe
3i1g5aaLyo2f1YUPnC1p19xA8fnruPevmpcztNQ3cHfCv11P7IdxTdF91bPUF16a
x01/XmWj3eDVIKCms9K6AL3GaDv30DRAY3+L8GjeR+qZhOcoIEoL9+sacD5WrtqS
pZ5SHd2D0lpOPA7ohf88nOS0lYFgE/r9ooyFZtOPyoNE9aAvPojNWECe34OCdTRk
TNfUv0sU7iuo2aPWEQt0gQR06DnU67bvnkDMPgadzhRfbs9ngz1RuL8fvtLSsNw/
gmacrMwbBMPHoJqrl05IhhJEsCFCE7Euzn9dlIFmlHSIukhVpb+aBZD73+5MUssk
S32CfrC2/SfW2ogT5xfwVqDz9YXMQT99pJsRYGREEFZrdSGNsqgOU8NhysU9YDsm
G65Pw5oaHw3MpNIkoODyYcDG3QetFjLlHlxrK+J6TKWIqRUPEnnCje7sIQxc1BNz
P1nTOijysRMdBl6tAQGF6+5OlywzaxvZGV7f2ltQx7SIssc3oJis3hQeCUShapO3
ZdbU6wUDpUnrtt/mWcfQKvQXpjEW19Nq/MDWaQ3lmxLfTltOh0kPGPlD2QApigNV
SGWI2wwsLgtF
=Smo7
-----END PGP SIGNATURE-----
News for package transfig
