Ubuntu
libwmf package

Please merge 0.2.8.4-10.6 from Debian: for for allocating huge block of memory (CVE-2016-9011)

Bug #1676958 reported by Balint Reczey on 2017-03-28

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	libwmf (Debian)	Fix Released	Unknown	debbugs #842090
	libwmf (Ubuntu)	Fix Released	Low	Balint Reczey	Ubuntu ubuntu-17.03

Bug Description

Debian's changes:

Changes:
libwmf (0.2.8.4-10.6) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix allocating huge block of memory (CVE-2016-9011) (Closes: #842090)

Tags:

Revision history for this message

Balint Reczey (rbalint) wrote on 2017-03-28:

libwmf_0.2.8.4-10.6ubuntu1.patch Edit (2.8 KiB, text/plain)

Revision history for this message

Mathieu Trudel-Lapierre (cyphermox) wrote on 2017-03-28:

Is this fixing a current FTBFS? Do we have another bug for the memory usage issue in LP?

Furthermore, you may with to get rid of "[ Ubuntu Merge-o-Matic ]"; since you did the merge work yourself ;)

Finally, in this case there does not look to be any new features introduced with the merge. Am I correct in that assessment? This case is trivial here, but merges might otherwise require a Feature Freeze exception if merging introduces new features during a freeze period; see https://wiki.ubuntu.com/ZestyZapus/ReleaseSchedule.

Changed in libwmf (Ubuntu):
status:	New → In Progress
assignee:	nobody → Balint Reczey (rbalint)
milestone:	none → ubuntu-17.03

Revision history for this message

Mathieu Trudel-Lapierre (cyphermox) wrote on 2017-03-28:

Subscribed ubuntu-sponsors too (see https://wiki.ubuntu.com/SponsorshipProcess); but I'll do the sponsoring myself once the question above is answered.

Revision history for this message

Balint Reczey (rbalint) wrote on 2017-03-29:

libwmf_0.2.8.4-10.6ubuntu1.patch Edit (2.7 KiB, text/plain)

No, there is no FTBFS and there are no new features just a security fix.

Revision history for this message

Mathieu Trudel-Lapierre (cyphermox) wrote on 2017-03-29:

Can you please update the patch to also close this bug in changelog for the merge entry?

summary:

- Please merge 0.2.8.4-10.6 from Debian
+ Please merge 0.2.8.4-10.6 from Debian: for for allocating huge block of
+ memory (CVE-2016-9011)

Revision history for this message

Balint Reczey (rbalint) wrote on 2017-03-29:

libwmf_0.2.8.4-10.6ubuntu1.patch Edit (2.8 KiB, text/plain)

Sure, done. I wanted to ask earlier it this was preferred.

Mathew Hodson (mhodson) on 2017-04-02

information type:	Public → Public Security
Changed in libwmf (Ubuntu):
importance:	Undecided → Low

Bug Watch Updater (bug-watch-updater) on 2017-04-02

Changed in libwmf (Debian):
status:	Unknown → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2017-04-08:

This bug was fixed in the package libwmf - 0.2.8.4-10.6ubuntu1

---------------
libwmf (0.2.8.4-10.6ubuntu1) zesty; urgency=low

* Merge from Debian unstable. (LP: #1676958) Remaining changes:
- Split out GTK plugin into separate package.

-- Balint Reczey <email address hidden> Tue, 28 Mar 2017 15:37:26 +0000

Changed in libwmf (Ubuntu):
status:	In Progress → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

debbugs #842090
[done normal upstream patch security] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntulibwmf package

Please merge 0.2.8.4-10.6 from Debian: for for allocating huge block of memory (CVE-2016-9011)

Bug Description

Other bug subscribers

Patches

Remote bug watches

Ubuntu
libwmf package