[Bug 1655252] Re: Sync libxi 2:1.7.8-2 (main) from Debian unstable (main)

Timo Aaltonen tjaalton at ubuntu.com
Tue Jan 10 13:12:09 UTC 2017 

This bug was fixed in the package libxi - 2:1.7.8-2

---------------
libxi (2:1.7.8-2) unstable; urgency=medium

  * Cherry-pick upstream commit 557b6079, don't free an uninitialized
    buffer. Closes: #849026.

 -- Emilio Pozuelo Monfort <pochu at debian.org>  Thu, 29 Dec 2016 11:22:29
+0100

libxi (2:1.7.8-1) unstable; urgency=medium

  [ Andreas Boll ]
  * New upstream release.
    - Fixes CVE-2016-7945 and CVE-2016-7946 (Closes: #840440).
  * Update d/upstream/signing-key.asc with Matthieu Herrb's key.
  * Update a bunch of URLs in packaging to https.
  * Bump Standards-Version to 3.9.8, no changes needed.

  [ Emilio Pozuelo Monfort ]
  * Acknowledge 2:1.7.6-1.1 NMU.
  * Cherry-pick upstream commit 7ac03c6c to plug a memory leak in the
    security fix.
  * Cherry-pick upstream commit 4c5c8d62, check a buffer was allocated
    before writing to it.
  * Bump debhelper compat to 10.
    + debhelper now calls dh-autoreconf automatically.
    + debhelper now enables --parallel by default.
  * Switch to -dbgsym packages.
  * debhelper passes --disable-silent-rules to configure for us.
  * Drop explicit build target. dh $@ can handle it.

 -- Emilio Pozuelo Monfort <pochu at debian.org>  Tue, 06 Dec 2016 00:50:24
+0100

libxi (2:1.7.6-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Mark libxi-dev as Multi-Arch: same. Closes: #689068.
  * Explicitly specify documentation's anchor ids instead of generating
    non-reproducible ones during the build (Francois Gouget).

 -- Matthias Klose <doko at debian.org>  Thu, 03 Nov 2016 14:52:54 +0100

** Changed in: libxi (Ubuntu)
       Status: New => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7945

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7946

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1655252

Title:
  Sync libxi 2:1.7.8-2 (main) from Debian unstable (main)

Status in libxi package in Ubuntu:
  Fix Released

Bug description:
  Please sync libxi 2:1.7.8-2 (main) from Debian unstable (main)

  Explanation of the Ubuntu delta and why it can be dropped:
    * Mark libxi-dev as Multi-Arch: same. Closes: #689068.
    * Explicitly specify documentation's anchor ids instead of generating
      non-reproducible ones during the build (Francois Gouget).
  This delta was applied in a Debian NMU.

  Changelog entries since current zesty version 2:1.7.6-1ubuntu1:

  libxi (2:1.7.8-2) unstable; urgency=medium

    * Cherry-pick upstream commit 557b6079, don't free an uninitialized
      buffer. Closes: #849026.

   -- Emilio Pozuelo Monfort <pochu at debian.org>  Thu, 29 Dec 2016
  11:22:29 +0100

  libxi (2:1.7.8-1) unstable; urgency=medium

    [ Andreas Boll ]
    * New upstream release.
      - Fixes CVE-2016-7945 and CVE-2016-7946 (Closes: #840440).
    * Update d/upstream/signing-key.asc with Matthieu Herrb's key.
    * Update a bunch of URLs in packaging to https.
    * Bump Standards-Version to 3.9.8, no changes needed.

    [ Emilio Pozuelo Monfort ]
    * Acknowledge 2:1.7.6-1.1 NMU.
    * Cherry-pick upstream commit 7ac03c6c to plug a memory leak in the
      security fix.
    * Cherry-pick upstream commit 4c5c8d62, check a buffer was allocated
      before writing to it.
    * Bump debhelper compat to 10.
      + debhelper now calls dh-autoreconf automatically.
      + debhelper now enables --parallel by default.
    * Switch to -dbgsym packages.
    * debhelper passes --disable-silent-rules to configure for us.
    * Drop explicit build target. dh $@ can handle it.

   -- Emilio Pozuelo Monfort <pochu at debian.org>  Tue, 06 Dec 2016
  00:50:24 +0100

  libxi (2:1.7.6-1.1) unstable; urgency=medium

    * Non-maintainer upload.
    * Mark libxi-dev as Multi-Arch: same. Closes: #689068.
    * Explicitly specify documentation's anchor ids instead of generating
      non-reproducible ones during the build (Francois Gouget).

   -- Matthias Klose <doko at debian.org>  Thu, 03 Nov 2016 14:52:54 +0100

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxi/+bug/1655252/+subscriptions

More information about the Ubuntu-sponsors mailing list