Bug#805398: marked as done (latex2rtf: CVE-2015-8106: format string vulnerability)

[Debian Bug Tracking System]

Your message dated Sat, 9 Apr 2016 19:57:08 +0200
with message-id <20160409175708.GA2231@eldamar.local>
and subject line Re: Bug#805398: latex2rtf: CVE-2015-8106: format string 
vulnerability
has caused the Debian Bug report #805398,
regarding latex2rtf: CVE-2015-8106: format string vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
805398: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=805398
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: latex2rtf
Version: 2.3.8-1
Severity: normal
Tags: security upstream

Hi,

the following vulnerability was published for latex2rtf.

CVE-2015-8106[0]:
format string vulnerability

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-8106
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1282492

For jessie latex2rtf is already compiled with hardening flags,
mitigtating the issue. But could you fixe the issue as well via a
stable proposed-update?

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: latex2rtf
Source-Version: 2.3.10-1

Hi Chris,

On Tue, Nov 17, 2015 at 07:03:20PM +0100, Salvatore Bonaccorso wrote:
> Source: latex2rtf
> Version: 2.3.8-1
> Severity: normal
> Tags: security upstream
> 
> Hi,
> 
> the following vulnerability was published for latex2rtf.
> 
> CVE-2015-8106[0]:
> format string vulnerability
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2015-8106
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1282492
> 
> For jessie latex2rtf is already compiled with hardening flags,
> mitigtating the issue. But could you fixe the issue as well via a
> stable proposed-update?

This has been fixed with version 2.3.10-1. Can you schedule a fix as
well in Jessie via the next point release?

Regards,
Salvatore

--- End Message ---