Your message dated Sat, 31 Aug 2019 16:21:29 +0000
with message-id <[email protected]>
and subject line Bug#935553: fixed in libextractor 1:1.9-2
has caused the Debian Bug report #935553,
regarding libextractor: CVE-2019-15531
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
935553: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935553
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libextractor
Version: 1:1.9-1
Severity: important
Tags: security upstream
Forwarded: https://bugs.gnunet.org/view.php?id=5846
Hi,
The following vulnerability was published for libextractor.
CVE-2019-15531[0]:
| GNU Libextractor through 1.9 has a heap-based buffer over-read in the
| function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-15531
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15531
[1] https://bugs.gnunet.org/view.php?id=5846
[2]
https://git.gnunet.org/libextractor.git/commit/?id=d2b032452241708bee68d02aa02092cfbfba951a
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libextractor
Source-Version: 1:1.9-2
We believe that the bug you reported is fixed in the latest version of
libextractor, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bertrand Marc <[email protected]> (supplier of updated libextractor package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 31 Aug 2019 17:47:24 +0200
Source: libextractor
Architecture: source
Version: 1:1.9-2
Distribution: unstable
Urgency: high
Maintainer: Bertrand Marc <[email protected]>
Changed-By: Bertrand Marc <[email protected]>
Closes: 935553
Changes:
libextractor (1:1.9-2) unstable; urgency=high
.
* Add a patch from upstream to fix heap-based buffer over-read
(Closes: #935553, CVE-2019-15531).
Checksums-Sha1:
dc51a443ce2104313febcf52a576487317400329 2435 libextractor_1.9-2.dsc
c3e7fc143db562492c1c85ff729c557b8441e678 16368 libextractor_1.9-2.debian.tar.xz
0ed7c07cd1b7f8b5e117ced92d8b9f8816e8377b 19005
libextractor_1.9-2_amd64.buildinfo
Checksums-Sha256:
280bf23d2df88371e0fe9cf466012ee9008aad6a3c5865a66e2eb82f11298568 2435
libextractor_1.9-2.dsc
12f5b8407792d5530a843ead147fb510a4a5a658a836afc2e01e0e475d25e825 16368
libextractor_1.9-2.debian.tar.xz
d9e31487a813ca039779caa2ec73e918b6658e1e862850225b41e248bcc8439d 19005
libextractor_1.9-2_amd64.buildinfo
Files:
567938d6578863292fb2f197e28139e5 2435 libs optional libextractor_1.9-2.dsc
198ee246d52afa830faf3174df87c932 16368 libs optional
libextractor_1.9-2.debian.tar.xz
6ec44fc5b278220ac20d54661001d4ab 19005 libs optional
libextractor_1.9-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCAAvFiEEKUUr1GPOZwMj0JuIoEqzutviY+4FAl1qmqoRHGJtYXJjQGRl
Ymlhbi5vcmcACgkQoEqzutviY+4Yvw//XYb4XKBeAKpvX5YojHrpc3mkykK821zo
bizgMn7KtWGEB9srKOS8ePx3aKm4gSyNXcDaE2eisiRJFm0kpEPpkc6ojHWyDOHn
ZT74HyvkVcn5xhy87OqI+iBUFoHB7+usT8O1RVLk2L0Fp+jybnWjok9GXlBrwLTg
FAS1EZqPKVUTPTb0aOjD5eIrqzj8O4uIlQhSiXav35czQjWCPMobmjZmBtWtpaKn
P2dIrlnL2qj2sp8rg4Gp3+JtudbEnimizz8y02GHTm/xDFMaP9vgX1+N/a9eQjFR
1qoW8/EhBmb6yaXT72KKH7ZGKt8MwiY0muVFndXswOXIwOAfhZyPp0IjhbqBcCkT
rMpQr+C/+fEwCz088KTXELp3xfgs9tq/dFHq1qWw+qNYkW4356VEVJWih4LzTiZl
h/AMqvrpKEAksreDiePIZ6bqGHhxQoRVpklbVTcKDDI0D4mF2ffCIzPZ7kTDb3gB
Y185Tw331jyByABLX79AiQXyBaT75HyFH0YSn0Vpa7gX2URlmMJJLV3ipEZlN08B
7D0+5JEDmMd8ygQPoydb1Wf1kEK4LY3hx8cUfQltYc0j/n5HONdT9GcV9zA8lFEW
beEU6mhsHr23FkueEW8Wi7Rnp71tuQeSj0JZ1mqESz2fytQmz+G1T8QJfP/aVVFi
WeoFWlx7VTQ=
=KqGz
-----END PGP SIGNATURE-----
--- End Message ---