Your message dated Sat, 06 Oct 2018 10:34:14 +0000
with message-id <[email protected]>
and subject line Bug#910391: fixed in libpdfbox2-java 2.0.12-1
has caused the Debian Bug report #910391,
regarding libpdfbox2-java: CVE-2018-11797
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
910391: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910391
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libpdfbox-java
Version: 1:1.8.12-1
Severity: important
Tags: security upstream
Control: found -1 1:1.8.15-1
Control: clone -1 -2
Control: reassign -2 src:libpdfbox2-java 2.0.11-1
Control: retitle -2 libpdfbox2-java: CVE-2018-11797
Hi,
The following vulnerability was published for libpdfbox-java.
CVE-2018-11797[0]:
denial of service vulnerability
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-11797
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11797
[1] https://www.openwall.com/lists/oss-security/2018/10/05/4
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libpdfbox2-java
Source-Version: 2.0.12-1
We believe that the bug you reported is fixed in the latest version of
libpdfbox2-java, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Markus Koschany <[email protected]> (supplier of updated libpdfbox2-java package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 06 Oct 2018 12:05:00 +0200
Source: libpdfbox2-java
Binary: libpdfbox2-java libpdfbox2-java-doc libfontbox2-java
libfontbox2-java-doc
Architecture: source
Version: 2.0.12-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
<[email protected]>
Changed-By: Markus Koschany <[email protected]>
Description:
libfontbox2-java - Java font library
libfontbox2-java-doc - Java font library (Documentation)
libpdfbox2-java - PDF library for Java
libpdfbox2-java-doc - PDF library for Java (documentation)
Closes: 910391
Changes:
libpdfbox2-java (2.0.12-1) unstable; urgency=medium
.
* New upstream version 2.0.12.
- Fix CVE-2018-11797: denial-of-service via specially crafted PDF file.
(Closes: #910391)
* Declare compliance with Debian Policy 4.2.1.
Checksums-Sha1:
b293f911d139952ad7c947f086e5a55dec87504a 2562 libpdfbox2-java_2.0.12-1.dsc
cf9fa4b8a471349dbdc0f9d1ea90c6121cb9f5be 9683144
libpdfbox2-java_2.0.12.orig.tar.xz
dadaa95cc4635d395efaff5e30d220f6de36f91e 9132
libpdfbox2-java_2.0.12-1.debian.tar.xz
303507f7d0607c109b340456f466a084b67ab0be 16537
libpdfbox2-java_2.0.12-1_amd64.buildinfo
Checksums-Sha256:
f9f451eac9cc80028b9563c87573dd5a2bdf5aa1c7881081ee7bc2378c72d80f 2562
libpdfbox2-java_2.0.12-1.dsc
463468e6e13a72278dcde9d96733ad5aa628d701cb3b2ff946dc21981a33fbf4 9683144
libpdfbox2-java_2.0.12.orig.tar.xz
de9fabb46999c63f61e5f0083b1a32c340943446f9049a3d5de1536bc2f373ac 9132
libpdfbox2-java_2.0.12-1.debian.tar.xz
fdb4a29c4eb84ad923a7334ec41518368e015553cdaf4a22d81d502ceaac57b0 16537
libpdfbox2-java_2.0.12-1_amd64.buildinfo
Files:
2bd63dab153ce8f5214d90882f827180 2562 java optional
libpdfbox2-java_2.0.12-1.dsc
f4a0b7951c8e74b539c44808640673aa 9683144 java optional
libpdfbox2-java_2.0.12.orig.tar.xz
8e9ccbf3c85c22ce04a9e9ad1d727cfe 9132 java optional
libpdfbox2-java_2.0.12-1.debian.tar.xz
bac1d9f3a1cc3c543e1450d3895622af 16537 java optional
libpdfbox2-java_2.0.12-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlu4inFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkNH4QAMcKIctLgaYbRMD39qJE5AHsvrAsWCZVsdsm
HBDb2T7Qvjb3p09WCoD2Q2DODHfUlScKCWy8V3CS/wvQashieKSv0q4wdajAxcNE
CCaCAmnqwlQh10jifGRm4rYAvbWcIWVB63jXsIzZd/6JJx4C4iL//6C7rZQmFWwO
aeRKOhATY0jJgooo4h4FTzAGpEgt5CGUk/tRzrpxrkVDGt+LB8YsJrEqySB+pcRN
gzZnACS3bdHFnB7w5AOt5AlJM9IEm3fEL2kQS2I/IH7FSVHN3NTy92k/2Ago0v3P
lXOg0OD1/dtOViSBfru/+F7n6sAJJ3h6EfpGEIQtTNOIiaCA8CfSrhzK3as5TuVa
6MiI/NH9rmcjvteNN4WpXWPP/Mn3SrKd5BOy8prYH56QN5FUDXUgtIebw0Ts7TEt
/8jTkMwoHjzxv4NCDO7I6X3+LDSItJhsO1n1v2LX4OBGvZiNSjEvE56Jy5vFAQT9
fRS6VJ5rC7zaG3R0lUfETeyuSj5S4WSmRapj+BBi6rOv7foCjv5sxeImXI98/TEk
I9vb4vcyrfFqXyHqmVyseU9CSv3sEx9OdPI6Ww6HDY0OBFf61Xisp3VM2Aa7VmbK
gqGoF05bHZOcH1bcbdkctcJukfinYDuCtdg8ILvkiFJEbKh9KzSOpe+wPCfw0iMN
rCFZSe+4
=jZWJ
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
[email protected] for discussions and questions.
