Your message dated Sat, 06 Oct 2018 14:45:57 +0000
with message-id <[email protected]>
and subject line Bug#910390: fixed in libpdfbox-java 1:1.8.16-1
has caused the Debian Bug report #910390,
regarding libpdfbox-java: CVE-2018-11797
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
910390: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910390
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libpdfbox-java
Version: 1:1.8.12-1
Severity: important
Tags: security upstream
Control: found -1 1:1.8.15-1
Control: clone -1 -2
Control: reassign -2 src:libpdfbox2-java 2.0.11-1
Control: retitle -2 libpdfbox2-java: CVE-2018-11797
Hi,
The following vulnerability was published for libpdfbox-java.
CVE-2018-11797[0]:
denial of service vulnerability
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-11797
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11797
[1] https://www.openwall.com/lists/oss-security/2018/10/05/4
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libpdfbox-java
Source-Version: 1:1.8.16-1
We believe that the bug you reported is fixed in the latest version of
libpdfbox-java, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Markus Koschany <[email protected]> (supplier of updated libpdfbox-java package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 06 Oct 2018 15:47:18 +0200
Source: libpdfbox-java
Binary: libpdfbox-java libpdfbox-java-doc libjempbox-java libjempbox-java-doc
libfontbox-java libfontbox-java-doc
Architecture: source
Version: 1:1.8.16-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
<[email protected]>
Changed-By: Markus Koschany <[email protected]>
Description:
libfontbox-java - Java font library
libfontbox-java-doc - Java font library (Documentation)
libjempbox-java - XMP Compatible Java Library
libjempbox-java-doc - XMP Compatible Java Library (documentation)
libpdfbox-java - PDF library for Java
libpdfbox-java-doc - PDF library for Java (documentation)
Closes: 910390
Changes:
libpdfbox-java (1:1.8.16-1) unstable; urgency=medium
.
* Team upload.
* New upstream version 1.8.16.
- Fix CVE-2018-11797: denial-of-service via specially crafted PDF file.
(Closes: #910390)
* Declare compliance with Debian Policy 4.2.1.
Checksums-Sha1:
08528048a82c8ba62b2247113f46f78e5fc49f09 2834 libpdfbox-java_1.8.16-1.dsc
992a5e484d02e9e8d3dc0e64c8bf527b1bdd7af7 6551876
libpdfbox-java_1.8.16.orig.tar.xz
56ca2b51ee51227c289eb8bca3cdf993c4df28e9 11604
libpdfbox-java_1.8.16-1.debian.tar.xz
3e0f364650a0ef3d5bc8ddbe40ea1989db1d2154 17170
libpdfbox-java_1.8.16-1_amd64.buildinfo
Checksums-Sha256:
568d6472cb0cf10b78e0a214b60b8bac7bf378434e3d4107f6bc506916e6bff2 2834
libpdfbox-java_1.8.16-1.dsc
33571a3fc7c7353d4ced7665a8679b62eaad804df7e3f3f16a776dc75a67fb03 6551876
libpdfbox-java_1.8.16.orig.tar.xz
a49d4e21feec12ae9cd185f8f9420c77b7833eb936754355e60c73dead90b54b 11604
libpdfbox-java_1.8.16-1.debian.tar.xz
a8cb7d7fab4eb81641ca2d7d66a92ccab5da3746cb97b0ebc2fbf264940b4f99 17170
libpdfbox-java_1.8.16-1_amd64.buildinfo
Files:
70ffbde10d9ec923ec1e1c2923eb4cb5 2834 java optional libpdfbox-java_1.8.16-1.dsc
1fa679668910d82f8ebfcfc098e81574 6551876 java optional
libpdfbox-java_1.8.16.orig.tar.xz
fbd2f0b84e021bd77ad9e6a54628048a 11604 java optional
libpdfbox-java_1.8.16-1.debian.tar.xz
1acf2987a28a82eca6485c90b735c8e2 17170 java optional
libpdfbox-java_1.8.16-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlu4vmdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkPPAQAMeS3rQP3vBAgwxU6VzsMdAsEl5V6wvcDgd4
NjO1VDCnoMB8fHP4IwtFshp/SXb4LCXHOSz1tS1kurIu1POgFVjyxGAdgldz6Jyd
BHlvq1W60gR5eVZbAABw9ihMBf3zTxAQwstHs2vsJUJg0fQehDBj3pMxovg2j9l/
/ucsX/xIT3Wjv1ezUQnbuU3PTGa3nyPhp0R2NkocBFeirPRXhht6AZTSKblFTHG8
+w4xOJ97qcMz3fD6gPRDRDBw3mQaIW5fPlf2tMW0H5DUZwrmYoyyyOBDpPJ4BCEA
7iGSr9xR+tjJKLYIzTUBJgj9XxBJFkrNRHVOVVifnyUtMaKNwZbcrQ8jwJIgPJbl
5Td13OdI9lLvCtmgpf/2fcPApUZSL5M7QreWMAlBqdJj2OslpuDCbf5NyLC6AviW
NyhGyyJyMScawpva5wpyKKiq3rJsO6mb0eWI3ia4CeSFMhPGUlrJSKM1k3c6/r/i
Y7vWQyS9BhEJinSoGaX5kA/ch+m8NoP0ZEzdfGXItgTLMPiwUzu/pJrpD4iGLf6Z
9KnVGUUpExWH91spOkfGgxl9VbQtd4QuBuzfyR8s4j8uDC5erL1QxuLlwF46+Gy0
c5OSAPWdrG6INKuFTeABfMkGmvNN2dow+cS4OuZhvrgaVqE9mqIlsjJ55ryeF3kM
rJHxXk1V
=3W5O
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
[email protected] for discussions and questions.
