Your message dated Mon, 15 Apr 2019 10:47:08 +0000
with message-id <[email protected]>
and subject line Bug#921772: fixed in jabref 3.8.1+ds-3+deb9u1
has caused the Debian Bug report #921772,
regarding CVE-2018-1000652
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
921772: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921772
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: jabref
Severity: grave
Tags: security
This was assigned CVE-2018-1000652:
https://github.com/JabRef/jabref/issues/4229
https://github.com/JabRef/jabref/commit/89f855d76713b4cd25ac0830c719cd61c511851e
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: jabref
Source-Version: 3.8.1+ds-3+deb9u1
We believe that the bug you reported is fixed in the latest version of
jabref, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
gregor herrmann <[email protected]> (supplier of updated jabref package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 10 Feb 2019 20:25:26 +0100
Source: jabref
Binary: jabref
Architecture: source
Version: 3.8.1+ds-3+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Debian Java Maintainers
<[email protected]>
Changed-By: gregor herrmann <[email protected]>
Description:
jabref - graphical frontend to manage BibTeX and BibLaTeX databases
Closes: 921772
Changes:
jabref (3.8.1+ds-3+deb9u1) stretch; urgency=medium
.
[ gregor herrmann & tony mancill ]
* Add patch from upstream commit to fix CVE-2018-1000652: XML External
Entity attack.
Thanks to Moritz Muehlenhoff for the bug report. (Closes: #921772)
Checksums-Sha1:
0c99beafca298d3e33cbb2622bdd77a3288f3421 2687 jabref_3.8.1+ds-3+deb9u1.dsc
402c666fdac33f2010480f9b7fa50d0d4b7dae8b 46968
jabref_3.8.1+ds-3+deb9u1.debian.tar.xz
f33d5c897674baccf64937b7ba97c6b238409265 17056
jabref_3.8.1+ds-3+deb9u1_amd64.buildinfo
Checksums-Sha256:
0702d0818d255004c630b03e2ec8e5ae54a0567f450b6ffd12efa08b85c3a7fe 2687
jabref_3.8.1+ds-3+deb9u1.dsc
64fe6dc86b0a3fc935643984f7c7cc21185ab036ac4bdbb5e8023d5385d0230b 46968
jabref_3.8.1+ds-3+deb9u1.debian.tar.xz
4eb5fb999d302e3730f125482046e1ba6bd563acef3f15748f58d6e7608c35df 17056
jabref_3.8.1+ds-3+deb9u1_amd64.buildinfo
Files:
cb7a0f25172d6b787b7e1732532ee5ac 2687 tex optional jabref_3.8.1+ds-3+deb9u1.dsc
a1555d07ddd7a1eab2cadcf8b37d5bbc 46968 tex optional
jabref_3.8.1+ds-3+deb9u1.debian.tar.xz
c5bf02ce3d4de71439f732f111cce1b1 17056 tex optional
jabref_3.8.1+ds-3+deb9u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAlyziZsUHHRtYW5jaWxs
QGRlYmlhbi5vcmcACgkQIdIFiZdLPpa48Q/9GUWzL/AbCc65IyiydFMHLD9dgfjd
66KfAOBsDSgMwyJrylZUWnD9NViD51ggssvh7zaiN9BhKeVP8ESD8f+y2VKFk9+2
FasAAwWA4EcTnLN8LnwiuStbTYZUi4txT0nLFT7GOzJ9E0e7aC6+K/MEwfpk6qn0
7Bliu8zNOcJuNgkJR9ebzYLOdmOfR1Il/NfkfCaN4EMnJeI6YGLIppN0jWAPbpbO
LL3OVaJhnF9eH2YTn0GhRMZBnynz8lL9JkS6YUvF0nNoYg0CBgfyNJakXwyPpLCD
u+O8w+nxY3MyJVfhF50SfuOlyezxC/DbC5S7v3Tg3SHAmxYY8AjVRw3AAXMJGYjM
Zmy6FBvjiHFWy/tBJcEN9g/dbB9bqyHmCqvasYot92dANC6inAT1gmjLzQLM++S/
rNThdb44OQxSw0ZcVwSSqkUf9wjXG2/c6QBMcg4KteGg5jtr01N5iMpM+JKsM0FZ
UGsG6IC5sIgKqnHD/oJjkgNuB9dnZ5bQRs5NHdKLFB6Mj33bgN+6YMWKc+TfYz7H
Ahh8ExC7a2n+iaWMEUzj17GV5P4EcFkM3IXVDu/4pWt43Wc1HTi9V2en/VUNqGa+
idB79OFuy7aiNHuPfzJuupYpoMPY+/ZuzOPIm6hV9jAGEbNggwMvwcIaNnrcpGwU
RMXt9gI9y2KEgM0=
=2+xn
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
[email protected] for discussions and questions.
