Your message dated Mon, 05 Apr 2021 15:03:23 +0000 with message-id <e1ltql9-0005lw...@fasolo.debian.org> and subject line Bug#986008: fixed in libpdfbox2-java 2.0.23-1 has caused the Debian Bug report #986008, regarding libpdfbox2-java: CVE-2021-27906 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 986008: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986008 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libpdfbox2-java Version: 2.0.22-1 Severity: important Tags: security upstream Forwarded: https://issues.apache.org/jira/browse/PDFBOX-5112 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for libpdfbox2-java. CVE-2021-27906[0]: | A carefully crafted PDF file can trigger an OutOfMemory-Exception | while loading the file. This issue affects Apache PDFBox version | 2.0.22 and prior 2.0.x versions. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-27906 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27906 [1] https://issues.apache.org/jira/browse/PDFBOX-5112 [2] https://www.openwall.com/lists/oss-security/2021/03/19/10 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libpdfbox2-java Source-Version: 2.0.23-1 Done: tony mancill <tmanc...@debian.org> We believe that the bug you reported is fixed in the latest version of libpdfbox2-java, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 986...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. tony mancill <tmanc...@debian.org> (supplier of updated libpdfbox2-java package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 04 Apr 2021 19:42:29 -0700 Source: libpdfbox2-java Architecture: source Version: 2.0.23-1 Distribution: unstable Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: tony mancill <tmanc...@debian.org> Closes: 986006 986008 Changes: libpdfbox2-java (2.0.23-1) unstable; urgency=high . * Team upload * Add debian/gbp.conf for DEP14 layout * New upstream version 2.0.23 Fixes CVE-2021-27807 (Closes: #986006) Fixes CVE-2021-27906 (Closes: #986008) Checksums-Sha1: fb32eb5055db02ff4ace2a8d174d16f58a110768 2438 libpdfbox2-java_2.0.23-1.dsc f8ac1697a83baeaca61e5a37cb096cdac7d8ed8d 10267924 libpdfbox2-java_2.0.23.orig.tar.xz 640c18a3d093929c25e130ff668a7e465e83dd00 10004 libpdfbox2-java_2.0.23-1.debian.tar.xz 97c13e3d81fca66820fa31487f6f9a4427a7520b 16272 libpdfbox2-java_2.0.23-1_amd64.buildinfo Checksums-Sha256: db583482304089ea6017e2bb6aaf715c5595f1648b530a56f0d8d50041467d8b 2438 libpdfbox2-java_2.0.23-1.dsc 15b3509ff3e59f2881aa0369507463d75ee086cb378f632bf0d8de0d8ceb9981 10267924 libpdfbox2-java_2.0.23.orig.tar.xz 9fd2a7cb089b73b0cabc7110656569ae54eb613bf83bbc94986063b6311e631e 10004 libpdfbox2-java_2.0.23-1.debian.tar.xz 3289f69e0c602646524b351d035a1eff0580433ce76d6729ef177293e5d0e191 16272 libpdfbox2-java_2.0.23-1_amd64.buildinfo Files: 18acb7fe83c19d1e70b6a16016073c75 2438 java optional libpdfbox2-java_2.0.23-1.dsc 33f0d111d907a5bc0b07a6ee532dd1b5 10267924 java optional libpdfbox2-java_2.0.23.orig.tar.xz 3c05203cc2b78cc7e363bf8d077c14bb 10004 java optional libpdfbox2-java_2.0.23-1.debian.tar.xz 2303084004af415812060ea9acc069d3 16272 java optional libpdfbox2-java_2.0.23-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAmBrIsUUHHRtYW5jaWxs QGRlYmlhbi5vcmcACgkQIdIFiZdLPpZRwxAA2cTM1ExuIJmF2w/HJIycvtiFnY+o fVi1DH+BTAsWAhqEXVfeknXi1vha45cfgTdgHzuK8cukIKA7AEYulSk5HY+33MUL A007NWq4Dr+EqtgtHo2AhRi6VFlJwI18/wDGbx1kw8xCANUvscuNtmCNAa4y8szS ecN1V+WM0f6M0IVjumZcbUE4TAKbaJ51C7VhpT8nj82mqJBjtMfuTLYvupn6avwY lmtVzfK+pFI1Akc9pF0ecLwknXrDhDiemJcJJ+vscsx/QUeD8BF7jEUrggdQ4UHK GtkKXLYUHA12eBWi1aYvdf6ZE2RL+L+ht5q0V15tJCRG2yPinDOc8fUP3IzsS2bi oFbNY8Z/mWmGE3S/1/CFZFv+8p4X3win/UU5PGz3gBSN0qIuJIExd77MErFTOXhJ iwh3S2XSCp8oLz3lvTRstt9xZdzo2V7hB5cEQd9URwKA16AdESiTWzEIDS6T2Agd +s6tI58Eg/uOavzIjp4QXzMSOcSklCDSDEqPa3Smxh11wpixLWyFwyNqzbGJPjky oY4+hF0CKTC40L9c0OKyif3fLzd9E9sdUGaPHSvwH/Ywlo8Xh8jzFAN8FJf4HX7f /JnReTV015th8Ou4N4g23yALtP4+O31lWHu9jLZUowtoqlQ9yv/zAH7X6EzFLNHL 4kUtWti3i8jcJ4Y= =foE6 -----END PGP SIGNATURE-----
--- End Message ---
__ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
