Your message dated Sun, 29 Aug 2021 22:34:03 +0000
with message-id <[email protected]>
and subject line Bug#991526: fixed in libpdfbox2-java 2.0.24-1
has caused the Debian Bug report #991526,
regarding libpdfbox2-java: CVE-2021-31811 CVE-2021-31812
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
991526: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991526
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libpdfbox2-java
Version: 2.0.23-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: clone -1 -2
Control: reassign -2 src:libpdfbox-java 1:1.8.16-2
Control: retitle -2 libpdfbox-java: CVE-2021-31811 CVE-2021-31812
Hi,
The following vulnerabilities were published for libpdfbox2-java.
CVE-2021-31811[0]:
| In Apache PDFBox, a carefully crafted PDF file can trigger an
| OutOfMemory-Exception while loading the file. This issue affects
| Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812[1]:
| In Apache PDFBox, a carefully crafted PDF file can trigger an infinite
| loop while loading the file. This issue affects Apache PDFBox version
| 2.0.23 and prior 2.0.x versions.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-31811
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31811
[1] https://security-tracker.debian.org/tracker/CVE-2021-31812
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31812
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libpdfbox2-java
Source-Version: 2.0.24-1
Done: Markus Koschany <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libpdfbox2-java, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Markus Koschany <[email protected]> (supplier of updated libpdfbox2-java package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 30 Aug 2021 00:05:48 +0200
Source: libpdfbox2-java
Architecture: source
Version: 2.0.24-1
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers
<[email protected]>
Changed-By: Markus Koschany <[email protected]>
Closes: 991526
Changes:
libpdfbox2-java (2.0.24-1) unstable; urgency=high
.
* New upstream version 2.0.24.
- Fix CVE-2021-31811:
In Apache PDFBox, a carefully crafted PDF file can trigger an
OutOfMemory-Exception while loading the file. This issue affects Apache
PDFBox version 2.0.23 and prior 2.0.x versions.
- Fix CVE-2021-31812:
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite
loop while loading the file. This issue affects Apache PDFBox version
2.0.23 and prior 2.0.x versions.
(Closes: #991526)
* Remove debian/gbp.conf again until we reach a consensus in Debian how to
maintain Git repositories.
* Declare compliance with Debian Policy 4.6.0.
Checksums-Sha1:
72f11ffdf71367b6c935ef3d9e47560ef8f74490 2560 libpdfbox2-java_2.0.24-1.dsc
9c4e9be56f4cee564eb4ea5fd5a3527dce2edf10 10258128
libpdfbox2-java_2.0.24.orig.tar.xz
ec01214fa39c9c417f8072280a62e9279a3f1965 10148
libpdfbox2-java_2.0.24-1.debian.tar.xz
a10786a7bb722d145010e79853ff983bced08a41 16159
libpdfbox2-java_2.0.24-1_amd64.buildinfo
Checksums-Sha256:
d00ef6506a05e07efcb29465707896cc306e9a0006f3458cb60b0273f942d842 2560
libpdfbox2-java_2.0.24-1.dsc
68f66ddb789564a7f99be32556fc0b69dec7a760a0e83ce520a39684436de602 10258128
libpdfbox2-java_2.0.24.orig.tar.xz
634c771d80cc58b8fe2dfc364031e3588c1ed734843f2d9878cc65025a667104 10148
libpdfbox2-java_2.0.24-1.debian.tar.xz
0bf8534401cceaddfb446beb37d3e3af708ffcb24d8e0926b4e342c34f3eea53 16159
libpdfbox2-java_2.0.24-1_amd64.buildinfo
Files:
bd54b7cccbccf8df2dd60441e7c4b7b5 2560 java optional
libpdfbox2-java_2.0.24-1.dsc
8e21f3c9738c3ac0b5f6c00beb3c1f3a 10258128 java optional
libpdfbox2-java_2.0.24.orig.tar.xz
b7b965c424f8522f38f0db9990a0da63 10148 java optional
libpdfbox2-java_2.0.24-1.debian.tar.xz
f96d02628ab1d4e4646bf8de1eb14a1a 16159 java optional
libpdfbox2-java_2.0.24-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmEsB61fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkphEQAJSIa2Vw4DWLVj1L+ag+ei8Q8W+Lm07oEPv8
AY3skFdbYG41gCSjwMrp8Kur0OdqssNHRXoPiT8aX2aS/4gVYk41SBpVm/UKUEeB
AVRTHzokJmYbki3nOpKIJf+ARz0kh4k8OwHXcc4ZxPotv/7+8NFT6DzpUW0xokDE
PA94SSG4X2PTlMPdmnMHqj0YXbe5nj/xG7noJWR0FyOKdWHD5WwtJdcXaIptLW3D
3YjUyoA+ocwam7u+bMqSb2w4yNsYAk2ceoEGkPp5IYkAyCGIrD/QDPU3aFC1nrRi
Fo8HWGZC/zpHjiuCHCkIYJU3lvtWb+YHRcM5lWBCF9tydP4KY58RhQpC8jvTNuE7
WpexoCbiOl1qqVr10neNuqwgBaYs7/k3NgixbvcmzcLJr/AMjKKXP1EDCAT9fJGw
EdNhwpuNZQasuerz3QCLIF6rb3YH+iX/xFQ8ehW5akXH0tA3X/rz98+DmzPPGMhP
9qxqiHt00P9K5U1jdez+2p5TVSfaGrOYHeElPO8YQh26d6+L4D0sM/lAEsBnYDUw
Axt2uV5rrrxqodpFOsn70d0zOOFcQZJdkxQWSLQH5T1HMlux8pFGZnssosFXy065
tOc8utxRuFmNlSXLpJWZ2cwodxqklE0favVug2uDhzU8dav/MVLcl7/QpaUzXweS
StuCnrzu
=7N9V
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
[email protected] for discussions and questions.
