Your message dated Fri, 03 Feb 2017 08:49:27 +0000
with message-id <[email protected]>
and subject line Bug#853134: fixed in svgsalamander 1.1.1+dfsg-2
has caused the Debian Bug report #853134,
regarding svgsalamander: CVE-2017-5617
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
853134: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853134
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: svgsalamander
Version: 1.1.1+dfsg-1
Severity: important
Tags: upstream security
Forwarded: https://github.com/blackears/svgSalamander/issues/11
Hi,
the following vulnerability was published for svgsalamander.
CVE-2017-5617[0]:
SSRF issue
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-5617
[1] https://github.com/blackears/svgSalamander/issues/11
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: svgsalamander
Source-Version: 1.1.1+dfsg-2
We believe that the bug you reported is fixed in the latest version of
svgsalamander, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bas Couwenberg <[email protected]> (supplier of updated svgsalamander package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 03 Feb 2017 08:39:45 +0100
Source: svgsalamander
Binary: libsvgsalamander-java libsvgsalamander-java-doc
Architecture: source all
Version: 1.1.1+dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
<[email protected]>
Changed-By: Bas Couwenberg <[email protected]>
Description:
libsvgsalamander-java - SVG engine for Java
libsvgsalamander-java-doc - SVG engine for Java (documentation)
Closes: 853134
Changes:
svgsalamander (1.1.1+dfsg-2) unstable; urgency=medium
.
* Team upload.
* Add patch by Vincent Privat to fix CVE-2017-5617 (SSRF).
(closes: #853134)
Checksums-Sha1:
3770cbe76b0b2ed4d8b216dcd2837ee7ff1d811f 2196 svgsalamander_1.1.1+dfsg-2.dsc
2111eb84ec68cf057b61071c450dfcee7e87bd33 8100
svgsalamander_1.1.1+dfsg-2.debian.tar.xz
6880a1a8cfa19288d8f604aabaa490876f55b503 175524
libsvgsalamander-java-doc_1.1.1+dfsg-2_all.deb
3f00ad19a70a87a6dda71b69bc5a6b202976d412 276870
libsvgsalamander-java_1.1.1+dfsg-2_all.deb
7c6eb9fa627a4004811c624e7f8c4ae7e9337935 10382
svgsalamander_1.1.1+dfsg-2_amd64.buildinfo
Checksums-Sha256:
f964b53ec7ca5d727effd4918909b2c4cd5c151041c3405806fdb5b1636a90a0 2196
svgsalamander_1.1.1+dfsg-2.dsc
2becf22e5b1dbc85febf7db7a77f75689841e0bdf97edf68aedb04401b661c4d 8100
svgsalamander_1.1.1+dfsg-2.debian.tar.xz
a8c8246bffe346dca56d2c132e36f0b512fb70d6ee113a0c9e89994b10625e52 175524
libsvgsalamander-java-doc_1.1.1+dfsg-2_all.deb
f58ade8578a7a462743f9903fc26dcb5cc0efb9690dd394f07800c16782d7996 276870
libsvgsalamander-java_1.1.1+dfsg-2_all.deb
0698de1251aecb2860f78c858a507aa21a2bed515f93af577359146cc03840ca 10382
svgsalamander_1.1.1+dfsg-2_amd64.buildinfo
Files:
dd6e331f299d3a709ae870d1ad14784b 2196 java extra svgsalamander_1.1.1+dfsg-2.dsc
2f1e170e8ea7f7585806f9f9f5f09969 8100 java extra
svgsalamander_1.1.1+dfsg-2.debian.tar.xz
0c967507a7b81885f1502562e753d8ba 175524 doc extra
libsvgsalamander-java-doc_1.1.1+dfsg-2_all.deb
30bf685e9413bfd49cd77ef9113dc7ca 276870 java extra
libsvgsalamander-java_1.1.1+dfsg-2_all.deb
1c99c1e4089232a64dfe45ec41850055 10382 java extra
svgsalamander_1.1.1+dfsg-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJYlDW9AAoJEGdQ8QrojUrxhWMQAI9u6ubXBi8iLWot+R0QRSZ1
RIaoI14iT3rpe8QqoRAn7tgnqcEzogtHWxcB8i4vMc+WfWxdWrVfz9l8n/0WT/3n
ZZ7bIA8eFxXrCXJ1CF4sf5LT9Ugbib4QMscYkAksex/pNb+TYecKYba+gtyfXkCa
kooWfwaRbLSLiwK1i79mirSAEAs6l6Axiq4YPqDrUeVvSoQjDB1DSVMHSHVVq7Pw
EUzrJjcGV5RiC8qO1zvMduN5aYxeHTaPagxAlhmSzbo1ApUwduc3qDI4Dt1EUFTG
dOuvrFJKzdrd9CZ28Nac/3FSIFlHgB2KGgmOErVbx3Yu8w8eVRjwKZa7NsqqBpTk
qRwypgufVaFXp9J3+T2GOi/zX5XmYWkS+SB3STQUb/CNS/vUSZJb+IsY8MyJu72F
WnoCkB7ciC6mibcyMQnwZRU6xvO2hpFraqmtbSrBjlzeORXtCLqJBjvBkSaiSdV4
Ag3c4JO/cfjXQOwmhwzjClLFHaNwG9ru3udkPvZZGUE723GxbMZt4oPgbZH3a2hM
iSIoI+oZMemIIEWiOm/mxGk/lIeBk7WTfX8CpsdOfywaqphqj8I4NV/YODL1mQC2
x2YwBXDWGPVd9TPxLWf8zTQqeGrPkG+zwRmPzQutHLF0jHA9HDseGvI41xW1WGJN
pg5niHnEbZKXlIS3WyB0
=VIpb
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
[email protected] for discussions and questions.
