Your message dated Sun, 12 Feb 2017 22:17:30 +0000
with message-id <[email protected]>
and subject line Bug#853134: fixed in svgsalamander 0~svn95-1+deb8u1
has caused the Debian Bug report #853134,
regarding svgsalamander: CVE-2017-5617
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
853134: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853134
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: svgsalamander
Version: 1.1.1+dfsg-1
Severity: important
Tags: upstream security
Forwarded: https://github.com/blackears/svgSalamander/issues/11
Hi,
the following vulnerability was published for svgsalamander.
CVE-2017-5617[0]:
SSRF issue
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-5617
[1] https://github.com/blackears/svgSalamander/issues/11
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: svgsalamander
Source-Version: 0~svn95-1+deb8u1
We believe that the bug you reported is fixed in the latest version of
svgsalamander, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bas Couwenberg <[email protected]> (supplier of updated svgsalamander package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 03 Feb 2017 09:03:52 +0100
Source: svgsalamander
Binary: libsvgsalamander-java libsvgsalamander-java-doc
Architecture: source all
Version: 0~svn95-1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers
<[email protected]>
Changed-By: Bas Couwenberg <[email protected]>
Description:
libsvgsalamander-java - SVG engine for Java
libsvgsalamander-java-doc - SVG engine for Java (documentation)
Closes: 853134
Changes:
svgsalamander (0~svn95-1+deb8u1) jessie-security; urgency=high
.
* Team upload.
* Add patch by Vincent Privat to fix CVE-2017-5617 (SSRF).
(closes: #853134)
Checksums-Sha1:
6518f599f8fccdc51863fc597198f9ad9141fc59 2229
svgsalamander_0~svn95-1+deb8u1.dsc
67e9342d85b65d607c48e5ad389141d68ea096b2 989743
svgsalamander_0~svn95.orig.tar.gz
2394d73544d6b9aa9a07f2f0202a42973c0e82bb 6356
svgsalamander_0~svn95-1+deb8u1.debian.tar.xz
f35995e2599f4c5ffdd929b199f29c853ad63907 258726
libsvgsalamander-java_0~svn95-1+deb8u1_all.deb
217f5d76df77a2106702d78644d3c521f18b117d 177350
libsvgsalamander-java-doc_0~svn95-1+deb8u1_all.deb
Checksums-Sha256:
ea1e8083f68d60fda9ba9b802f01164407d46478904bc6db604b9ab3fccf5380 2229
svgsalamander_0~svn95-1+deb8u1.dsc
97a6b7dd30322ed6938680a9c5746e658d17e02f6bafe1b3a4e2f48f0d2402bd 989743
svgsalamander_0~svn95.orig.tar.gz
e4b76c2e6430541d95b72c79d44f2298d4a8285af42bf324ebebbcd7f7d7ea12 6356
svgsalamander_0~svn95-1+deb8u1.debian.tar.xz
f5ffd4ad8a576faef57304c5af0c451110859ced4f37715de0e99afa6e845d2b 258726
libsvgsalamander-java_0~svn95-1+deb8u1_all.deb
b492ba971b32ca2e49aeffe7952b7818da4feee80c32c37a3e4d43f58fefaf16 177350
libsvgsalamander-java-doc_0~svn95-1+deb8u1_all.deb
Files:
fb51b355f3172d390e26e08d7566fdc1 2229 java extra
svgsalamander_0~svn95-1+deb8u1.dsc
ea543cb5a9a9d23d35cd9707bef518ab 989743 java extra
svgsalamander_0~svn95.orig.tar.gz
f0b102c3c598d5d9cfba5bfce9ee1d32 6356 java extra
svgsalamander_0~svn95-1+deb8u1.debian.tar.xz
e6e94e15ba8078676158745ba486765f 258726 java extra
libsvgsalamander-java_0~svn95-1+deb8u1_all.deb
b64a26bfccbd64ba00bdc0c91df0b864 177350 doc extra
libsvgsalamander-java-doc_0~svn95-1+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJYlFPHAAoJEGdQ8QrojUrxxCoP/Ry7P423H9jwYsQWAznI5I1e
+w+d26EkeDcbZoBA1bT0IYJteBsrYzgZCt4Ssv5x1dxWcU1QixNp1YfYJQdSuAHa
+55BN/04jc/YxS06iIjyO0YZNACnrheArffMmqeMJH8g3Rk7E9S79lA3JaNfHrF7
XzsX6qBky8G7kZNUQGhgob7N/eDUqcnOSw8CFBNqFl40y77zmugC4I4bgZyUahYV
haldRJVuD6AIxLXU9OkFZKP1WMPih70rlStMHmoFYUMuR+wrXSc6BVM/6/gNPnke
3A05cbuaYfCBAS003CQ8OVUTSZc0yaQes4crgzLtgXr87CW7H4e8W2loRO821a8N
79aFcICEXjCChBEnAsCox4QXgFoQ+HdcBC6Luq+L94YbKkjvKyCU+nt9y3jP0zJ8
PZKkkuqmLQwsReqY67mgrX47O2A0g/j9D2R13Kp50tyGBxkR9yV9nqfYuMj1slVV
ZApvA7Lq/hJzdc6Ywf3Upf6tDdMlcDyqWu1ssiHMc3nI+Gh81sW92zgW41+SoT/4
FYaht4e3seZkPeOmzSptLHJct7MyPdFyPpB9lRr6X0sXOYha71SxQnpG31q74xr6
e/afirBoUY1mgrRhXsPcSB2AwZOOQclu4J5RxLP3aLWHG3aT6qUzYH241Cp16Ytt
8TxcH6drtXChyRcScWbk
=NgmT
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
[email protected] for discussions and questions.
