Bug#895564: marked as done (CVE-2017-2896 CVE-2017-2897 CVE-2017-2919 CVE-2017-12111 CVE-2017-12110)
Your message dated Mon, 16 Apr 2018 20:47:10 + with message-id and subject line Bug#895564: fixed in r-cran-readxl 0.1.1-1+deb9u1 has caused the Debian Bug report #895564, regarding CVE-2017-2896 CVE-2017-2897 CVE-2017-2919 CVE-2017-12111 CVE-2017-12110 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 895564: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895564 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: r-cran-readxl Severity: grave Tags: security r-cran-readxl bundles libxls which is affected by a number of security vulnerabilities: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0426 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0404 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0403 Cheers, Moritz --- End Message --- --- Begin Message --- Source: r-cran-readxl Source-Version: 0.1.1-1+deb9u1 We believe that the bug you reported is fixed in the latest version of r-cran-readxl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 895...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dirk Eddelbuettel (supplier of updated r-cran-readxl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 13 Apr 2018 08:18:46 -0500 Source: r-cran-readxl Binary: r-cran-readxl Architecture: source amd64 Version: 0.1.1-1+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Dirk Eddelbuettel Changed-By: Dirk Eddelbuettel Description: r-cran-readxl - GNU R package to read Excel files Closes: 895564 Changes: r-cran-readxl (0.1.1-1+deb9u1) stretch-security; urgency=high . * src/endian.c: Updated from libxls upstream (Closes: #895564) * src/libxls/endian.h: Idem * src/libxls/ole.h: Idem * src/libxls/xls.h: Idem * src/libxls/xlsstruct.h: Idem * src/libxls/xlstool.h: Idem * src/libxls/xlstypes.h: Idem * src/ole.c: Idem * src/xls.c: Idem * src/xlstool.c: Idem . * This addresses CVE-2017-2896 CVE-2017-2897 CVE-2017-2919 CVE-2017-12111 CVE-2017-12110 with corresponding upstream patches. Checksums-Sha1: 61360fd6a3780b9222fe5b2cac6871d8ea0edfb2 1745 r-cran-readxl_0.1.1-1+deb9u1.dsc d7714ce4fce42ec753e751e3966c652990795d32 323034 r-cran-readxl_0.1.1.orig.tar.gz 79c290dfcdcaf87216109f244fc89489c18dffd2 21868 r-cran-readxl_0.1.1-1+deb9u1.debian.tar.xz a384c8b7f37ea1d7a6f45ec84e7f6954fdcf8935 1086354 r-cran-readxl-dbgsym_0.1.1-1+deb9u1_amd64.deb 1a2350f2e291e3b01bb3c93e80c191c394bd1642 8261 r-cran-readxl_0.1.1-1+deb9u1_amd64.buildinfo 5bc8fe4282efc4c5a8b3bf75f887e6727931a227 197664 r-cran-readxl_0.1.1-1+deb9u1_amd64.deb Checksums-Sha256: 93716d4c85de941554097f9333cf04df58b50e21415f1bd9f0c3d7b6d0a2767e 1745 r-cran-readxl_0.1.1-1+deb9u1.dsc 39d3da470137581a385c3130468d5e0ee5b5be9e46b6d3e93e4209dac3edf57a 323034 r-cran-readxl_0.1.1.orig.tar.gz 55e0ea1d4a40e9ef31bb90d0695fa48715d3ad109b077b53cc7069078537fd96 21868 r-cran-readxl_0.1.1-1+deb9u1.debian.tar.xz 529f19b41378156ca79dfd86cc52b5e12af2916f534bb4a8d7edf8bacfe808d0 1086354 r-cran-readxl-dbgsym_0.1.1-1+deb9u1_amd64.deb fea96b548846e900e467ff4f24b52bbb3f496b2d830fb5f8229b8662b34b007e 8261 r-cran-readxl_0.1.1-1+deb9u1_amd64.buildinfo dee521999cc22f272bee5c75f34065746829ead4ff151467df3cbc99ae889044 197664 r-cran-readxl_0.1.1-1+deb9u1_amd64.deb Files: cb6b740a26d405e0ad5d081451e6785b 1745 gnu-r optional r-cran-readxl_0.1.1-1+deb9u1.dsc 565fd569d520e62ecd174aa4d3e43ce3 323034 gnu-r optional r-cran-readxl_0.1.1.orig.tar.gz 3cbdab6a1a41ff4ff7aef5c5be293cf5 21868 gnu-r optional r-cran-readxl_0.1.1-1+deb9u1.debian.tar.xz aaf73941887e511c3418b66468050045 1086354 debug extra r-cran-readxl-dbgsym_0.1.1-1+deb9u1_amd64.deb 544cddafcf278c9c67a791f538f39f7f 8261 gnu-r optional r-cran-readxl_0.1.1-1+deb9u1_amd64.buildinfo 80d5b7e4271642ae3e2ac83658e297c6 197664 gnu-r optional r-cran-readxl_0.1.1-1+deb9u1_amd64.deb -BEGIN PGP SIGNATURE- iQIVAwUBWtOgFqFIn+KrmaIaAQg9Eg//fN7rfwGdpyIJB9Q1hC4gK+6RrOCe6XxK RDdFhZswcqlS/c/9hO5FYE9hYeNaO52pSaACY65K57pYT/Go52nsTClJ8s2FKWov
Bug#895564: marked as done (CVE-2017-2896 CVE-2017-2897 CVE-2017-2919 CVE-2017-12111 CVE-2017-12110)
Your message dated Thu, 12 Apr 2018 23:52:03 + with message-id and subject line Bug#895564: fixed in r-cran-readxl 1.0.0-2 has caused the Debian Bug report #895564, regarding CVE-2017-2896 CVE-2017-2897 CVE-2017-2919 CVE-2017-12111 CVE-2017-12110 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 895564: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895564 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: r-cran-readxl Severity: grave Tags: security r-cran-readxl bundles libxls which is affected by a number of security vulnerabilities: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0426 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0404 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0403 Cheers, Moritz --- End Message --- --- Begin Message --- Source: r-cran-readxl Source-Version: 1.0.0-2 We believe that the bug you reported is fixed in the latest version of r-cran-readxl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 895...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dirk Eddelbuettel (supplier of updated r-cran-readxl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 12 Apr 2018 18:16:20 -0500 Source: r-cran-readxl Binary: r-cran-readxl Architecture: source amd64 Version: 1.0.0-2 Distribution: unstable Urgency: medium Maintainer: Dirk Eddelbuettel Changed-By: Dirk Eddelbuettel Description: r-cran-readxl - GNU R package to read Excel files Closes: 895564 Changes: r-cran-readxl (1.0.0-2) unstable; urgency=medium . * src/endian.c: Updated from libxls upstream (Closes: #895564) * src/libxls/endian.h: Idem * src/libxls/ole.h: Idem * src/libxls/xls.h: Idem * src/libxls/xlsstruct.h: Idem * src/libxls/xlstool.h: Idem * src/libxls/xlstypes.h: Idem * src/ole.c: Idem * src/xls.c: Idem * src/xlstool.c: Idem . * debian/control: Set Build-Depends: to current R version * debian/control: Set Standards-Version: to current version * debian/control: Add Vcs-Browser: and Vcs-Git: * debian/compat: Increase level to 9 * debian/control: Switch from cdbs to dh-r * debian/rules: Idem Checksums-Sha1: 98c6f708029a56989a4f1734beb7627a5809f694 1918 r-cran-readxl_1.0.0-2.dsc 40cbd8d4d6a4148be5eb2046dddb208a39790aeb 22132 r-cran-readxl_1.0.0-2.debian.tar.xz fe3efa98de3ed40f0bc51e06625cb09afa6d7109 1291132 r-cran-readxl-dbgsym_1.0.0-2_amd64.deb 2f854f0f1cee7c17e4fc06054057a58f40aa66c8 8505 r-cran-readxl_1.0.0-2_amd64.buildinfo 3a527b9ad41b5aa5eaf5dcba9a56d09b30cea29b 694924 r-cran-readxl_1.0.0-2_amd64.deb Checksums-Sha256: d93ff910e1a2232266b266601904e256c62fd4182f199ae7e0a7db2f59adbd2c 1918 r-cran-readxl_1.0.0-2.dsc a9d09c1e429bd89468ca7276a5f5c444d5baf5d4817ce4a95559fd40d79824af 22132 r-cran-readxl_1.0.0-2.debian.tar.xz cd083c6bb9627609c80ca0091c30832cddf68e4137cb689bfad4e1bb5ad98eb4 1291132 r-cran-readxl-dbgsym_1.0.0-2_amd64.deb cfeedb526daebb485f3dda9c14a5874634e31b45b09c95442ed9341c2f918ca0 8505 r-cran-readxl_1.0.0-2_amd64.buildinfo bfb2b78379effadd76b3527679210e8a2f08657928cbf69a20fa3a38e3678adb 694924 r-cran-readxl_1.0.0-2_amd64.deb Files: e06f88aaa6baae80268eecb72f4fb688 1918 gnu-r optional r-cran-readxl_1.0.0-2.dsc 0a9a9c5c5ba9289c9057315ab2bd0e41 22132 gnu-r optional r-cran-readxl_1.0.0-2.debian.tar.xz f309d8debf7674367f5c191754be5e64 1291132 debug optional r-cran-readxl-dbgsym_1.0.0-2_amd64.deb f81bbc2c954a4e7cc7d9abbd84c631ff 8505 gnu-r optional r-cran-readxl_1.0.0-2_amd64.buildinfo 7503c6f2801dfbb620e8050505bb8a06 694924 gnu-r optional r-cran-readxl_1.0.0-2_amd64.deb -BEGIN PGP SIGNATURE- iQIVAwUBWs/rK6FIn+KrmaIaAQiqvg/8DKmEdh2SWIoOnwfIKQfa+kJ90Vuyc4Lv DKyKi3Ww4LrIOtNZ5LOAFWnCFK/lpz3mViqmdVEjpg1a9TYN/VI8uVIq0xvRjaE8 G3cJMRsq9HLk42ZVNXO9mf9PxSnLHnju54GRCLe56N4RT897my+bv/fh++QljB24 U8XuqWazmuWpH69+xDr6WugQ2BsazYIiR3qlDId48v4ZaNyDfedgiXliTjwGzFUD KnmPDI4f83gEcPKYSbBs1DCZLsagoJn1NxvGwo1WQfZqrxt2AB6FyiRJaGvJ8Kde YAcned5kdVw3TluAqtKYfVCWrblGc8zjuGFlYVIMXrB0VVyT30O9woBwL7JNps7T 9q21Mi25cCb53dig1WQGNQXYjsO5JDcniBdhY6QIXlwEwKL64yAyq