Your message dated Tue, 02 Feb 2021 07:34:15 +0000 with message-id <e1l6qcv-000hdw...@fasolo.debian.org> and subject line Bug#954302: fixed in tika 1.22-2 has caused the Debian Bug report #954302, regarding tika: CVE-2020-1951 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 954302: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954302 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: tika Version: 1.22-1 Severity: grave Tags: security upstream Justification: user security hole Control: found -1 1.20-1 Hi, The following vulnerability was published for tika. CVE-2020-1951[0]: Infinite Loop (DoS) vulnerability in Apache Tika's PSDParser If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-1951 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1951 [1] https://www.openwall.com/lists/oss-security/2020/03/18/4 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: tika Source-Version: 1.22-2 Done: Moritz Muehlenhoff <j...@debian.org> We believe that the bug you reported is fixed in the latest version of tika, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 954...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Moritz Muehlenhoff <j...@debian.org> (supplier of updated tika package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 31 Jan 2021 22:18:47 +0100 Source: tika Architecture: source Version: 1.22-2 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Moritz Muehlenhoff <j...@debian.org> Closes: 954302 954303 Changes: tika (1.22-2) unstable; urgency=medium . * Cherrypick upstream commit to address CVE-2020-1950 and CVE-2020-1951 (Closes: #954303, #954302) Checksums-Sha1: 31fb5c91570fe58bc3e6f7c989bf7468afc53b3f 2732 tika_1.22-2.dsc 9ad02e6f35307838dd6d39cc8ff84c5016eed29a 10064 tika_1.22-2.debian.tar.xz 202ead43222ace98f70240335f8e8dc7c8f7e8a9 15597 tika_1.22-2_amd64.buildinfo Checksums-Sha256: 5a23fbd2bbe0a1b756385038078276e31e172ef7afe356bf9cdad01346738bc0 2732 tika_1.22-2.dsc b5dc83cbffe016c5a0659856a03ce73adf1a57f2e50efe14302589a5e92b8585 10064 tika_1.22-2.debian.tar.xz fbc99a32c97b8d31ffb1526b415cbd8752a97cd38dce8124ac10c178e52d81f8 15597 tika_1.22-2_amd64.buildinfo Files: d6f5cbfdb5d14c1bd011fa0bbca63782 2732 java optional tika_1.22-2.dsc 426d89c6ae323c62a02eac0e4b3f5de7 10064 java optional tika_1.22-2.debian.tar.xz 8f3ba6cc925ca4ff65b085c9d558cbf1 15597 java optional tika_1.22-2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmAY9hsACgkQEMKTtsN8 Tjb1eg/9GCgc4sDJIplYNRA03EY4e7CuTMXRvLzl4oqfbclhug1qb/xk8aQRPBFp gaLso7a6rblFyB7Du93AV62+DpdaHFMg1qB5KJMRHiNPaRtFBSlAo1u36nTEL7QF BXd26r39a2FfIQpf/olJkVRznTWolK/9IX8yKtXi1ErdEgFuoGaAcGTOs99a0b8s qJiGw/u/5pZ50I3rdWP6xrSXjGhKl7087ciSXNdGAjFR1fN7falSFZ2oLDn2hXgM +NzvmdjmLUsqpJ07BXrg1Bon+ErVNzcfSKGpGSMMxjkmGXVJAoC33fl1GeKOHkZr 5hJbw9pBfVL5hcGQHDGRUIGlzXxzEoArTwXndUBk1/5ZPxo+qY3nQrO34pAsORTa 6W+uMQ6lpSOQGo57J5b3QL8hSgGwmvttk1ffqlq4NEMwP2Isk2YNUUa3WMAhSX5z 1/Fmyae9tFMxtVbAN2OiC4BAo3+/SlG40gl26QXfu2RC8n8QTh7VgCuTVgwKOicu 4yEMW+AhYGoiTufvI5K5l1qrmbgHvPamLhrIbVOI4NwSR2+gpzPL9upqJQJTkRy/ FOauPcGlmAta694eCPMr/JEBzDVNEVPY3nGyhRldhXHnudfqpIDiZryXu8x3mbni uihfmuYGHfAx19TSdpEr3b8J9rQBE1ZT2egek12SETopIRTLhgE= =rrYv -----END PGP SIGNATURE-----
--- End Message ---
