Your message dated Thu, 19 Mar 2020 05:04:23 +0000
with message-id <[email protected]>
and subject line Bug#952948: fixed in pdfresurrect 0.20-1
has caused the Debian Bug report #952948,
regarding pdfresurrect: CVE-2020-9549
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
952948: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952948
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: pdfresurrect
Version: 0.19-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/enferex/pdfresurrect/issues/8
Control: found -1 0.15-2
Control: found -1 0.12-6
Hi,
The following vulnerability was published for pdfresurrect.
CVE-2020-9549[0]:
| In PDFResurrect 0.12 through 0.19, get_type in pdf.c has an out-of-
| bounds write via a crafted PDF document.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-9549
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9549
[1] https://github.com/enferex/pdfresurrect/issues/8
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: pdfresurrect
Source-Version: 0.20-1
Done: Francois Marier <[email protected]>
We believe that the bug you reported is fixed in the latest version of
pdfresurrect, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Francois Marier <[email protected]> (supplier of updated pdfresurrect package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 18 Mar 2020 21:44:15 -0700
Source: pdfresurrect
Architecture: source
Version: 0.20-1
Distribution: unstable
Urgency: high
Maintainer: Francois Marier <[email protected]>
Changed-By: Francois Marier <[email protected]>
Closes: 952948
Changes:
pdfresurrect (0.20-1) unstable; urgency=high
.
* New upstream version (closes: #952948) CVE-2020-9549.
Checksums-Sha1:
85bd0771f21a15d4ff0944d889b88e886b25e196 2023 pdfresurrect_0.20-1.dsc
49a4193a798aa83eba870c030b8ed22563d91272 67640 pdfresurrect_0.20.orig.tar.gz
3b5c82f60e04ae7c355467e8b06985f698dfe499 3088 pdfresurrect_0.20-1.debian.tar.xz
fa86bae4f23c23a2d74f9e853b67eb90a8126cf0 5498
pdfresurrect_0.20-1_source.buildinfo
Checksums-Sha256:
8ce8bdf8b548c87e2a0b90e7850d73c6779e4149b8ba5b90fc4fe149383d2b73 2023
pdfresurrect_0.20-1.dsc
880c669dbc74dee3cb75ebe4a2b5b106bb18c0802e4cf2853a9f39af196ec78c 67640
pdfresurrect_0.20.orig.tar.gz
fa52f8397269315021e8b54b3545e420cdc4c6ebf7ae62393f541a1162926605 3088
pdfresurrect_0.20-1.debian.tar.xz
c95bf6e5b27eadbff38238172462f4ca7a7df30c4b639153a3204d4d3c43cebc 5498
pdfresurrect_0.20-1_source.buildinfo
Files:
bd978e7bc3ac33aca6c65ea2df7c17bc 2023 text optional pdfresurrect_0.20-1.dsc
74f1bb4267b28180f522e7cdf252d850 67640 text optional
pdfresurrect_0.20.orig.tar.gz
2bc0e1a6aaecc2bb962d545cc7e8f146 3088 text optional
pdfresurrect_0.20-1.debian.tar.xz
cc93024c2d65cb44489ee45b665b0117 5498 text optional
pdfresurrect_0.20-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKoBAEBCgCSFiEEjEcLKgsxVo4RDUMlFigfLgB8mNEFAl5y+VhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDhD
NDcwQjJBMEIzMTU2OEUxMTBENDMyNTE2MjgxRjJFMDA3Qzk4RDEUHGZyYW5jb2lz
QGRlYmlhbi5vcmcACgkQFigfLgB8mNFZTQ//XriPerwNi+2UX/kMLkcQrGQ+/LG4
XoZW+i4LZxy+qH5hkkBySiguOwj/unGgbl/G5ok+RujlWQ4dbUm10xKGrNc6fq52
sdz1LU9MAotd/+EspCFUPQTi5i699/FA1WfRyThK+pw01tov/g5pRbgUSeYP9chF
wBpximEQav46a3zmk7x9F9TipuijRf54pDY5d3CRTDtOc+VX9SqzyP5kKP6iKXjD
ApMe3xgvr7zNrYjRAkk1cq0XS0K7aG3b4YB0p56O0M3AlaTtgn905p3LFtHwFws9
fI/tIiOkOzuX80pGM67ag/AHe/9VU7lSL55/2FVco5DVxtH+V2SlpEMSm65dsIYl
jcm/mGZrxm6lXe7KNaujL/ua9rYD1mHTD82EbEFj/b8pDEt6e+FTW3T8GIzOm1FM
0j1IT1tS3DflYz0PhtClgjdbgAnwLAMRwgxhvLN8h/EjoAH2ysbOLCWB5ZQOLHVh
NXyypYDnVFlOR9+PB36sRrBjZd5Hh+sNKBCClkNkezRyCEpicib+xnTitoO2lHq1
gpfOCfHXwtP3jsr40apHsIn1dNnrbCMzWfDV+NR5XOQ2Y4yEJcEvQgIV3QyALcQB
i6ZTey5dJ9kz5pVVuTxDt493yCrNIR/qztkZTZdbNs8wp8nSkkcAjQQ73j3lCLRn
/Gv5C+tUNrAcGYU=
=K6wD
-----END PGP SIGNATURE-----
--- End Message ---
