Bug#916584: marked as done (libpodofo: CVE-2018-11255)

Debian Bug Tracking System Sat, 09 Jan 2021 14:03:18 -0800

Your message dated Sat, 09 Jan 2021 22:00:12 +0000
with message-id <[email protected]>
and subject line Bug#916584: fixed in libpodofo 0.9.7+dfsg-1
has caused the Debian Bug report #916584,
regarding libpodofo: CVE-2018-11255
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
916584: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916584
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Source: libpodofo
Version: 0.9.6+dfsg-3
Severity: important
Tags: security upstream
Forwarded: https://sourceforge.net/p/podofo/tickets/20

Hi,

The following vulnerability was published for libpodofo.

CVE-2018-11255[0]:
| An issue was discovered in PoDoFo 0.9.5. The function
| PdfPage::GetPageNumber() in PdfPage.cpp in PoDoFo 0.9.5 allows remote
| attackers to cause a denial of service (NULL pointer dereference and
| application crash) via a crafted PDF document.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-11255
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11255
[1] https://sourceforge.net/p/podofo/tickets/20

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: libpodofo
Source-Version: 0.9.7+dfsg-1
Done: Mattia Rizzolo <[email protected]>

We believe that the bug you reported is fixed in the latest version of
libpodofo, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mattia Rizzolo <[email protected]> (supplier of updated libpodofo package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 09 Jan 2021 18:57:56 +0100
Source: libpodofo
Binary: libpodofo-dev libpodofo-utils libpodofo-utils-dbgsym libpodofo0.9.7 
libpodofo0.9.7-dbgsym
Architecture: source amd64
Version: 0.9.7+dfsg-1
Distribution: experimental
Urgency: medium
Maintainer: Mattia Rizzolo <[email protected]>
Changed-By: Mattia Rizzolo <[email protected]>
Description:
 libpodofo-dev - PoDoFo development files
 libpodofo-utils - PoDoFo utilities
 libpodofo0.9.7 - PoDoFo - library to work with the PDF file format
Closes: 916584
Changes:
 libpodofo (0.9.7+dfsg-1) experimental; urgency=medium
 .
   * New upstream version 0.9.7+dfsg.
     + CVE-2018-11255 Closes: #916584
   * Drop all patches, applied upstream.
   * Rename library package to match the SONAME.
   * Update d/copyright.
   * Bump debhelper compat level to 13:
     + Drop dh_missing --fail-missing, now the default.
   * Bump Standards-Version to 4.5.1, no changes needed.
Checksums-Sha1:
 3c3e356ba27e5569b028e4282a60cb2e347fa0d8 2179 libpodofo_0.9.7+dfsg-1.dsc
 412c135833a986f96ca8cb51628b902a883d128a 749616 
libpodofo_0.9.7+dfsg.orig.tar.xz
 333bc401e3102353407354c6123ba003f8c56b17 8728 
libpodofo_0.9.7+dfsg-1.debian.tar.xz
 8632088fb2e754d935ab489239ea4c161929f9b5 163876 
libpodofo-dev_0.9.7+dfsg-1_amd64.deb
 ae3f0184a14547ec9e2d774fb5bb239214d09217 1449820 
libpodofo-utils-dbgsym_0.9.7+dfsg-1_amd64.deb
 50f8b52e2d1f58bf9528084cf7f44a2752b7f025 201324 
libpodofo-utils_0.9.7+dfsg-1_amd64.deb
 628228d29443586c1ee4aadd766dcf4c1c4d3940 4368992 
libpodofo0.9.7-dbgsym_0.9.7+dfsg-1_amd64.deb
 4f662d6ab527a967698c219aa9031c58cf1deb09 517568 
libpodofo0.9.7_0.9.7+dfsg-1_amd64.deb
 b77cc04d9c78a94ce3f10f5443e0755927112753 8987 
libpodofo_0.9.7+dfsg-1_amd64.buildinfo
Checksums-Sha256:
 941362c108cfdf92f94933e1b93f847a28ad585922e273432a40726111194f5d 2179 
libpodofo_0.9.7+dfsg-1.dsc
 ff517ca09e5a41e9bdb33e984cdadc5c98280f4723e033f8d7345150ccdc1473 749616 
libpodofo_0.9.7+dfsg.orig.tar.xz
 5f2ed05fd90ce5b766c2e1e739b5660300b9ada9489f056fdc9225f627976032 8728 
libpodofo_0.9.7+dfsg-1.debian.tar.xz
 b6e72c737919e3b7e868801679f749aa18bfffc6dbb14c36757b4580399701b1 163876 
libpodofo-dev_0.9.7+dfsg-1_amd64.deb
 80d3823da510caf9b25f6b4f2117dc9cf0b717a45c354d64042f6147ce92ec45 1449820 
libpodofo-utils-dbgsym_0.9.7+dfsg-1_amd64.deb
 0136ea4083b57593c6f3fb649de1fe90b404aa353e513e87b8f6d62dc4555504 201324 
libpodofo-utils_0.9.7+dfsg-1_amd64.deb
 78fb23cec0a14c3deabf79765d856ec328f14e5fc251847ed466aea7af71d5ee 4368992 
libpodofo0.9.7-dbgsym_0.9.7+dfsg-1_amd64.deb
 5c261bea677cb40ed6d5c90d77d7f9ae1ecc44b9663754e2c669754959c6c27f 517568 
libpodofo0.9.7_0.9.7+dfsg-1_amd64.deb
 a431db5975da3e30ae2710195af4c8078591d24097b1c70d93556e228fba936a 8987 
libpodofo_0.9.7+dfsg-1_amd64.buildinfo
Files:
 d6787ce6f5c647c485c18708f266a984 2179 libdevel optional 
libpodofo_0.9.7+dfsg-1.dsc
 c939125afd2501ab9b9d3c490cca42cd 749616 libdevel optional 
libpodofo_0.9.7+dfsg.orig.tar.xz
 847834d500c467944a593a9e8a07fdc0 8728 libdevel optional 
libpodofo_0.9.7+dfsg-1.debian.tar.xz
 dfc0b852f39657fbb3666020a14a8938 163876 libdevel optional 
libpodofo-dev_0.9.7+dfsg-1_amd64.deb
 4b9dacfaf964923cda0794ce89b5e10e 1449820 debug optional 
libpodofo-utils-dbgsym_0.9.7+dfsg-1_amd64.deb
 641acc32321557549a8757f7d6cf3bea 201324 utils optional 
libpodofo-utils_0.9.7+dfsg-1_amd64.deb
 547e4f97de754af1db32bf6abfe114c2 4368992 debug optional 
libpodofo0.9.7-dbgsym_0.9.7+dfsg-1_amd64.deb
 b0f795898d217b7e11a010b3b343c167 517568 libs optional 
libpodofo0.9.7_0.9.7+dfsg-1_amd64.deb
 c3d71845e36d7a10ec97ed4875c1e06b 8987 libdevel optional 
libpodofo_0.9.7+dfsg-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAl/578AACgkQCBa54Yx2
K639Jg/+OiUjNNYbRQOeh4e/66X3a6ysMJDOq6Km2ZWDnM+SoyDQD1RCuiBllTB0
GNDlvm1jquVE+kJRlT2NGoxB6D9+lLQB57MeHVXX5J2fMBOKySX/cWwTu1WQMTVx
k2EXrGZL/mXnWEcndAPD9527ggrvB+L9ey1XXL//BpKUfpfzOLwNuiGSPSwwbhag
CIvFsEDT7SifMeocsNmJXtIrvdB6eYch9ht8vXsVtvajTDwRMjpnJxPF/CQNh9dY
gM5nrTBRHS5bznwM0tX3wIEoaw9/M7Q0pV/XCXgVUI3/4mdE3yk5RBPGSnROCTYM
ivGpGDMNX0e8cjzV3pfjjlsEPiDXWf2xLBTSoFApbV+FLqbbqC25LYnqx4Xkt29u
w7XcGygumHTIQvV6V48SjSMDMQ1+jZ0ChwzZM9yGHuZp3Y3JX0C1avLOJyEN/mw/
LxoOHGPr2mXF3j+kVw5NOpbd/eBqTKTRYGNpKFhCoThK9nVmdfQ1aIAXcnp2RA7Z
aX42qpqvHgAelxzJoEYlQkJh0indXkc4CohraYcUj+ionu+hjnt6vndPJJM4C0oV
6Fx2vfTHFHCkpk9MQgvRClIxQMJLb3pq6tCDS/cTTRsx4pzTUtfL1y9aqsoHkkOm
XjI6E0ufVPk+/2uFSceTN8NJVw//V66qQ2xQ4PR70viuusV3hlU=
=pnAI
-----END PGP SIGNATURE-----

--- End Message ---

Bug#916584: marked as done (libpodofo: CVE-2018-11255)

Reply via email to