Bug#989360: marked as done (netcdf: Multiple security issues in ezxml)

Sat, 11 Jun 2022 01:39:17 -0700 

Your message dated Sat, 11 Jun 2022 08:37:38 +0000
with message-id <[email protected]>
and subject line Bug#989360: fixed in netcdf 1:4.9.0-1
has caused the Debian Bug report #989360,
regarding netcdf: Multiple security issues in ezxml
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
989360: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989360
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: netcdf
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <[email protected]>

Multiple security issues were found in ezxml, which netcdf bundles:

CVE-2021-31598:
https://sourceforge.net/p/ezxml/bugs/28/

CVE-2021-31348 / CVE-2021-31347:
https://sourceforge.net/p/ezxml/bugs/27/

CVE-2021-31229:
https://sourceforge.net/p/ezxml/bugs/26/

CVE-2021-30485:
https://sourceforge.net/p/ezxml/bugs/25/

CVE-2021-26222:
https://sourceforge.net/p/ezxml/bugs/22/

CVE-2021-26221:
https://sourceforge.net/p/ezxml/bugs/21/

CVE-2021-26220:
https://sourceforge.net/p/ezxml/bugs/23/

CVE-2019-20202:
https://sourceforge.net/p/ezxml/bugs/17

CVE-2019-20201
https://sourceforge.net/p/ezxml/bugs/16

CVE-2019-20200:
https://sourceforge.net/p/ezxml/bugs/19

CVE-2019-20199:
https://sourceforge.net/p/ezxml/bugs/18

CVE-2019-20198:
https://sourceforge.net/p/ezxml/bugs/20

CVE-2019-20007:
https://sourceforge.net/p/ezxml/bugs/13

CVE-2019-20006:
https://sourceforge.net/p/ezxml/bugs/15

CVE-2019-20005:
https://sourceforge.net/p/ezxml/bugs/14
                        
Cheers,
         Moritz

--- End Message ---
--- Begin Message --- 
Source: netcdf
Source-Version: 1:4.9.0-1
Done: Bas Couwenberg <[email protected]>

We believe that the bug you reported is fixed in the latest version of
netcdf, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bas Couwenberg <[email protected]> (supplier of updated netcdf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 11 Jun 2022 08:35:40 +0200
Source: netcdf
Architecture: source
Version: 1:4.9.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian GIS Project <[email protected]>
Changed-By: Bas Couwenberg <[email protected]>
Closes: 989360
Changes:
 netcdf (1:4.9.0-1) unstable; urgency=medium
 .
   * New upstream release.
     (closes: #989360)
   * Update copyright file.
   * Add build dependencies for compression libraries.
   * Refresh patches.
   * Drop link-private.patch, causes FTBFS.
   * Use libxml2 instead of tinyxml2 embedded copy.
   * Update symbols for 4.9.0.
   * Add patch to fix library version and filename.
   * Update lintian overrides.
Checksums-Sha1:
 625c4e9027deb3b681d398029ccb3f8440bf0b2a 2363 netcdf_4.9.0-1.dsc
 af2a89f1bb61f34e58b01c3603b98c4fbc2232b8 19491744 netcdf_4.9.0.orig.tar.gz
 665761343c2bda46bcfa0181cb27ddb280c474da 33400 netcdf_4.9.0-1.debian.tar.xz
 c022ef3ef13313cfe9b05347e5d14849f826cbe9 11447 netcdf_4.9.0-1_amd64.buildinfo
Checksums-Sha256:
 aae11c389e2059d0d2cc71e912482e5e7bbc4197b0e275c704982649e5b63514 2363 
netcdf_4.9.0-1.dsc
 9f4cb864f3ab54adb75409984c6202323d2fc66c003e5308f3cdf224ed41c0a6 19491744 
netcdf_4.9.0.orig.tar.gz
 2cb5c94a36fbc9d498034e5232ac26589035a8cbc1790774571a3f91f4b1fb3f 33400 
netcdf_4.9.0-1.debian.tar.xz
 2b3558b560b860a93eb08f30bdb5b6cc8c21f6d1a456918e4e7f9ea77c5f9693 11447 
netcdf_4.9.0-1_amd64.buildinfo
Files:
 59fdd149ec6ef4d5b57308264ea38a82 2363 science optional netcdf_4.9.0-1.dsc
 27baa260ae527b405c38d1e103c1348b 19491744 science optional 
netcdf_4.9.0.orig.tar.gz
 7e58d185c84ce0e1474d25130b6fadd2 33400 science optional 
netcdf_4.9.0-1.debian.tar.xz
 c8e25a3cdd4414a2ad9dfaf0ab34376b 11447 science optional 
netcdf_4.9.0-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEgYLeQXBWQI1hRlDRZ1DxCuiNSvEFAmKkT+cACgkQZ1DxCuiN
SvGAlg/+JE8AP4kWUjpLN2pkXMX16HHXIuIsfaN4En+iq9/ttRhR0pxp5u2XIiH7
CZRNB5RN17ahc8J5Rfn/4bpFNmcj4mWGQT+O3O5piLrXBpEmeJev68OI8kdVQcx9
M8dRW+qR/fYlyF+xR25tdINMqQRMfqe2AdlsqeKWktG1e+WV92NGu0bVxdV7icwf
+t4WAftVX6vbWANwyddk2vhFHt92ZIypXDBLacK5ThxSnfvqLuQagexfw1ERUUbF
/1JG91AYnZaLf9jITGd2vd0vdPKLvOFOg8WAz97KcQPexca9EjbUzY4o3kJIXsYj
TfuTBWRgfFz/UoVVFYPkVqkBdnEc1Z9DKBnChovhvh4XeWIk87bIevkoRs34pXnq
d3HLbJMS/RIeTooWuRd04WIGNM4H4djyJyJnSScLgIsSZoP+4102so4a7XS1yiWO
NHhdMOp+C9JCLe6nP6zjWCUfgjnKBmNYGCfOjtqrGvDJ4PvjnzvvJM/XDgjfiSKd
QdZ4s9VAv8tEM39hNNLfoQrL0OplqSak60awUEKDXxiM3GAVelf6Ng1SA9T+JL7e
K/b0xzgBb6UGBy1maEyzFQ6e/PSzMATE3JWo+iEUj3OPTB4yJ0BR4XQ5vfYRBmCQ
reKoDFgs6RFne5yhBGSzcl9S+ra03esdgWi0hKGvRQK1P+dCMsE=
=IMkU
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to