Bug#861557: marked as done (libpodofo: CVE-2017-6840)

Debian Bug Tracking System Wed, 17 May 2017 08:09:55 -0700

Your message dated Wed, 17 May 2017 15:05:38 +0000
with message-id <e1db0wa-0002rs...@fasolo.debian.org>
and subject line Bug#861557: fixed in libpodofo 0.9.4-6
has caused the Debian Bug report #861557,
regarding libpodofo: CVE-2017-6840
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
861557: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861557
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: libpodofo
Severity: grave
Tags: security

New podofo issues (no CVEs yet):

http://www.openwall.com/lists/oss-security/2017/03/02/10
http://www.openwall.com/lists/oss-security/2017/03/02/9
http://www.openwall.com/lists/oss-security/2017/03/02/8
http://www.openwall.com/lists/oss-security/2017/03/02/7
http://www.openwall.com/lists/oss-security/2017/03/02/6
http://www.openwall.com/lists/oss-security/2017/03/02/5
http://www.openwall.com/lists/oss-security/2017/03/02/4
http://www.openwall.com/lists/oss-security/2017/03/02/3
http://www.openwall.com/lists/oss-security/2017/03/02/2

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: libpodofo
Source-Version: 0.9.4-6

We believe that the bug you reported is fixed in the latest version of
libpodofo, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 861...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mattia Rizzolo <mat...@debian.org> (supplier of updated libpodofo package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 17 May 2017 14:54:40 +0200
Source: libpodofo
Binary: libpodofo-dev libpodofo-utils libpodofo0.9.4
Architecture: source
Version: 0.9.4-6
Distribution: unstable
Urgency: high
Maintainer: Mattia Rizzolo <mat...@debian.org>
Changed-By: Mattia Rizzolo <mat...@debian.org>
Description:
 libpodofo-dev - PoDoFo development files
 libpodofo-utils - PoDoFo utilities
 libpodofo0.9.4 - PoDoFo - library to work with the PDF file format
Closes: 854603 859329 859330 861557 861559 861560 861564 861565
Changes:
 libpodofo (0.9.4-6) unstable; urgency=high
 .
   * Add upstream patches for security issues:
     + CVE-2017-5855 Closes: #854603
     + CVE-2017-6840 Closes: #861557
     + CVE-2017-6842 Closes: #861559
     + CVE-2017-6843 Closes: #861560
     + CVE-2017-6847 Closes: #861564
     + CVE-2017-6848 Closes: #861565
     + CVE-2017-7378 Closes: #859330
     + CVE-2017-7380 CVE-2017-7381 CVE-2017-7382 CVE-2017-7383 Closes: #859329
Checksums-Sha1:
 a0141f73e16d353888dfb632826662ec66cc548c 2119 libpodofo_0.9.4-6.dsc
 93562112a91591e5c6b9c948a9aa066bad8c4f1a 14512 libpodofo_0.9.4-6.debian.tar.xz
 f1cd3ed5a17a27a0104ef4c119260df641d8301d 8322 libpodofo_0.9.4-6_amd64.buildinfo
Checksums-Sha256:
 1d96e62e5dc05c3da75b27c119f38059632a4b38b449a09f261609c658ac6501 2119 
libpodofo_0.9.4-6.dsc
 2d93ad73a0a76fb8c81bf8d8e4e28295521b2201de75bf43921c56fdde184ada 14512 
libpodofo_0.9.4-6.debian.tar.xz
 378cbccde338b4d202fb9d0e3ffd4db6d236d8afbc3afd555a710096baa8be8c 8322 
libpodofo_0.9.4-6_amd64.buildinfo
Files:
 616f6d73552c644f07f9aac81c68d586 2119 libdevel extra libpodofo_0.9.4-6.dsc
 69ed783b68d73ee280d264db44b0be2b 14512 libdevel extra 
libpodofo_0.9.4-6.debian.tar.xz
 3b44532d73422eca5c039607ce5be072 8322 libdevel extra 
libpodofo_0.9.4-6_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAlkcSacACgkQCBa54Yx2
K60wIA//Srh+elVV8U5HZ+/WygzwNsd4fCZdpvsTxgesLM5HCl80M3adaSZsHyFJ
zBiD5n/Xkgtc/fr4nLU3X2k++rkyiBulIuB2+vT/qDwa1oYgyQDWTH/DTJ+Y363d
9Bb6gI4LqytsgYgvDU2ZEEq73DYeQa5P7bGB4Bt+XYOlfKjd+xLAuVU6srWNuXSA
/sBshQhWDzvC+WAgXF0AW6Qe+Nz2g0LS4mw2qO80eZ5Tu0vLofpMvC+w7PssdPlK
RfPAngL9uEy28s6DFKf/GcAfCkd2CYfVQTU2QGoGeQei/GyTXXFzrDBK9UOXeMlz
XZuYfhBqwj6AYo1W7freJBzrOw5haTrGkZKUipcWUD7qlJRP0Sa54IOV9cr/R+3D
PljaLbIZQXrIO/z8xtVs3Yu6mKHgWPciPwu/nvs8U9Z4h7XSfHCVOM+vYyjW7imG
gkYR2G/2VnBI0wbs6+gepafSzZ60q9GNMAsMin1dllpRGEOiPpln/5ZFYHksZwDF
rqbNsYLOov/bNbgHKpy4Erf/qtKoa6QLrojN0vNQFjLiioTc3E1C667CvKH/hwn0
qwdQR4KUrG55lVJEAf4B707xeibU0i6oad59jxO0rK9YKXBac1zHyBcobU3hluhv
lp+AK8MgSrzwYwteG28eAfPEzRAz7CeK0KW6mVTRo696l5k7S0U=
=8FKk
-----END PGP SIGNATURE-----

--- End Message ---

Bug#861557: marked as done (libpodofo: CVE-2017-6840)

Reply via email to