Bug#895564: marked as done (CVE-2017-2896 CVE-2017-2897 CVE-2017-2919 CVE-2017-12111 CVE-2017-12110)

Mon, 16 Apr 2018 13:51:06 -0700 

Your message dated Mon, 16 Apr 2018 20:47:10 +0000
with message-id <e1f8b1q-000cwd...@fasolo.debian.org>
and subject line Bug#895564: fixed in r-cran-readxl 0.1.1-1+deb9u1
has caused the Debian Bug report #895564,
regarding CVE-2017-2896 CVE-2017-2897 CVE-2017-2919 CVE-2017-12111 
CVE-2017-12110
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
895564: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895564
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: r-cran-readxl
Severity: grave
Tags: security

r-cran-readxl bundles libxls which is affected by a number of security 
vulnerabilities:

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0426
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0404
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0403

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: r-cran-readxl
Source-Version: 0.1.1-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
r-cran-readxl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 895...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dirk Eddelbuettel <e...@debian.org> (supplier of updated r-cran-readxl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 13 Apr 2018 08:18:46 -0500
Source: r-cran-readxl
Binary: r-cran-readxl
Architecture: source amd64
Version: 0.1.1-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Dirk Eddelbuettel <e...@debian.org>
Changed-By: Dirk Eddelbuettel <e...@debian.org>
Description:
 r-cran-readxl - GNU R package to read Excel files
Closes: 895564
Changes:
 r-cran-readxl (0.1.1-1+deb9u1) stretch-security; urgency=high
 .
   * src/endian.c: Updated from libxls upstream (Closes: #895564)
   * src/libxls/endian.h: Idem
   * src/libxls/ole.h: Idem
   * src/libxls/xls.h: Idem
   * src/libxls/xlsstruct.h: Idem
   * src/libxls/xlstool.h: Idem
   * src/libxls/xlstypes.h: Idem
   * src/ole.c: Idem
   * src/xls.c: Idem
   * src/xlstool.c: Idem
 .
   * This addresses
        CVE-2017-2896
         CVE-2017-2897
         CVE-2017-2919
         CVE-2017-12111
         CVE-2017-12110
     with corresponding upstream patches.
Checksums-Sha1:
 61360fd6a3780b9222fe5b2cac6871d8ea0edfb2 1745 r-cran-readxl_0.1.1-1+deb9u1.dsc
 d7714ce4fce42ec753e751e3966c652990795d32 323034 r-cran-readxl_0.1.1.orig.tar.gz
 79c290dfcdcaf87216109f244fc89489c18dffd2 21868 
r-cran-readxl_0.1.1-1+deb9u1.debian.tar.xz
 a384c8b7f37ea1d7a6f45ec84e7f6954fdcf8935 1086354 
r-cran-readxl-dbgsym_0.1.1-1+deb9u1_amd64.deb
 1a2350f2e291e3b01bb3c93e80c191c394bd1642 8261 
r-cran-readxl_0.1.1-1+deb9u1_amd64.buildinfo
 5bc8fe4282efc4c5a8b3bf75f887e6727931a227 197664 
r-cran-readxl_0.1.1-1+deb9u1_amd64.deb
Checksums-Sha256:
 93716d4c85de941554097f9333cf04df58b50e21415f1bd9f0c3d7b6d0a2767e 1745 
r-cran-readxl_0.1.1-1+deb9u1.dsc
 39d3da470137581a385c3130468d5e0ee5b5be9e46b6d3e93e4209dac3edf57a 323034 
r-cran-readxl_0.1.1.orig.tar.gz
 55e0ea1d4a40e9ef31bb90d0695fa48715d3ad109b077b53cc7069078537fd96 21868 
r-cran-readxl_0.1.1-1+deb9u1.debian.tar.xz
 529f19b41378156ca79dfd86cc52b5e12af2916f534bb4a8d7edf8bacfe808d0 1086354 
r-cran-readxl-dbgsym_0.1.1-1+deb9u1_amd64.deb
 fea96b548846e900e467ff4f24b52bbb3f496b2d830fb5f8229b8662b34b007e 8261 
r-cran-readxl_0.1.1-1+deb9u1_amd64.buildinfo
 dee521999cc22f272bee5c75f34065746829ead4ff151467df3cbc99ae889044 197664 
r-cran-readxl_0.1.1-1+deb9u1_amd64.deb
Files:
 cb6b740a26d405e0ad5d081451e6785b 1745 gnu-r optional 
r-cran-readxl_0.1.1-1+deb9u1.dsc
 565fd569d520e62ecd174aa4d3e43ce3 323034 gnu-r optional 
r-cran-readxl_0.1.1.orig.tar.gz
 3cbdab6a1a41ff4ff7aef5c5be293cf5 21868 gnu-r optional 
r-cran-readxl_0.1.1-1+deb9u1.debian.tar.xz
 aaf73941887e511c3418b66468050045 1086354 debug extra 
r-cran-readxl-dbgsym_0.1.1-1+deb9u1_amd64.deb
 544cddafcf278c9c67a791f538f39f7f 8261 gnu-r optional 
r-cran-readxl_0.1.1-1+deb9u1_amd64.buildinfo
 80d5b7e4271642ae3e2ac83658e297c6 197664 gnu-r optional 
r-cran-readxl_0.1.1-1+deb9u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIVAwUBWtOgFqFIn+KrmaIaAQg9Eg//fN7rfwGdpyIJB9Q1hC4gK+6RrOCe6XxK
RDdFhZswcqlS/c/9hO5FYE9hYeNaO52pSaACY65K57pYT/Go52nsTClJ8s2FKWov
U7ogcU/AGbzVeDjOs4vZvbjyokHaXcfapJNCxpjIrje/sq/6bs0Efrp5WFDAT2x0
MRb1tqYHT2/L210EK36p0ilSLT+I17AEqjW9vvOFBRwgxjsjxdnfiDGPF6P1skx+
kEBTnt9pCGt8Nal5meIzVn0Gxr2LZ+MyCichKHeMkphY0rU1Tz+VCW4wnp+/cWX+
N3UMPEfJxHlplKE3ocFHWNsctYN7twRck9mAzxF+l0ZZAzlvLsxl6gnE7yPBPTfD
Iro9iRaxm5ccvSKauMBW4B258X3ZnkGQrwuuLQx0cVgHQydz7eh9nrXInrTP5AE4
RvfTJdwlf4zWFE5tk8XeBgqRiXyzvkkGz+y8j32N6S4VU/JhcnRllxsV3NtoCZwq
Qev32BbN6PT150s3V+CXa+ppwnlol0S+Y7eXy3hz25KP2iy7jd0f1fPMmnNF/PQR
9ssJXRWyTErNccwFYYSlKpvtTRGDbA/y2A/xSieEoAUoYNAbzDOmjZS1jbW96bIj
6vBoNc7xqVKv7StiGGZMgi1KclNsNC3odYLthq9aNR4EgsfOt21MchbMsViD8FLy
8Kv5o33oj7Y=
=RKyZ
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to