Bug#934319: marked as done (CVE-2019-10181 CVE-2019-10182 CVE-2019-10185)

[Debian Bug Tracking System]

Your message dated Fri, 09 Aug 2019 17:19:28 +0000
with message-id <e1hw8y4-000f13...@fasolo.debian.org>
and subject line Bug#934319: fixed in icedtea-web 1.8.3-1
has caused the Debian Bug report #934319,
regarding CVE-2019-10181 CVE-2019-10182 CVE-2019-10185
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
934319: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934319
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: icedtea-web
Severity: grave
Tags: security

Please see https://www.openwall.com/lists/oss-security/2019/07/31/2

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: icedtea-web
Source-Version: 1.8.3-1

We believe that the bug you reported is fixed in the latest version of
icedtea-web, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 934...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emmanuel Bourg <ebo...@apache.org> (supplier of updated icedtea-web package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 09 Aug 2019 18:57:41 +0200
Source: icedtea-web
Architecture: source
Version: 1.8.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: Emmanuel Bourg <ebo...@apache.org>
Closes: 934319
Changes:
 icedtea-web (1.8.3-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream release (Closes: #934319)
     - Fixes CVE-2019-10181: Unsigned code injection in a signed JAR file
     - Fixes CVE-2019-10182: Path traversal while processing <jar/> elements
       of JNLP files results in arbitrary file overwrite
     - Fixes CVE-2019-10185: Directory traversal in the nested jar
       auto-extraction leading to arbitrary file overwrite
Checksums-Sha1:
 6bb5c55cf5f0ca5e0fddea3f315922b78b7381ef 2050 icedtea-web_1.8.3-1.dsc
 4836c96c23651a41e87dd1652188c90f1a83c26d 1805036 icedtea-web_1.8.3.orig.tar.xz
 3996749ac40316775fa4e9fc8470845c72e7eada 25624 
icedtea-web_1.8.3-1.debian.tar.xz
 d230531a92e3825501775563e7c61b17a861c987 8340 
icedtea-web_1.8.3-1_source.buildinfo
Checksums-Sha256:
 d7defb42015373ede092f2b43224a86c239d61aba5e799c908a19b725918e702 2050 
icedtea-web_1.8.3-1.dsc
 0acc12aef7cf0dbdd194fee57cdbe8cf81796bdea1ea5af75fe8f8933c9530e4 1805036 
icedtea-web_1.8.3.orig.tar.xz
 8e453a944afd6e60246251cd3be441d57ba9ee3aca95a3aaaa8aab46469518ab 25624 
icedtea-web_1.8.3-1.debian.tar.xz
 fc21f130e4727e7c5f84044d5687be1ebd96923143dd61471636937133002ec9 8340 
icedtea-web_1.8.3-1_source.buildinfo
Files:
 14e6b6402c00577521bc4b8686dca1cb 2050 java optional icedtea-web_1.8.3-1.dsc
 3b48f889e21b08daa6c259b6c8f04467 1805036 java optional 
icedtea-web_1.8.3.orig.tar.xz
 5b83673e92537251f4d32c7bc3747290 25624 java optional 
icedtea-web_1.8.3-1.debian.tar.xz
 33e5d250df85911ed817d429b9f30244 8340 java optional 
icedtea-web_1.8.3-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAl1Np1kSHGVib3VyZ0Bh
cGFjaGUub3JnAAoJEPUTxBnkudCsegMP/2B5T+84ouFHSN+kgctt2COVit9WOX+E
LlEuNJXNjKD1CYemycRk7IcnEmLHUu3KUOpEAuy/tiCydj7yfipEv2PsUHo84Zeg
NmmyfV6s7QoQe+2hWMfanGBYxtZLEA3kBQYAf3YCqq64RRmQW3VO4otw0MKkC8mp
+PcGZv7NamWpLKIFYwB7okX+908m21KEuhbVxKfOD1FkmCAY7e06jrPBkw9h0q2n
samJM0PJxFvmEitEuu1s/O7EtqS01+Its8OT8+9yFjdklAP/lCJRmAWlVu4f8pNR
OgJKi99bztMzbi5tOIvqSLiHtwFmmIm/yN6DLfB98HTSPd+nxLdhr4pt3P38Y2iy
n097o5ROvRYlfIcNqne0LgkuDwF3XGV64Z8tTp50HRjQBfqhlJIqNF8miGn50q3T
hcCTjtC0KYLwMD04HbjvMmFiL+VIfCbp6BSjL+pETogjEP3hRI5jBDhr6tkxEfi2
RT4JqNOFATS6OIuz9zqs1pRWnC0vr1V2dBKq2rde2Lq1Yv4i2NKioBcV3JFmhCj3
xgiysr6nzsE7HEs+rd2T4FZP9JPfPNucFunS/2YAWtFA5txTZM8WcpfdDoZ8RDiI
UHbO2ryGXK57yDrOdpixISbvSPg3L0Vjr7EqjL5UaxvJHIRJyDNGDxZhcSqXNdWA
UFERD68cC1TC
=b0eP
-----END PGP SIGNATURE-----

--- End Message ---