Your message dated Fri, 09 Apr 2021 18:03:35 +0000
with message-id <e1luvtj-0002xh...@fasolo.debian.org>
and subject line Bug#986274: fixed in pikepdf 1.17.3+dfsg-5
has caused the Debian Bug report #986274,
regarding pikepdf: CVE-2021-29421
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
986274: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986274
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: pikepdf
Version: 1.17.3+dfsg-4
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for pikepdf.
CVE-2021-29421[0]:
| models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for
| Python allows XXE when parsing XMP metadata entries.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-29421
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29421
[1]
https://github.com/pikepdf/pikepdf/commit/3f38f73218e5e782fe411ccbb3b44a793c0b343a
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: pikepdf
Source-Version: 1.17.3+dfsg-5
Done: Sean Whitton <spwhit...@spwhitton.name>
We believe that the bug you reported is fixed in the latest version of
pikepdf, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 986...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sean Whitton <spwhit...@spwhitton.name> (supplier of updated pikepdf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 09 Apr 2021 10:41:33 -0700
Source: pikepdf
Architecture: source
Version: 1.17.3+dfsg-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <team+pyt...@tracker.debian.org>
Changed-By: Sean Whitton <spwhit...@spwhitton.name>
Closes: 986274
Changes:
pikepdf (1.17.3+dfsg-5) unstable; urgency=medium
.
* Cherry pick upstream commit 3f38f73 to fix CVE-2021-29421 (Closes:
#986274).
Checksums-Sha1:
32a1140b0c700106e134541b6096e75a0eb5c0eb 2622 pikepdf_1.17.3+dfsg-5.dsc
7ae743164f5476ff6edd7ce880f53f20dca85097 1931744
pikepdf_1.17.3+dfsg-5.debian.tar.xz
Checksums-Sha256:
9ce694335d212af62ac7f8617a32272b1b712c44cebf78bb9db3796e7587a467 2622
pikepdf_1.17.3+dfsg-5.dsc
0d952305f6084f0f5a533e3ca2c93581136835617ad9537c60be31f4ac285a41 1931744
pikepdf_1.17.3+dfsg-5.debian.tar.xz
Files:
9013cd58e618a309206807aeacc27d17 2622 python optional pikepdf_1.17.3+dfsg-5.dsc
0d55215747e4ac87a2ca0248934580e9 1931744 python optional
pikepdf_1.17.3+dfsg-5.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmBwkfAACgkQaVt65L8G
YkBPjg//YxnNOGlljquo72O/4e+kaBJClaEUgiOAkaB4AZPVRhKAC9YElK3f5WDi
OHrlkh31UMMjwH+lCUKD2ZVpd2D/vxa5RVH71qTUMs8msfX9ac0I6fSU1nuMlGXJ
o50NnGS2+U7khNn/W9Nw1GCoKnsA87+FyegInCTStbLt2nf1zheSh3pbHvJrdB4l
45fUgM3qUkxddP3FB8upJei+/L4qlgDARL1Mc9dGIUGCdIHa6KRfpLOZKcqcMa7H
igNa9WYnmyVmUgDzqclaRoCdfGQLBAPPcvHLkEg6aFjJuCrSwY7akF4R1BlkJFVX
lVnmC/jk7byIoC2rK4IyBIiYcDBlTTVtty+FauM3X4G6lY3Vd6qkeLwrimavR/Sy
/JsHfUgKpV79yAKqO1inH13L7MmK9IKiISUzntuEgC4jspsnbP8vek7ZJbONYw34
iTYKJ9J439aDcI4BGf3afBvQuPSrV6CtEElMCEVYvlZ6JoDRiWhrPNOhaN9yLlaF
9NNe7GeaC69C9fnECyjqMN/fGlcRoVePsEav2KPt+Gtq4AjjLDzyz/z6DQnNg/VK
iZ4/1fWH5EnxGiMfUNW9PROpxy+wk0xly9rNWfTtZRmn60Ww9XJRp+wNanKIkw6z
I1venVzlY3Gd6FYOEHlISIrvPVohGpORpARpoR1KzF9MS3yNtI4=
=yJkU
-----END PGP SIGNATURE-----
--- End Message ---
