Your message dated Fri, 04 Mar 2022 15:48:45 +0000 with message-id <e1nqaaf-0005ld...@fasolo.debian.org> and subject line Bug#1005747: fixed in freecad 0.19.4+dfsg1-1 has caused the Debian Bug report #1005747, regarding freecad: CVE-2021-45844 - Improper sanitization in the invocation of ODA File Converter to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1005747: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005747 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: freecad Version: 0.19.2+dfsg1-3 Severity: important Tags: security X-Debbugs-Cc: codeh...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for freecad. CVE-2021-45844[0]: | Improper sanitization in the invocation of ODA File Converter from | FreeCAD 0.19 allows an attacker to inject OS commands via a crafted | filename. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-45844 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45844 Please adjust the affected versions in the BTS as needed. -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.16.0-1-amd64 (SMP w/16 CPU threads; PREEMPT) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---Source: freecad Source-Version: 0.19.4+dfsg1-1 Done: Steffen Moeller <moel...@debian.org> We believe that the bug you reported is fixed in the latest version of freecad, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1005...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Steffen Moeller <moel...@debian.org> (supplier of updated freecad package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 04 Mar 2022 16:01:45 +0100 Source: freecad Architecture: source Version: 0.19.4+dfsg1-1 Distribution: unstable Urgency: medium Maintainer: Debian Science Maintainers <debian-science-maintain...@lists.alioth.debian.org> Changed-By: Steffen Moeller <moel...@debian.org> Closes: 1005747 Changes: freecad (0.19.4+dfsg1-1) unstable; urgency=medium . * Team upload. . * New upstream version - a bug-fix release Release notes: https://github.com/FreeCAD/FreeCAD/releases/tag/0.19.4 - Fixes CVE-2021-45844 (Closes: #1005747) - Fixes CVE-2021-45845 * Added link-time optimization Checksums-Sha1: 8c926143d6e684f56ec361873b8ecaa11b03ba14 3288 freecad_0.19.4+dfsg1-1.dsc 65f9aa24d3c7f8ade1665ba79b899570a36c0bdc 34358528 freecad_0.19.4+dfsg1.orig.tar.xz dbf5d32af9cf9024192ae6f7b9e2b1f99779d60c 32832 freecad_0.19.4+dfsg1-1.debian.tar.xz 758d16f3e9f092bc295cea1c522408101ab6fb43 31641 freecad_0.19.4+dfsg1-1_source.buildinfo Checksums-Sha256: c6a21668ff591dea25d2bec717d270019aadb34f9b61a6b598ae2de751f73b49 3288 freecad_0.19.4+dfsg1-1.dsc 5857ccc8c6dd9c04005ef351c4da71a26c22409d6f68b1c31fea9c3de0caeb3f 34358528 freecad_0.19.4+dfsg1.orig.tar.xz 93021d8024886bda89c3185d381ae887a692a678751fdd481e773a86d2739740 32832 freecad_0.19.4+dfsg1-1.debian.tar.xz dd3baf1fa38197037e123da2825108abdf01c4880e31ce127e0e4007e0dd460b 31641 freecad_0.19.4+dfsg1-1_source.buildinfo Files: c7285aa9e9bcaa0425c51e5853c4336f 3288 science optional freecad_0.19.4+dfsg1-1.dsc 90d42c4ca883b46be9ca87d341e6af98 34358528 science optional freecad_0.19.4+dfsg1.orig.tar.xz 71cf357c7f4422640bed2ba3d7c668a2 32832 science optional freecad_0.19.4+dfsg1-1.debian.tar.xz 5f8d224ad4b5b67b2964788fc6e56969 31641 science optional freecad_0.19.4+dfsg1-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE3z4uQkp+J5wuSwI6ucKa7rL0UKcFAmIiMr8ACgkQucKa7rL0 UKegCQ//aA61ZcfCybPGu4ep1mbWn4Meb70MW8bkXlhb7kTG//7ubVgpnJPXzevF HbtkTHsrX8ZYwWYWR1QadOcqN/8h1NHlLDeu5Da0WmqVo+ynOgQzwos10sEhHYLJ iZcN51UB6oEpbHO3WIUDY/Se3uHJFIKLtV81OuO/fq9hkWqKxljGUAVpu+tYsFjq ojYUOBhwaFlaQoMRt6NcNYv1tK/CIW3jhm7zlaai6ri5MT8RXM0EwesBolnl/y8/ t8WjdGq4AWJ4NYrs27nq5ULXXYzcARSa+cOYewf/OM0p4sgOVJvqJrbvkkrNoN3D xh8fTAEG1c778RCBggAYZsY1TqVqNUg+unb+hmyUYxAJUemZ4Ra8KHPYslM+roum r87aMaAEglYbcwqQXxauY/mnLbuFPSSlMzXr3dta3ZwJ1fYccTHzDU21HTLJT25U lvGVKA9hIcp84ifP9lKnWdBeqz/Iyr8fjDyq25rx73ygXsMhuUqoN6kwzwC2LCBn 6WfUYxiAK7eCWtJyVI6pqlQcUTdpWKUKHg9vx4s5DIG5ia9jZjuprlDOQSIOy/wh WAQjnEi6/kOFibx44BNY+EaO81RQypbE9PoIV3j1w4UIFPTTXwRcUXkCHSp4lxuo eIHkzAvNvyql8WKFqxkUjCAmfq+tg1CrhRcS3KnZpGi1OuJKTSo= =/pTd -----END PGP SIGNATURE-----
--- End Message ---
