Bug#609534: marked as done (CVE-2010-2640/CVE-2010-2641/CVE-2010-2642/CVE-2010-2643)

Mon, 10 Jan 2011 11:36:20 -0800 

Your message dated Mon, 10 Jan 2011 19:32:14 +0000
with message-id <e1pcnts-0002il...@franck.debian.org>
and subject line Bug#609534: fixed in evince 2.30.3-2
has caused the Debian Bug report #609534,
regarding CVE-2010-2640/CVE-2010-2641/CVE-2010-2642/CVE-2010-2643
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
609534: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609534
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: evince
Severity: grave
Tags: security

Four security issues have been reported in Evince, details can
be found in the Red Hta bugzilla:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2640
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2641
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2642
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2643

Patch:
http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2

Please upload an isolated fix with urgency medium to unstable 
to fix this in squeeze.

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: evince
Source-Version: 2.30.3-2

We believe that the bug you reported is fixed in the latest version of
evince, which is due to be installed in the Debian FTP archive:

evince-common_2.30.3-2_all.deb
  to main/e/evince/evince-common_2.30.3-2_all.deb
evince-dbg_2.30.3-2_amd64.deb
  to main/e/evince/evince-dbg_2.30.3-2_amd64.deb
evince-gtk_2.30.3-2_amd64.deb
  to main/e/evince/evince-gtk_2.30.3-2_amd64.deb
evince_2.30.3-2.debian.tar.gz
  to main/e/evince/evince_2.30.3-2.debian.tar.gz
evince_2.30.3-2.dsc
  to main/e/evince/evince_2.30.3-2.dsc
evince_2.30.3-2_amd64.deb
  to main/e/evince/evince_2.30.3-2_amd64.deb
gir1.0-evince-2.30_2.30.3-2_amd64.deb
  to main/e/evince/gir1.0-evince-2.30_2.30.3-2_amd64.deb
libevince-dev_2.30.3-2_amd64.deb
  to main/e/evince/libevince-dev_2.30.3-2_amd64.deb
libevince2_2.30.3-2_amd64.deb
  to main/e/evince/libevince2_2.30.3-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 609...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Josselin Mouette <j...@debian.org> (supplier of updated evince package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 10 Jan 2011 19:03:57 +0100
Source: evince
Binary: evince evince-dbg evince-gtk evince-common libevince2 libevince-dev 
gir1.0-evince-2.30
Architecture: source all amd64
Version: 2.30.3-2
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers 
<pkg-gnome-maintain...@lists.alioth.debian.org>
Changed-By: Josselin Mouette <j...@debian.org>
Description: 
 evince     - Document (PostScript, PDF) viewer
 evince-common - Document (PostScript, PDF) viewer - common files
 evince-dbg - Document (PostScript, PDF) viewer - debugging symbols
 evince-gtk - Document (PostScript, PDF) viewer (GTK+ version)
 gir1.0-evince-2.30 - GObject introspection data for the libevince library
 libevince-dev - Document (PostScript, PDF) rendering library - development 
files
 libevince2 - Document (PostScript, PDF) rendering library
Closes: 591872 609534
Changes: 
 evince (2.30.3-2) unstable; urgency=medium
 .
   * Fix PostScript capitalization. Closes: #591872.
   * 01_dvi_security.patch: security fix from upstream git.
     CVE-2010-2640, CVE-2010-2641, CVE-2010-2642 and  CVE-2010-2643.
     Closes: #609534.
Checksums-Sha1: 
 92e084ed313381aeb0e51f76f0392b8b3a69cbe6 1903 evince_2.30.3-2.dsc
 c4d789c18ad10cc0f3a10ba4cb1d333f75d99112 23364 evince_2.30.3-2.debian.tar.gz
 e1abc0ee6168a1b5e56f6d055886c733e4dea193 1493986 evince-common_2.30.3-2_all.deb
 24a5381a1839e1bbb8899955025204bf8a8ab6d9 621578 evince_2.30.3-2_amd64.deb
 f3ee53551af8cb582d6e90aae9c4186848f37c81 1592188 evince-dbg_2.30.3-2_amd64.deb
 b6712fb4a1572062ab39536fdc5bd5c9d258d3f2 574658 evince-gtk_2.30.3-2_amd64.deb
 6095b9f247da968338c834f9406fd2be650a94d0 716442 libevince2_2.30.3-2_amd64.deb
 a43ed99b09d0f46481cdaef2a73ed8b39abb6e2b 771342 
libevince-dev_2.30.3-2_amd64.deb
 03bbd140e17e4a801a019b24deaad385c701c6dd 421912 
gir1.0-evince-2.30_2.30.3-2_amd64.deb
Checksums-Sha256: 
 419400039b0c766746e069fec26d7e6ecfd0c0bdb392f73571a26db23cc469ae 1903 
evince_2.30.3-2.dsc
 aa5f3f111053e04da9200156bd8b022ea1410e1ff3804968199d0ae9c105a654 23364 
evince_2.30.3-2.debian.tar.gz
 85c6e4c4388acb117f34b471e816feb86a957f4ae7de5a8e0d26a1c64d1df2ce 1493986 
evince-common_2.30.3-2_all.deb
 d44c3779c1996e1ddff28c84fc077cb267ffe1addab72a93882059e54e4cef34 621578 
evince_2.30.3-2_amd64.deb
 0242890ae7527dbd02ebb44bb07ef1d14e9c16b224fd080e5943d3c8e83c721e 1592188 
evince-dbg_2.30.3-2_amd64.deb
 23baac7107a1adeee3184d9ed13e63b48ce9e8a5b8c7797bb0f0a3342311708a 574658 
evince-gtk_2.30.3-2_amd64.deb
 49dc5e8587e2ae98bf726a05e38f6b2a330cb0fe6748d49b3d8804df1ad690f7 716442 
libevince2_2.30.3-2_amd64.deb
 fbc45f29d4677d97756829d160076edb0bb5400bf460e8b254e20fe44c76f975 771342 
libevince-dev_2.30.3-2_amd64.deb
 f966a34785e22fd4d530ccd75fc91f51c76584959a5afbfdee12e0e7b6270417 421912 
gir1.0-evince-2.30_2.30.3-2_amd64.deb
Files: 
 ff72df769cb8cca9f6c20d83cff4e1ab 1903 gnome optional evince_2.30.3-2.dsc
 c15cbe4a39f223ca0a9d9dee45505658 23364 gnome optional 
evince_2.30.3-2.debian.tar.gz
 85ad0fa3fbd755d48d1fad947c46d577 1493986 gnome optional 
evince-common_2.30.3-2_all.deb
 145555de93405486cc9e9fd69bb62ffb 621578 gnome optional 
evince_2.30.3-2_amd64.deb
 304e1d37cb98e6b2d3e04753b605e5a3 1592188 debug extra 
evince-dbg_2.30.3-2_amd64.deb
 b67d3e32673e9ab68e60acdd540feaf6 574658 x11 optional 
evince-gtk_2.30.3-2_amd64.deb
 3251c709bdc196b4a0d4a82597de9df8 716442 libs optional 
libevince2_2.30.3-2_amd64.deb
 16945bf1b22e6d90fc69ee77eb128f43 771342 libdevel optional 
libevince-dev_2.30.3-2_amd64.deb
 1527eb8c75eac67f679ada683c76a57d 421912 libs optional 
gir1.0-evince-2.30_2.30.3-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFNK1s8rSla4ddfhTMRAlXPAJ96myTdhVTvQDTpqnIme6XqXZ8syQCfazzY
o0RTIk++l2VPE7DFMgGA2k4=
=dlUC
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to