Your message dated Fri, 25 Mar 2016 11:17:10 +0000 with message-id <e1ajpjq-0001x2...@franck.debian.org> and subject line Bug#813849: fixed in php-dompdf 0.6.1+dfsg-2+deb8u1 has caused the Debian Bug report #813849, regarding Multiple security issues to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 813849: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813849 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: php-dompdf Version: 0.6.1+dfsg-2 Severity: serious Tags: security upstream Hi, I’ve just noticed that php-dompdf upstream released “a security-focused release that addresses a number of vulnerabilities that can expose your system to exploitation.” [CVE-2014-5011], [CVE-2014-5012] and [CVE-2014-5013] have been assigned to these issues, but I don’t have much input about them. I believe we should simply remove this leaf package from Jessie (along with php-font-lib that is only used by php-dompdf). I’ll follow up with an RM request if the security team agrees with that option. This bug will soon force the auto-removal of this package from testing, and unless someone steps up to adopt it (#748604), we may also remove it from unstable. Regards David
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: php-dompdf Source-Version: 0.6.1+dfsg-2+deb8u1 We believe that the bug you reported is fixed in the latest version of php-dompdf, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 813...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Frosch <lazyfro...@debian.org> (supplier of updated php-dompdf package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 24 Mar 2016 22:07:34 +0100 Source: php-dompdf Binary: php-dompdf Architecture: source all Version: 0.6.1+dfsg-2+deb8u1 Distribution: jessie Urgency: medium Maintainer: Debian PHP PEAR Maintainers <pkg-php-p...@lists.alioth.debian.org> Changed-By: Markus Frosch <lazyfro...@debian.org> Description: php-dompdf - HTML to PDF converter Closes: 813849 Changes: php-dompdf (0.6.1+dfsg-2+deb8u1) jessie; urgency=medium . * [22610bd] Add 0.6.2 hotfix patch which bundles CVE hotfixes from the upstream release. (Closes: #813849) . This is a security-focused release that addresses a number of vulnerabilities that can expose your system to exploitation. In tandem with this release we have also posted a document to the wiki with advice for securing dompdf [1]. Please read the new document and take appropriate measures to protect your systems. . This update addresses the following announced vulnerabilities: . * CVE-2014-5011 - Information Disclosure * CVE-2014-5012 - Denial Of Service Vector * CVE-2014-5013 - Remote Code Execution (complement of CVE-2014-2383) Checksums-Sha1: 7c7c752f4d93d67e4e04e276f64816c63de520ab 1808 php-dompdf_0.6.1+dfsg-2+deb8u1.dsc ba09be261e509b17ddd1ffd3737be85dafa02638 21616 php-dompdf_0.6.1+dfsg-2+deb8u1.debian.tar.xz 35a4105c914adefdb1cf26cc5e809950be32a247 937090 php-dompdf_0.6.1+dfsg-2+deb8u1_all.deb Checksums-Sha256: 5bc3486f6f043775603e97e764b38f12a8efd7ab64350e32df6ca4b12254157c 1808 php-dompdf_0.6.1+dfsg-2+deb8u1.dsc d2783402fd3c811ef3c31ce82bbe9417f58de173c8021a404a1169caa4764f1d 21616 php-dompdf_0.6.1+dfsg-2+deb8u1.debian.tar.xz fd14cdc4e0132dfcae854e1a2e7685e9551c823b24f0af24a6624e3f04df8c11 937090 php-dompdf_0.6.1+dfsg-2+deb8u1_all.deb Files: 8fc644796189eee0e3a74ef2f82390ca 1808 php optional php-dompdf_0.6.1+dfsg-2+deb8u1.dsc 8684b4d3becf616e76e79bdc4ccd96b9 21616 php optional php-dompdf_0.6.1+dfsg-2+deb8u1.debian.tar.xz c46dff1126b0fb73a985dc5c698544d6 937090 php optional php-dompdf_0.6.1+dfsg-2+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJW9FkbAAoJEPJhXZqrmHtuoAYH/2MescthhQ5quv0HncmRR1Pu 603Bz7JOl4Ah/IVG2HvE0TQLG9oVjEqqsKB29+uIuYvG8pnc6ys2PihaqXa6JNiE 8RcW+xkE4tvsI1JNnnWOsX2w6gGVz1NCgbP0LPBiq4n0LP3wZ+yEwZALjRtDQ4Dh 7dzUx/HgYiIxKh4tAsOY+Xl6Cb2thtk1LkaUfnTPvIplRCMXOSuVrGPeFdijoqPp CLDX1wQiIZO+ilNumYYoX4e63SaAjumhtJETFYAWp2L4ZBs9KAW+EN+AGBXYg7fq WdULC6gX2dQX+S9LYN+nqnr6HCGvnfO9jwLOcLyom5f05tTuZAgi/jAZfTV7Ztg= =QFnL -----END PGP SIGNATURE-----
--- End Message ---
