Your message dated Thu, 03 Nov 2016 21:53:41 +0000 with message-id <e1c2px7-000hhb...@fasolo.debian.org> and subject line Bug#842891: fixed in libimage-info-perl 1.39-1 has caused the Debian Bug report #842891, regarding libimage-info-perl: XXE in SVG files to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 842891: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842891 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libimage-info-perl Version: 1.28-1 Severity: grave Tags: security upstream fixed-upstream Forwarded: https://rt.cpan.org/Public/Bug/Display.html?id=118099 Hi [N.B.: Agreed, the severity might be set too high, but I think it would be good to have the fix for stretch, thus the RC severity]. It was reported that Image::Info is suspectible to XXE in SVG files. Cf. https://rt.cpan.org/Public/Bug/Display.html?id=118099 https://bugzilla.redhat.com/show_bug.cgi?id=1379556 It was already fixed in 1.39 upstream. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libimage-info-perl Source-Version: 1.39-1 We believe that the bug you reported is fixed in the latest version of libimage-info-perl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 842...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libimage-info-perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 03 Nov 2016 22:34:29 +0100 Source: libimage-info-perl Binary: libimage-info-perl Architecture: source Version: 1.39-1 Distribution: unstable Urgency: medium Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 840470 840471 842891 Description: libimage-info-perl - allows extraction of meta information from image files Changes: libimage-info-perl (1.39-1) unstable; urgency=medium . * Team upload. * Take over for the Debian Perl Group * debian/control: Added: Vcs-Git field (source stanza); Vcs-Browser field (source stanza); Homepage field (source stanza); ${misc:Depends} to Depends: field. Changed: Maintainer set to Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org> (was: Don Armstrong <d...@debian.org>); Don Armstrong <d...@debian.org> moved to Uploaders. * debian/watch: use metacpan-based URL (Closes: #840471) * Remove deprecation note in long description (Closes: #840470) * Convert debian/copyright to format as specified by copyright-format 1.0 * Convert source package to '3.0 (quilt)' source package format * Remove commentes from debian/watch file * Replace versioned Build-Depends-Indep on perl with unversioned dependency. Replace the versioned Build-Depeneds-Indep on perl (>= 5.6.0-17) with an unversioned Build-Depends-Indep on perl only. * New upstream version 1.39 - Fixes XXE in SVG files (Closes: #842891) * Add debian/upstream/metadata for upstream meta-information * debian/rules: Simplify rules file to a tiny rules makefile * Declare compliance with Debian policy 3.9.8 * Add (preferred) (Build-)Depends(-Indep) on libxml-libxml-perl. Image::Info can use both XML::LibXML::Reader or XML::Simple, but XML::LibXML::Reader is preferred. * debian/copyright: Add stanzas for new files included upstream * Declare package as autopkgtest'able * debian/control: Wrap and sort (Build-)Depends(-Indep) fields * Add alternative (Build-)Depends(-Indep) for PerlIO::scalar. The module requires either PerlIO::scalar 0.21 (which is in Perl core 5.21.7) or if not present IO::Scalar. Add the alternative (Build-)Depends(-Indep) for easier backporting. * debian/control: Remove Priority and Section filed in binary package stanza * Mention Perl module name in long description * Add fix-spelling-error-in-manpage.patch patch * Add fix-manpage-has-errors-from-pod2man.patch patch * Add dh_auto_install override to not install Bundle:: modules. Avoid as well installing the generated manpages for the Bundle:: modules. They are not used within Debian. Checksums-Sha1: 3635f2b10bb9d5c2151ca1d1a6900929504f849e 2410 libimage-info-perl_1.39-1.dsc f0a333c53c72132921fd0f14b9e2316ef626a1c5 264725 libimage-info-perl_1.39.orig.tar.gz b8e8779ac9e70b017000804ace122db4a46c3070 4592 libimage-info-perl_1.39-1.debian.tar.xz Checksums-Sha256: 3d199743cfe99618cffc99cf854572f243640498b19d9262442d76cc8514c9e2 2410 libimage-info-perl_1.39-1.dsc af155264667a2c22e3e2225195b8f6589329f9567e1789b7ce439ee21178713d 264725 libimage-info-perl_1.39.orig.tar.gz 152c00f316c4880e0b3c396eb0dd708529ac8476058d8db884a870b59740141e 4592 libimage-info-perl_1.39-1.debian.tar.xz Files: 5eb7dd1f298c27d372322db3176f9b26 2410 perl optional libimage-info-perl_1.39-1.dsc c41fda4404bf5df39306b219c0e3f6e4 264725 perl optional libimage-info-perl_1.39.orig.tar.gz 4f598eff7188470355a65ebbc2c95007 4592 perl optional libimage-info-perl_1.39-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKPBAEBCgB5BQJYG656XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0NjQ0NDA5ODA4QzE3MUUwNTUzMURERUUw NTRDQjhGMzEzNDNDRjQ0EhxjYXJuaWxAZGViaWFuLm9yZwAKCRAFTLjzE0PPRBPe D/4//LllGFhsXBZ0HDW6h7tW0dyjtuarAdSxofWSboHe3hq/iXgrLvysxxdgEMjz ktOl4jrSfZxakHq6CwaNUB4AchJoMzc+ACcMHKac4vCD5+OxKTUxHP2CWjStrJxy uzMPsyv417U2Sj//nek82tPTdpSLTpNQ/E7nBS5kBIIOTO2cSIxjIDC5/HhNF5hZ 2t/5zf6SfxNgbds5t6VfuYpX4o7GQmVc2fJAsl1PkxXq3AyFr5FV/9ZUk9nJhpJF n/X2flSdLBW23N+8yiKrFJkkIdZ3ZmgkmwN/KZ0B8ihyCMQ4GnkprKFykAwW47+1 9NEg/iMRVyuNIIolS8ohw1cdfjwfKPpdadXLJ+V0CE2aj2jvkjNIuEAv/BeaKaIv +lmTLsbJot6pjSqQa6i+LbAPeUC8NsYi/dFA/hp5oDO5t22Dzy+eVveaVHdMIzs+ QUnXEOalpAObdh43/F00cj9fV44EHB+ZYwNzubnGc+FaO0kVIGHqjYvsCk3k6mSe wkbde7Jp/8W1pJAYYt4ZmfQmscNQSCtgbYkNyblu/OuByKMx93+ze0Hj30WTFrco 65GLRmvFjxkWwOkRFtm4d91qV4nZG0Gxv27XRV0AWxCAyPDFYCZrOoNho6gKkeW6 5FH0ri9aKgdlbveeojposwpiMBO0rtDBp3QtDy2YwD60kw== =MzQu -----END PGP SIGNATURE-----
--- End Message ---
