Your message dated Fri, 30 Jun 2017 02:47:37 +0000 with message-id <e1dqly5-000hlx...@fasolo.debian.org> and subject line Bug#814030: fixed in tcpdf 6.0.093+dfsg-1+deb8u1 has caused the Debian Bug report #814030, regarding tcpdf: CVE-2017-6100: LFI posting internal files externally abusing default parameter to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 814030: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814030 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: php-tcpdf Version: 6.0.093+dfsg-1 Severity: serious Tags: security upstream According to their changelog [1], upstream fixed a security issue over a year ago: 6.2.0 (2014-12-10) - Bug #1005 "Security Report, LFI posting internal files externally abusing default parameter" was fixed. 1: https://sourceforge.net/p/tcpdf/code/ci/master/tree/CHANGELOG.TXT The upstream bug report [2] is not public, so I don’t have much information about the issue, the fix, nor it’s actual severity. 2: https://sourceforge.net/p/tcpdf/bugs/1005/ Regards David
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: tcpdf Source-Version: 6.0.093+dfsg-1+deb8u1 We believe that the bug you reported is fixed in the latest version of tcpdf, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 814...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Laurent Destailleur (eldy) <e...@users.sourceforge.net> (supplier of updated tcpdf package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 22 Feb 2017 11:43:27 +0100 Source: tcpdf Binary: php-tcpdf Architecture: source all Version: 6.0.093+dfsg-1+deb8u1 Distribution: jessie Urgency: medium Maintainer: Laurent Destailleur (eldy) <e...@users.sourceforge.net> Changed-By: Laurent Destailleur (eldy) <e...@users.sourceforge.net> Description: php-tcpdf - PHP class for generating PDF files on-the-fly Closes: 814030 Changes: tcpdf (6.0.093+dfsg-1+deb8u1) jessie; urgency=medium . * Fix CVE-2017-6100 by disallowing tcpdf calls in HTML (Closes: #814030) Checksums-Sha1: a6930c409dd9a78065fcbc0ac5a71550b3ba9650 1643 tcpdf_6.0.093+dfsg-1+deb8u1.dsc e5176c78068b35c3c8865f2e0abab7cdcb9836b8 5812 tcpdf_6.0.093+dfsg-1+deb8u1.debian.tar.xz 7d095e222a6cd9654eb3fea805c1e153c479dcdd 7883660 php-tcpdf_6.0.093+dfsg-1+deb8u1_all.deb Checksums-Sha256: f6a2dbca8291a1beedbefc54b95be7d3e28e9ab263a7e88611d7c9657ef5ecbd 1643 tcpdf_6.0.093+dfsg-1+deb8u1.dsc 007ed4d6858a39e392c67059ecc6d955a3f0fc15789ab64eddb2063750ebc1e2 5812 tcpdf_6.0.093+dfsg-1+deb8u1.debian.tar.xz d755700abc9b7e22a3aa6fc8becd2f9339cd0eb2dc7120b8563f5142f7ff36e1 7883660 php-tcpdf_6.0.093+dfsg-1+deb8u1_all.deb Files: 4cdbf4767ebe9361eb6275a4037c4d19 1643 php optional tcpdf_6.0.093+dfsg-1+deb8u1.dsc 7e0a9d770e20c0d58e4bba2f7f45d357 5812 php optional tcpdf_6.0.093+dfsg-1+deb8u1.debian.tar.xz f980202c033e796aa448cd533e8b1f87 7883660 php optional php-tcpdf_6.0.093+dfsg-1+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- Comment: Signed by Raphael Hertzog iQEzBAEBCgAdFiEE1823g1EQnhJ1LsbSA4gdq+vCmrkFAllU8l0ACgkQA4gdq+vC mrkkMAf/b1QNfqOY65VGfwARc45yOsKOW0PWOiX19jkipzfQcyrG56sqKXFTKJx9 TR412lCpXIPVyXwz17tiWOgM0gcH06YFbumWaEKgFWE5frHMX5QF+AGIuhhHQIq6 O6wkSjmW3/1JvC4xCr7DMqO22pjdhkFyHF+Y5mmwx1atQmywQDkt6NEMu1NF87Jg ZP04Hz/jZ3gRCsIdLCjNIHxHdrWR/TCG+lA1PzUpHgpmQNFQseTjOGnrDovWgtPs wWi6ggjJBc0AR6lzBuD5+AR6YgjDd8vokJi93pMEOjPgEU25GJ9WJToa/1Kf8cfr xyTduVFrU9v5XzgkGcmC0RPI4e5J3g== =qYWq -----END PGP SIGNATURE-----
--- End Message ---
