Your message dated Sat, 22 Jul 2017 21:18:40 +0000 with message-id <e1dz1nm-0008ia...@fasolo.debian.org> and subject line Bug#868500: fixed in atril 1.8.1+dfsg1-4+deb8u1 has caused the Debian Bug report #868500, regarding atril: CVE-2017-1000083 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 868500: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868500 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: atril Version: 1.16.1-2 Severity: grave Tags: security Justification: user security hole Hi, the following vulnerability was published for atril. CVE-2017-1000083[0]: Evince command injection vulnerability in CBT handler If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-1000083 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000083 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: atril Source-Version: 1.8.1+dfsg1-4+deb8u1 We believe that the bug you reported is fixed in the latest version of atril, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 868...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Santiago Ruano Rincón <santiag...@riseup.net> (supplier of updated atril package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 21 Jul 2017 07:00:08 +0200 Source: atril Binary: atril atril-dbg atril-common libatrilview3 libatrilview-dev libatrilview3-dbg libatrildocument3 libatrildocument-dev libatrildocument3-dbg Architecture: source all amd64 Version: 1.8.1+dfsg1-4+deb8u1 Distribution: jessie-security Urgency: high Maintainer: MATE Packaging Team <pkg-mate-t...@lists.alioth.debian.org> Changed-By: Santiago Ruano Rincón <santiag...@riseup.net> Description: atril - MATE document viewer atril-common - MATE document viewer (common files) atril-dbg - MATE document viewer (debugging symbols) libatrildocument-dev - MATE document rendering library (development files) libatrildocument3 - MATE document rendering library libatrildocument3-dbg - MATE document rendering library (debugging symbols) libatrilview-dev - MATE document viewing library (development files) libatrilview3 - MATE document viewing library libatrilview3-dbg - MATE document viewing library (debugging symbols) Closes: 868500 Changes: atril (1.8.1+dfsg1-4+deb8u1) jessie-security; urgency=high . * Non-maintainer upload * Add 0003-CVE-2017-1000083-evince-comics-remove-tar-commands-support-3-10-3.patch Fixes a command injection vulnerability in CBT handler. CVE-2017-1000083 (Closes: #868500) Checksums-Sha1: ac1da8eefdb9b260dda5f96c0de7a81773677f5e 2978 atril_1.8.1+dfsg1-4+deb8u1.dsc 1373d4119fe224d8a6515fd3a4d8a56f0ef00c4a 894092 atril_1.8.1+dfsg1.orig.tar.xz ba2ad685871ed1945ba37be7d13bbdba288bdb35 13984 atril_1.8.1+dfsg1-4+deb8u1.debian.tar.xz 952f6bbbf2a53a3b2be82ca75ba1c44682cb7149 392578 atril-common_1.8.1+dfsg1-4+deb8u1_all.deb 028c84784badc4076afa4da1b330a572bc1d50a7 152518 atril_1.8.1+dfsg1-4+deb8u1_amd64.deb 84b03b9d6eb44c2574c44e8aa1b5cc569d785785 705828 atril-dbg_1.8.1+dfsg1-4+deb8u1_amd64.deb bceb347659f0684a6e9a46d343e1698437c892df 94126 libatrilview3_1.8.1+dfsg1-4+deb8u1_amd64.deb bfbd8959233539f337fd6c938cfddc214342c6db 13950 libatrilview-dev_1.8.1+dfsg1-4+deb8u1_amd64.deb 68cd4b9301c725b0cf629ead6e695bc753d1b8fb 310632 libatrilview3-dbg_1.8.1+dfsg1-4+deb8u1_amd64.deb e49179ff4710a7b3b253065e1e702ce0983392ca 183198 libatrildocument3_1.8.1+dfsg1-4+deb8u1_amd64.deb e879a8fdf5a334c8d06739de88daeae2d0b8acec 24100 libatrildocument-dev_1.8.1+dfsg1-4+deb8u1_amd64.deb dba4d343edc35fb5aadec24cc7b5d9f6a2307a84 549242 libatrildocument3-dbg_1.8.1+dfsg1-4+deb8u1_amd64.deb Checksums-Sha256: 1a397ddb0f77ee92b66234a6225f212488ae0735ff85f31e04560a9bf0fd880e 2978 atril_1.8.1+dfsg1-4+deb8u1.dsc 4405c1ccbfa41870aaed97701d6be28cc487f1411788ad6f77d104ce9cf6ecc1 894092 atril_1.8.1+dfsg1.orig.tar.xz c211c8b4ff2fe20539d8f5ce4f9db96152763eeb0c090ea8a3793e2ab3d3ec44 13984 atril_1.8.1+dfsg1-4+deb8u1.debian.tar.xz 0ca22ef95602103c552a2ae8d6dbb999daada52fe0dfc9d30d3e06fa32dce0ab 392578 atril-common_1.8.1+dfsg1-4+deb8u1_all.deb 7a59937f6956bd28f7f0227d185c09930ac64037ad0e1aae66b11ce49f3ac56b 152518 atril_1.8.1+dfsg1-4+deb8u1_amd64.deb 76aa4097340cd86ea5dc25f40c925d9a972bbbc5c93cd5385afa46bb4da792d8 705828 atril-dbg_1.8.1+dfsg1-4+deb8u1_amd64.deb 40074a009d45ddb47e771dfc4a98090ea8a3c01e33d114b97e2e956ef8f1f458 94126 libatrilview3_1.8.1+dfsg1-4+deb8u1_amd64.deb ac24ab6b834e9107fd727e510894be479c7dc1e7def6c4828797ffb98981b4e2 13950 libatrilview-dev_1.8.1+dfsg1-4+deb8u1_amd64.deb 365d5f9c219c0c698aee027589d7b18261284c68672e1e38002211597d8e8dac 310632 libatrilview3-dbg_1.8.1+dfsg1-4+deb8u1_amd64.deb 4f629e0cb6c18e730e69f94f77c0eed31fadbcf86d139e214b9fb1ad57faa83e 183198 libatrildocument3_1.8.1+dfsg1-4+deb8u1_amd64.deb 5281584f1abafb2e9369ae193b37a015054a7f563ec7cb1646edb3ea98cfcc38 24100 libatrildocument-dev_1.8.1+dfsg1-4+deb8u1_amd64.deb ef0a0c8d9aba357646cbb522ae5a04b0dc00c5e9024142da030b4d106572845e 549242 libatrildocument3-dbg_1.8.1+dfsg1-4+deb8u1_amd64.deb Files: cb2107692abfd2ea19af67494c701a35 2978 x11 optional atril_1.8.1+dfsg1-4+deb8u1.dsc 44df9fcc478f90ad483b1bd32dd2a67a 894092 x11 optional atril_1.8.1+dfsg1.orig.tar.xz e6bbc203450f957f462bdfbaca3b45b4 13984 x11 optional atril_1.8.1+dfsg1-4+deb8u1.debian.tar.xz 5aa09164d50c90a5d6a1e8f662af7847 392578 x11 optional atril-common_1.8.1+dfsg1-4+deb8u1_all.deb 1501082bdf2f96232b4278b8c58c8be5 152518 x11 optional atril_1.8.1+dfsg1-4+deb8u1_amd64.deb 5fba1dc90a84b6a3bc68fb022a5cf786 705828 debug extra atril-dbg_1.8.1+dfsg1-4+deb8u1_amd64.deb f0c7805988bd295993aceb201c8bfebd 94126 libs optional libatrilview3_1.8.1+dfsg1-4+deb8u1_amd64.deb 8ff65c5c3b6c92283ddd0854ae261737 13950 libdevel optional libatrilview-dev_1.8.1+dfsg1-4+deb8u1_amd64.deb e2b2427d8e5666630e0b5f6fa86d41d8 310632 debug extra libatrilview3-dbg_1.8.1+dfsg1-4+deb8u1_amd64.deb cc0664b079950308d9db45e2a67a45d9 183198 libs optional libatrildocument3_1.8.1+dfsg1-4+deb8u1_amd64.deb 429c2f6bde4ac2fac6a6c94c946349d0 24100 libdevel optional libatrildocument-dev_1.8.1+dfsg1-4+deb8u1_amd64.deb ca92dc27a5803026c12f8541a9f34cb3 549242 debug extra libatrildocument3-dbg_1.8.1+dfsg1-4+deb8u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZBjBLN3JFZ8LzvKD3m/9uMjWSL0FAllxxFkACgkQ3m/9uMjW SL2Raw/9FvLOZGUDtMvQoY8RhQffAzQBStIBGmAnWHOsNoY7/xa3zT86W52Hsrk4 8fppqdX2ZhF0vZE27B1Qs7y843k+iG34bOWiI5JDXPsZ612sVa/RtCyk5IuTczzP /knZfYUw6lW84Rzfi5sIE7iQ2Is+stAla2Q5VlSJ+HzvPjhz9dUv7JDSdIyMtUVw U4hDhvXg0Gg7G3E0aX8v+iLlfaWN46SjbFXzYlJj52u+qM0Gt2hH1LWUqogEm6UY X/+1QSWadLoWsETrieuLAF3NsxBgXn1DCKERNoPrFEA6hfHP//TOGkXSkIXlrAwT YEXw8GP3bxIQzTl3xOl1lSLi9EBbagyJNjXH1GR0Doz45rVtrkH8VU1u2Q9cWait E0aqlpS6YNGQ8YU686GOKi+2vV2ycU+fi+gyK36tBMiPDahYbTJArOzR/lDrsQAD bqjrq66Qg717nKr/7lwhbMMKs70LiHUvrjI2UWaWW5z6w3pWKFx8G3ezCMHqcqGY LK/Kz256s+cFUnwyibYTJAfbzvb/IFfTt/naMr7NzkvUHYlD+s49oE0xvB4GIe4w DsN7K3vufjx4cgyxSx7CsoTkHRIF+Hz/Tv2BpGi2jU76KoOzKYYFxx66wS8Nivtx LFAFiR053TMhEKu9UuB9m+YA/Y25vaAAxhPFlxN+81H5QTomeJg= =npQ1 -----END PGP SIGNATURE-----
--- End Message ---
