Your message dated Sat, 22 Jul 2017 21:17:19 +0000 with message-id <e1dz1m3-0008t1...@fasolo.debian.org> and subject line Bug#868500: fixed in atril 1.16.1-2+deb9u1 has caused the Debian Bug report #868500, regarding atril: CVE-2017-1000083 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 868500: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868500 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: atril Version: 1.16.1-2 Severity: grave Tags: security Justification: user security hole Hi, the following vulnerability was published for atril. CVE-2017-1000083[0]: Evince command injection vulnerability in CBT handler If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-1000083 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000083 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: atril Source-Version: 1.16.1-2+deb9u1 We believe that the bug you reported is fixed in the latest version of atril, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 868...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Santiago Ruano Rincón <santiag...@riseup.net> (supplier of updated atril package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 21 Jul 2017 06:59:09 +0200 Source: atril Binary: atril atril-common libatrilview3 libatrilview-dev libatrildocument3 libatrildocument-dev gir1.2-atril Architecture: source Version: 1.16.1-2+deb9u1 Distribution: stretch-security Urgency: high Maintainer: MATE Packaging Team <pkg-mate-t...@lists.alioth.debian.org> Changed-By: Santiago Ruano Rincón <santiag...@riseup.net> Description: atril - MATE document viewer atril-common - MATE document viewer (common files) gir1.2-atril - GObject introspection data for Atril libatrildocument-dev - MATE document rendering library (development files) libatrildocument3 - MATE document rendering library libatrilview-dev - MATE document viewing library (development files) libatrilview3 - MATE document viewing library Closes: 868500 Changes: atril (1.16.1-2+deb9u1) stretch-security; urgency=high . * Non-maintainer upload * Add 0001-CVE-2017-1000083-comics-Remove-support-for-tar-and-tar-like-command.patch Fixes a command injection vulnerability in CBT handler. CVE-2017-1000083 (Closes: #868500) Checksums-Sha1: b81cba34e81a6a31363922d52c419e32290682e2 2890 atril_1.16.1-2+deb9u1.dsc 5ee0a110b6ecacde4bdfaaa35cad197a3ddcc56c 1305180 atril_1.16.1.orig.tar.xz 6fbe08895066f5ce31b4d4c924a5bb4dc0e5bf21 15332 atril_1.16.1-2+deb9u1.debian.tar.xz e33bc6c37b640de627fdfc0b5cad032327485aa9 16006 atril_1.16.1-2+deb9u1_source.buildinfo Checksums-Sha256: aa61dec257dbca8b9fe578220448f9cbb1c087838dc3fb7e0e6198db789cf692 2890 atril_1.16.1-2+deb9u1.dsc 7d0017af51933411466785a342bcc8b216df45b6a934d73d5773dae211bae4a3 1305180 atril_1.16.1.orig.tar.xz 4a9a2a6a8cbe4dc45642257f55511f2525615a5cc163672b21c0d72cbc5fa3f2 15332 atril_1.16.1-2+deb9u1.debian.tar.xz cf62f32e74f54acb36a8a8b8ce4d77f292f6a1b2987a40297cac7542d55351dc 16006 atril_1.16.1-2+deb9u1_source.buildinfo Files: a34072c83c2f8bd616632d7e73d8b786 2890 x11 optional atril_1.16.1-2+deb9u1.dsc 5b420e04cf3eabc8fbe50ad02743c956 1305180 x11 optional atril_1.16.1.orig.tar.xz 8141a230b45676265d84ee0798052a64 15332 x11 optional atril_1.16.1-2+deb9u1.debian.tar.xz 90f0fed33739c5fab26b5824bad9d4d5 16006 x11 optional atril_1.16.1-2+deb9u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZBjBLN3JFZ8LzvKD3m/9uMjWSL0FAllxxwwACgkQ3m/9uMjW SL1d7w//e38mg1/jakNmn3jF00bQJ7QpZTK0ZkwAghFtFi5FX5MY4l3Xv/pBNeot axrFcbjLkU9C+9zK5iVPnBUyvPhsAgAFiEd51R62bduSuZYMIvj6EdHAn1PeaxJL m6OEeRJhQg+DBG6Ys+8zdPz/h7AdkdTJnTiH+T+w4gpywJ4WfzwDZPJQ29BYZ8lM jTWi3pOoI0Q2ZvwN1d40aNS1PkbrjKxT3pVHSoLZyoTnMvlJdgivuRIIe2NC5hqf H25Pi3OxRYqogPLMzKES5CaVvaAaBLu2rgSMVG/PL+jhyPRGEFylMgqK0/UH72vE lgOfHYjRgx7DAsrlj1GewjxbpX8ndwx4AArM1qtUuQDvovfY8/yqEKSTilcMdaMM njhexh9r7iR7YmgA+vsa6JyscajAMO+cdrhkhyPLdLIe6EW2RgzFNMKBBD+pCt+v 9EUIlNYS3VvGBz8sFM2v3WeTSC03QZR+YO1FclT6wx6Zs+IHSv3yKmS/AZyqkrmb xb2n475YJNt/v10dYiEasV+iw2/G3uNYZTclDzvqsLJ1BMFp9qj0zp5D2GVi/S4d dKm/rUEPn3wyUVCmmvNQHZbQJxMNwtmLQIpxztJ9bNFFziLRh20j1YNDBnPDx6t4 o2egynL3I2iyYxCyBU+2B/cQI7OQWeXly9sIG+KwUbls/c1RBlI= =7Zr4 -----END PGP SIGNATURE-----
--- End Message ---
