Your message dated Sat, 09 Feb 2019 20:42:20 +0000 with message-id <e1gszs8-0009ml...@fasolo.debian.org> and subject line Bug#921772: fixed in jabref 3.8.2+ds-12 has caused the Debian Bug report #921772, regarding CVE-2018-1000652 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 921772: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921772 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: jabref Severity: grave Tags: security This was assigned CVE-2018-1000652: https://github.com/JabRef/jabref/issues/4229 https://github.com/JabRef/jabref/commit/89f855d76713b4cd25ac0830c719cd61c511851e Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: jabref Source-Version: 3.8.2+ds-12 We believe that the bug you reported is fixed in the latest version of jabref, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 921...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. gregor herrmann <gre...@debian.org> (supplier of updated jabref package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 09 Feb 2019 00:54:59 +0100 Source: jabref Architecture: source Version: 3.8.2+ds-12 Distribution: unstable Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: gregor herrmann <gre...@debian.org> Closes: 921772 Changes: jabref (3.8.2+ds-12) unstable; urgency=high . * Add patch from upstream commit to fix CVE-2018-1000652: XML External Entity attack. Thanks to Moritz Muehlenhoff for the bug report. (Closes: #921772) Checksums-Sha1: 2f6ef783e4cba8ef54d395ec270071a62598b60d 2762 jabref_3.8.2+ds-12.dsc f04e60130e303c21d419cb4639bc7d063a5a366e 50152 jabref_3.8.2+ds-12.debian.tar.xz 3f38bbb32d22cf84aeae2ae105fc5305b8eac0af 15816 jabref_3.8.2+ds-12_amd64.buildinfo Checksums-Sha256: cf4c81f5bf0034222833f555a9dedcb6cabca9eab51f55eb80192c6e39d8d762 2762 jabref_3.8.2+ds-12.dsc 0b69a1ed3f918554aa5147d6bb45c2dca8c19a0154967e041ca396bc17625eb0 50152 jabref_3.8.2+ds-12.debian.tar.xz 7020013fe6700dd6c3f4173003c9a83e5380917f24b080931ee454d55ec60c4b 15816 jabref_3.8.2+ds-12_amd64.buildinfo Files: 253c5b6ee1d208c7f86a444bf9c4c980 2762 tex optional jabref_3.8.2+ds-12.dsc 91b365a3c979c16801e573f0e41e7862 50152 tex optional jabref_3.8.2+ds-12.debian.tar.xz be34fe1ed3a5a5d9b3940087cdc329fc 15816 tex optional jabref_3.8.2+ds-12_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAlxfLW0UHHRtYW5jaWxs QGRlYmlhbi5vcmcACgkQIdIFiZdLPpZZ9BAAhArMIHWnd5QL0AxfXamnzoBec9Fp c3675kMgoqpg9mG4RfiU9WcLA4ZgbGN4bmtXbeBgSRmz/gobDHfqXABiV301QfEm LjJZ/X+RulvD39BjRbxU0IyZZKldWT0I2LjYeBHafYxDugtq+J8MjSnnR4HqQmC7 H2mOIeQUcr9ZZRoXI8X3y3+3LQxMfZ4AmPpPjAQ4mkYBrvlvIvpLyUSOJcDWViJQ JSyGomQCG3RBNssjldSfvvwUJFZMoz91+IjA0FaOW+ia/wp1H8krIDiXyfIbZlsl vWgUaAVjQTha8OudynQ7HRwTkWqKct78T8WP4jFk2pMjg2KTWmEQukEpBsYt/3P4 Ni7lZW4NtXe5p6zowUt0ws0lE8dP5ONc91QZ3C1nkTpo6s4p8rr/9uh1UBkpUd2O 9We281CfhtAZTDSOVuTa48g575vnz9rQfv8cucz9JDIzDkLZ9QgODMHrqjOuhWrk P1fozs1ooP7vq//FLumqkBDRnxd491J05o4aFTCtOQN2ysme8Lgz55wancIURCR+ ZtImxzvEiG9s1crF27cAfkIPSr5kY+qPFTTQexYMVO1ZaUdgP8LsFDOiG9lvqihK 3yJFuPjHD9Mg98syxZDZ6KUvvzx1sn0oKkMRS1AouNKHfFU07hMsdvdZT7JSHz/g asJTn/MmPTUM8lU= =V+op -----END PGP SIGNATURE-----
--- End Message ---
