Your message dated Sun, 4 Jul 2021 22:39:56 +0200
with message-id
<cao9np94_vw8kuo0cazwvufdpojnkaexrc47lcpp7yaso26j...@mail.gmail.com>
and subject line Re: htmldoc: CVE-2019-19630
has caused the Debian Bug report #988289,
regarding htmldoc: CVE-2019-19630
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
988289: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988289
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: htmldoc
Version: 1.8.27-8
Severity: serious
Tags: security
User: debian...@lists.debian.org
Usertags: piuparts
Control: fixed -1 1.8.27-8+deb8u1
Control: fixed -1 1.9.7-1
Hi,
CVE-2019-19630 is fixed in jessie-lts but not stretch-lts, making
upgrades difficult since jessie-security has a newer version than
stretch(-security).
Please upload the fix to stretch-lts, too.
And as it looks, this is also unfixed in buster.
htmldoc | 1.8.27-8 | jessie | source
htmldoc | 1.8.27-8 | stretch | source
htmldoc | 1.8.27-8+deb8u1 | jessie-security | source
htmldoc | 1.9.3-1 | buster | source
htmldoc | 1.9.11-2 | bullseye | source
htmldoc | 1.9.11-2 | sid | source
Andreas
--- End Message ---
--- Begin Message ---
Control: fixed -1 1.8.27-8+deb9u1
Control: fixed -1 1.9.3-1+deb10u1
Hi,
Patches from upstream have been applied to fix CVE-2019-19630, in both
stretch and buster.
The version in stretch is now 1.8.27-8+deb9u1, which also eases the
upgrade from jessie.
Regards,
Håvard
--- End Message ---
