Your message dated Tue, 03 Aug 2021 17:18:26 +0000 with message-id <e1may3e-000gx2...@fasolo.debian.org> and subject line Bug#990671: fixed in libjdom2-java 2.0.6-2.1 has caused the Debian Bug report #990671, regarding libjdom2-java: CVE-2021-33813 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 990671: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990671 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libjdom2-java Version: 2.0.6-2 Severity: important Tags: security upstream Forwarded: https://github.com/hunterhacker/jdom/pull/188 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: clone -1 -2 Control: reassign -2 src:libjdom1-java 1.1.3-2 Control: found -1 2.0.6-1 Control: found -2 1.1.3-2 Hi, The following vulnerability was published for libjdom2-java. CVE-2021-33813[0]: | An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to | cause a denial of service via a crafted HTTP request. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-33813 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33813 [1] https://github.com/hunterhacker/jdom/pull/188 [2] https://alephsecurity.com/vulns/aleph-2021003 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libjdom2-java Source-Version: 2.0.6-2.1 Done: Utkarsh Gupta <utka...@debian.org> We believe that the bug you reported is fixed in the latest version of libjdom2-java, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 990...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Utkarsh Gupta <utka...@debian.org> (supplier of updated libjdom2-java package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 03 Aug 2021 22:20:07 +0530 Source: libjdom2-java Architecture: source Version: 2.0.6-2.1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Utkarsh Gupta <utka...@debian.org> Closes: 990671 Changes: libjdom2-java (2.0.6-2.1) unstable; urgency=medium . * Non-maintainer upload by the LTS team. * Add patch to fix setFeature bug and add test case. (Fixes: CVE-2021-33813) (Closes: #990671) Checksums-Sha1: 9154053334378552c2c745b713b2079023035bd9 2129 libjdom2-java_2.0.6-2.1.dsc aa4a9041c330c0a823e0c78e2921bbdae37e7622 9108 libjdom2-java_2.0.6-2.1.debian.tar.xz b039c23d1333f89a0ae388301cb1193c0a0ca49c 11049 libjdom2-java_2.0.6-2.1_amd64.buildinfo Checksums-Sha256: 705ae507035fc8212c348c7b51c4ad0e639c6ecd060f42ed09e718080909f6ba 2129 libjdom2-java_2.0.6-2.1.dsc 6006d9873831977036bc9a357703abd90a17c8154adaff7818ca4128d1e59a6d 9108 libjdom2-java_2.0.6-2.1.debian.tar.xz ff84c1bee631e676d8ddfc0126f8b65b994fb4db7661695b39b09e4efd3804c8 11049 libjdom2-java_2.0.6-2.1_amd64.buildinfo Files: 4e5c6c8b12478655f935cee4a1ddac1d 2129 java optional libjdom2-java_2.0.6-2.1.dsc d2a03ad604b6bf27a3be2667fea89102 9108 java optional libjdom2-java_2.0.6-2.1.debian.tar.xz 6da79ef6397fee52f4c011853408e0bd 11049 java optional libjdom2-java_2.0.6-2.1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJHBAEBCAAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmEJdmoTHHV0a2Fyc2hA ZGViaWFuLm9yZwAKCRCCPpZ2BsNLlqkJD/9RXIj3w2Y4XBl5Mw35grw+vokwThGm A1Fz4qVzxVn7slnvSl940uXez5BemN48zJ7jJsJiekbDp61TRnMC9BRKDrmxAg3X z6Wi7zP7i4kiT5WpHng63vESRNXEaFohXXqIIIzEHwlWp8iwuvruHxM8oWlsK3A3 n6PsSPuBP3IlHuc91Smb1PXQG0uxNfx+H/9TmSHiqmR2kuMEoKX/EeatnnnUeUDR C0DsbD8uAsFpLfb0FQxu1nMqhDsxFTbs0dFbbP20uHuOQW/nHeiaNpEdV5IK7Z7Y g3yNFy8XsOi2RkmjP64QN/fE60ud7s+EtZk4gw1dDezgTEHnA83qpzWQeFNZleBw tTGEVyxzMQ04F/5oWujS29oKUOc9PsA9bnD7qM2ERKoGRds3CAHGy937ipAm6m2l HEfN5zRjVgS72+yE55aCjly8cA7kQaxOg1c8fScb36F8zgWJKGya56QwppwsOLfO azn0+my0aebtEeMsAApFAKxQ7TJ1W3FAM96H4WiJSDPHxhUwt5IosniwECMtA+M8 CoL4UpetVtvl503IQr42EBN3Rqq0+lO9yKDMpCdFB3+EGnC6X3ubDEV8594qwKnm DwyeN6EZlvZwRv7TZXfaOFKqNo3g2DGqot1mm1CzX9rIRKRecyBTElqc/jNukP2H bBwFQFGT5sX3lw== =2Xi9 -----END PGP SIGNATURE-----
--- End Message ---
