Your message dated Sat, 25 Mar 2023 20:59:22 +0000 with message-id <e1pgayw-002q6p...@fasolo.debian.org> and subject line Bug#1008320: fixed in ocrfeeder 0.8.5-1 has caused the Debian Bug report #1008320, regarding ocrfeeder: CVE-2022-27811 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1008320: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008320 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ocrfeeder Version: 0.8.3-3 Severity: important Tags: security upstream Forwarded: https://gitlab.gnome.org/GNOME/ocrfeeder/-/merge_requests/13 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for ocrfeeder. CVE-2022-27811[0]: | GNOME OCRFeeder before 0.8.4 allows OS command injection via shell | metacharacters in a PDF or image filename. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-27811 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27811 [1] https://gitlab.gnome.org/GNOME/ocrfeeder/-/merge_requests/13 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: ocrfeeder Source-Version: 0.8.5-1 Done: Sebastian Ramacher <sramac...@debian.org> We believe that the bug you reported is fixed in the latest version of ocrfeeder, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1008...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sebastian Ramacher <sramac...@debian.org> (supplier of updated ocrfeeder package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 25 Mar 2023 21:36:13 +0100 Source: ocrfeeder Architecture: source Version: 0.8.5-1 Distribution: unstable Urgency: medium Maintainer: Debian Python Team <team+pyt...@tracker.debian.org> Changed-By: Sebastian Ramacher <sramac...@debian.org> Closes: 1008320 Changes: ocrfeeder (0.8.5-1) unstable; urgency=medium . * Team upload * New upstream version 0.8.5 - Fix CVE-2022-27811 (Closes: #1008320) * debian/patches: Remove no longer needed patch Checksums-Sha1: f6101192133950a83e3ad2669d4f60638c80aa40 1552 ocrfeeder_0.8.5-1.dsc 8047dd2246dffd14d6392522ccb028e6a993508c 894404 ocrfeeder_0.8.5.orig.tar.xz abf1e757303331e07027c32a16ee87e8178f2326 5708 ocrfeeder_0.8.5-1.debian.tar.xz Checksums-Sha256: b5c8c8c1959574efcb5c2141844f4abf2081fef6f18497a8cffc2c13bb09a075 1552 ocrfeeder_0.8.5-1.dsc b03d2a5949dd82e2734f0d2ecb4148aaea457f8397e9d4c5bdc77e333fbc4aed 894404 ocrfeeder_0.8.5.orig.tar.xz 2fe07ddbd6d81adfe46cf3423b4bb860dc195177e549ff92e2df256f0d89f65f 5708 ocrfeeder_0.8.5-1.debian.tar.xz Files: d0c6b03e9e1cb016a061b0d2ddb22178 1552 graphics optional ocrfeeder_0.8.5-1.dsc 908c68946d53cd1b864e53af1fe4de0d 894404 graphics optional ocrfeeder_0.8.5.orig.tar.xz 545ac85a01e1001277727dd895b496d9 5708 graphics optional ocrfeeder_0.8.5-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRCYn6EHZln2oPh+pAhk2s2YA/NiQUCZB9bzAAKCRAhk2s2YA/N iUoHAQDwCh9XQEP72kRRumK78I/1GuLNEJFYkAY1kU0OFBx6dAEA4cqdfOLXPQ0x slf/kMk3C5qy2yh3jf457GSC3u+asQ8= =BkJy -----END PGP SIGNATURE-----
--- End Message ---
