Your message dated Mon, 24 Jul 2017 10:03:54 +0000
with message-id <[email protected]>
and subject line Bug#868500: fixed in atril 1.16.1-2.1
has caused the Debian Bug report #868500,
regarding atril: CVE-2017-1000083
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
868500: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868500
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: atril
Version: 1.16.1-2
Severity: grave
Tags: security
Justification: user security hole
Hi,
the following vulnerability was published for atril.
CVE-2017-1000083[0]:
Evince command injection vulnerability in CBT handler
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-1000083
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000083
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: atril
Source-Version: 1.16.1-2.1
We believe that the bug you reported is fixed in the latest version of
atril, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Santiago Ruano Rincón <[email protected]> (supplier of updated atril
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 21 Jul 2017 06:59:09 +0200
Source: atril
Binary: atril atril-common libatrilview3 libatrilview-dev libatrildocument3
libatrildocument-dev gir1.2-atril
Architecture: source
Version: 1.16.1-2.1
Distribution: unstable
Urgency: high
Maintainer: MATE Packaging Team <[email protected]>
Changed-By: Santiago Ruano Rincón <[email protected]>
Description:
atril - MATE document viewer
atril-common - MATE document viewer (common files)
gir1.2-atril - GObject introspection data for Atril
libatrildocument-dev - MATE document rendering library (development files)
libatrildocument3 - MATE document rendering library
libatrilview-dev - MATE document viewing library (development files)
libatrilview3 - MATE document viewing library
Closes: 868500
Changes:
atril (1.16.1-2.1) unstable; urgency=high
.
* Non-maintainer upload
* Add
0001-CVE-2017-1000083-comics-Remove-support-for-tar-and-tar-like-command.patch
Fixes a command injection vulnerability in CBT handler. CVE-2017-1000083
(Closes: #868500)
Checksums-Sha1:
5693b0b9df584d3aa8fda3e7c8467602edc3c323 2870 atril_1.16.1-2.1.dsc
43b9fab4c55e27225baabf97247cfbf7a61781df 15312 atril_1.16.1-2.1.debian.tar.xz
ff4971994c1ecf2145ae51d07230dd6cdccfb738 15986
atril_1.16.1-2.1_source.buildinfo
Checksums-Sha256:
dc88f16c84baa9e0315613b49649726c796344e3b29b827d62374aed59739e3d 2870
atril_1.16.1-2.1.dsc
6a46ef75cdb19fe7cc09834fc2ed5e0baf642116bbe28877aef6f024e7cf85c6 15312
atril_1.16.1-2.1.debian.tar.xz
3d8d775f9f9bbfbb3bc02be0f0f0aa75f1b11db85ae2c88fa73ad16d2532d296 15986
atril_1.16.1-2.1_source.buildinfo
Files:
af559ee89947e1b31dd4f8214de958ec 2870 x11 optional atril_1.16.1-2.1.dsc
0e964604a648204f2c0e66225beb3423 15312 x11 optional
atril_1.16.1-2.1.debian.tar.xz
ad5e541a901be6e7cff1945a1135c1b3 15986 x11 optional
atril_1.16.1-2.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEZBjBLN3JFZ8LzvKD3m/9uMjWSL0FAllxywIACgkQ3m/9uMjW
SL2nnhAAsIcuQJKjZQjElYUX+kb4RJ3RC4yuIfhAABqtKyQ7aoyDP+ScH4kFGpQM
dKvU5JDjFfGZkcrSE3So48wyLT9chC3NMm1q84aumj8ZwyxPLOG39Q9TFXFlOWo/
butyCOX6EFFqLt0R0bqvzclxrNO6ECO2SAMI/t7qCm0zuvW3C4SyWzXFtYkR57/v
X0hCRMCGQ1lmsBqIzJJOvOklA/NjiFNCA9WCMbI5xvbU+U9Wx0YgGtBCzvAiQtlz
xWda2FZYECX98cPGB3xjmsuvXxUpYpfbAJ29TOA9Jl+uEnRXhKIZ7cscrfgeHhLh
EF0yHI5stl7mPlTf5+rdEUXyFefgUKRDVpkuz7ISnWeUOF5bLj5zlsra138uiSJ2
aGNT4KSNM/laViYBkli44TZifmQJ3Oo6PPc8yUBwErPzHh9vwOqAiE6tTyMeANpd
+fX4eQKQxqo6GYC0/cjxia/MIivrC0xpNJYVHHY2bPYJtvnsblWVBEqJO6XlV0Zy
i1VMG6fOey+7CMAoYg2n/Lu9+6pteTk6b8+mRW+2ujcrRgOe+eufyJ+4AwO5cO3F
DiHxQfe/oi+2RMQVTFgiBIrgvddcPxT4v6PPV4ElXY+UZpihMeNCywus7FN13eYu
b2ltkrdtGdyYwlyS3FipRVaN/N92hkylcLAqU//4oR0zvDQIAT0=
=y+X8
-----END PGP SIGNATURE-----
--- End Message ---
