Debian Bug report logs -
#889759
leptonlib: CVE-2018-3836: gplotMakeOutput Command Injection Vulnerability
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, Jeff Breidenbach <jab@debian.org>:
Bug#889759; Package src:leptonlib.
(Tue, 06 Feb 2018 21:03:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, Jeff Breidenbach <jab@debian.org>.
(Tue, 06 Feb 2018 21:03:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: leptonlib
Version: 1.71-2.1
Severity: grave
Tags: security upstream
Hi,
the following vulnerability was published for leptonlib.
CVE-2018-3836[0]:
gplotMakeOutput Command Injection Vulnerability
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-3836
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3836
[1] https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0516
Regards,
Salvatore
Reply sent
to Jeff Breidenbach <jab@debian.org>:
You have taken responsibility.
(Thu, 15 Feb 2018 19:09:03 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Thu, 15 Feb 2018 19:09:03 GMT) (full text, mbox, link).
Message #10 received at 889759-close@bugs.debian.org (full text, mbox, reply):
Source: leptonlib
Source-Version: 1.75.3-1
We believe that the bug you reported is fixed in the latest version of
leptonlib, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 889759@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jeff Breidenbach <jab@debian.org> (supplier of updated leptonlib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 15 Feb 2018 10:36:53 -0800
Source: leptonlib
Binary: libleptonica-dev liblept5 leptonica-progs
Architecture: source amd64
Version: 1.75.3-1
Distribution: unstable
Urgency: medium
Maintainer: Jeff Breidenbach <jab@debian.org>
Changed-By: Jeff Breidenbach <jab@debian.org>
Description:
leptonica-progs - sample programs for Leptonica image processing library
liblept5 - image processing library
libleptonica-dev - image processing library
Closes: 889759
Changes:
leptonlib (1.75.3-1) unstable; urgency=medium
.
* New upstream release
* Includes gPlotMakeOutput security fix (closes: #889759)
Checksums-Sha1:
bc84ce91f840f536b9de50b313bb087d24ce8ae4 1953 leptonlib_1.75.3-1.dsc
b215105ea743fabdb4d6966b76831aa15d468657 12378165 leptonlib_1.75.3.orig.tar.gz
c0e179932a91031e47a669a669077b827f573473 5756 leptonlib_1.75.3-1.debian.tar.xz
804a27944cae665d3e7a459f182954b04fe6f71a 32912 leptonica-progs-dbgsym_1.75.3-1_amd64.deb
5e5914e7d8b07a3e8f65253f4f12729262a446c4 17256 leptonica-progs_1.75.3-1_amd64.deb
a708856964139f664ead5c847b40d1ab6b2a1035 7378 leptonlib_1.75.3-1_amd64.buildinfo
9eb4e6df98df4ce40200c8326c4293a15fb48ae3 2265548 liblept5-dbgsym_1.75.3-1_amd64.deb
e9316b911e43f9b1bd32c4387aad71ae70c7bc39 937096 liblept5_1.75.3-1_amd64.deb
b9315f53222239339a0beae7b0fb4d3d77c8f965 1315184 libleptonica-dev_1.75.3-1_amd64.deb
Checksums-Sha256:
bcb1dbeae0c0d4f09848815126f489901a3e63cc83abdabd1ec5ef49c547f79a 1953 leptonlib_1.75.3-1.dsc
46bdc1bd53ee6b3342b8bde0157fc454248bab4b6808a5172a3134e78bf8c878 12378165 leptonlib_1.75.3.orig.tar.gz
8f3516fdf79b7562057132cbe9a33487f4fc7a24c17f2444cc56a6eaf9ede4a2 5756 leptonlib_1.75.3-1.debian.tar.xz
5585f0a5d8cbd153d1985df59b366c235474d1bc291851c7e1659ccabd8a23a2 32912 leptonica-progs-dbgsym_1.75.3-1_amd64.deb
fb73f216088fa0d5a125388223cfc073317d9c13e93195daa6beb3ce9312ae61 17256 leptonica-progs_1.75.3-1_amd64.deb
e6ccdab31dd67457fec24b346011501dc0183129b20240df7e34ac24e46e0989 7378 leptonlib_1.75.3-1_amd64.buildinfo
089d83fc1a930a08e5a32acf36ff748810675ab97a253c099b60a37c2fbb4021 2265548 liblept5-dbgsym_1.75.3-1_amd64.deb
caaa182dddd7648c0199b1184a8b64f30362f963ec1ca3a640ef9eb7663a7e39 937096 liblept5_1.75.3-1_amd64.deb
4f61ec3002b1d4c3d5e029f03e121a4708e68979b3791f611ba2113acd31c12e 1315184 libleptonica-dev_1.75.3-1_amd64.deb
Files:
0738768646b1c1ed1b3a0349e24ddc1e 1953 graphics optional leptonlib_1.75.3-1.dsc
37fa4c907abd90d7d7f29ee9860b2d8b 12378165 graphics optional leptonlib_1.75.3.orig.tar.gz
fefb0fc26e0cf36d2c5d35b21018b154 5756 graphics optional leptonlib_1.75.3-1.debian.tar.xz
db26a4c96a11ed28ab5e401ca2080907 32912 debug optional leptonica-progs-dbgsym_1.75.3-1_amd64.deb
1f0f60838025f5ecc21d4e22207fffca 17256 graphics optional leptonica-progs_1.75.3-1_amd64.deb
13d1f16d8eee760ad942fd1b1612d17f 7378 graphics optional leptonlib_1.75.3-1_amd64.buildinfo
7a5c2e2971adaa4e6d1f4be3ce98cec5 2265548 debug optional liblept5-dbgsym_1.75.3-1_amd64.deb
924ad9c327c57ea16838bb21babc8b2f 937096 libs optional liblept5_1.75.3-1_amd64.deb
e1f614e9064c5d0f6376c3c125163b36 1315184 libdevel optional libleptonica-dev_1.75.3-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCAAtFiEEfzii+Ck3m3QwNJ0yqHaugwpJrNMFAlqF1b8PHGphYkBkZWJp
YW4ub3JnAAoJEKh4roMKSazTdM0QAINAwS/25iJSUI4SN8/LXc6hJMmUqlyRWv6Z
AaYac4v+2Bk5iRC1knoqs8dTbCKW1NRzwvNhWb55j7IMW0ZDwP1tP3+/2KTgIRGZ
foztZ9v+6aF7UBQiENNXt6mgdM4LodEDsjzdvYiIxN38BUODztbvweb2Yd1AY2w0
xQyJiEih9Wr4xzA/nAfr75K3aglKHtcXJs8Q/Y004lz3eNFGJRQMD+7sojSqE/4N
lgoKkNS9rqmYsRV3pBOkl/EJUr3gzv+MwIhU31VMCpYlAkeB7MNpwflrN2J4XsWD
WCZGZMhcS+TnkjZOAz7dawlhpNpNQwe7+w5zRTpxXAozUSvBXXxLZxUo3QQlMViY
91AdIKJYP+dhpb9ekSpKy2+gbOB7pVUuTHLrNwydAasdlVbtsXNqzYzcoHqWlI1r
s7QtYEoR7V3cY/k4FVwZ2hyHhteIhNbyld8AHvgeZJBrpBFymlofjV/vxtn5Sob1
NgIW02jM86Ddfd0/7LdEVrHTUD6X1RVUuiK+y+Hyfbe9kIN2VgrCHADGnqI7lKuC
VlR/vs3r6yjU1gpeTIMNxK2LKYVYFT9/vxEE7fSsUtl4T/Q8a117UbgjZCm1SzMk
jaHHAtPtLoW9da0MSkg6t0eo7ht4YI0ooH1osxy54G5EtYkSTri2IVDjHHlpjm88
N4wKTy+e
=yhyc
-----END PGP SIGNATURE-----
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:03:01 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon