Debian Bug report logs -
#988289
htmldoc: CVE-2019-19630
Reported by: Andreas Beckmann <anbe@debian.org>
Date: Sun, 9 May 2021 17:36:01 UTC
Severity: serious
Tags: security
Found in version htmldoc/1.8.27-8
Fixed in versions htmldoc/1.9.7-1, htmldoc/1.8.27-8+deb8u1
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Håvard Flaget Aasen <haavard_aasen@yahoo.no>:
Bug#988289; Package src:htmldoc.
(Sun, 09 May 2021 17:36:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Andreas Beckmann <anbe@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Håvard Flaget Aasen <haavard_aasen@yahoo.no>.
(Sun, 09 May 2021 17:36:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: htmldoc
Version: 1.8.27-8
Severity: serious
Tags: security
User: debian-qa@lists.debian.org
Usertags: piuparts
Control: fixed -1 1.8.27-8+deb8u1
Control: fixed -1 1.9.7-1
Hi,
CVE-2019-19630 is fixed in jessie-lts but not stretch-lts, making
upgrades difficult since jessie-security has a newer version than
stretch(-security).
Please upload the fix to stretch-lts, too.
And as it looks, this is also unfixed in buster.
htmldoc | 1.8.27-8 | jessie | source
htmldoc | 1.8.27-8 | stretch | source
htmldoc | 1.8.27-8+deb8u1 | jessie-security | source
htmldoc | 1.9.3-1 | buster | source
htmldoc | 1.9.11-2 | bullseye | source
htmldoc | 1.9.11-2 | sid | source
Andreas
Marked as fixed in versions htmldoc/1.8.27-8+deb8u1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Sun, 09 May 2021 17:36:04 GMT) (full text, mbox, link).
Marked as fixed in versions htmldoc/1.9.7-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Sun, 09 May 2021 17:36:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Håvard Flaget Aasen <haavard_aasen@yahoo.no>:
Bug#988289; Package src:htmldoc.
(Sun, 09 May 2021 19:03:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Utkarsh Gupta <utkarsh@debian.org>:
Extra info received and forwarded to list. Copy sent to Håvard Flaget Aasen <haavard_aasen@yahoo.no>.
(Sun, 09 May 2021 19:03:03 GMT) (full text, mbox, link).
Message #14 received at 988289@bugs.debian.org (full text, mbox, reply):
Hello,
That's pretty unfortunate what happened. Since I fixed this in jessie
(back when it was LTS), I'll take care of stretch (now that it's LTS)
and subsequently buster as well. Thanks!
Added indication that 988289 affects htmldoc-common
Request was from Andreas Beckmann <anbe@debian.org>
to control@bugs.debian.org.
(Sun, 09 May 2021 19:30:04 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Mon May 10 12:43:23 2021;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon