Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2018-11797

Source

Debian Bug report logs - #910390
libpdfbox-java: CVE-2018-11797

Package: src:libpdfbox-java; Maintainer for src:libpdfbox-java is Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Fri, 5 Oct 2018 20:00:02 UTC

Severity: important

Tags: security, upstream

Found in versions libpdfbox-java/1:1.8.12-1, libpdfbox-java/1:1.8.15-1

Fixed in version libpdfbox-java/1:1.8.16-1

Done: Markus Koschany <apo@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#910390; Package src:libpdfbox-java. (Fri, 05 Oct 2018 20:00:05 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>. (Fri, 05 Oct 2018 20:00:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Source: libpdfbox-java
Version: 1:1.8.12-1
Severity: important
Tags: security upstream
Control: found -1 1:1.8.15-1
Control: clone -1 -2
Control: reassign -2 src:libpdfbox2-java 2.0.11-1
Control: retitle -2 libpdfbox2-java: CVE-2018-11797

Hi,

The following vulnerability was published for libpdfbox-java.

CVE-2018-11797[0]:
denial of service vulnerability

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-11797
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11797
[1] https://www.openwall.com/lists/oss-security/2018/10/05/4

Regards,
Salvatore

Marked as found in versions libpdfbox-java/1:1.8.15-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to submit@bugs.debian.org. (Fri, 05 Oct 2018 20:00:05 GMT) (full text, mbox, link).

Bug 910390 cloned as bug 910391 Request was from Salvatore Bonaccorso <carnil@debian.org> to submit@bugs.debian.org. (Fri, 05 Oct 2018 20:00:05 GMT) (full text, mbox, link).

Reply sent to Markus Koschany <apo@debian.org>:
You have taken responsibility. (Sat, 06 Oct 2018 14:48:05 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Sat, 06 Oct 2018 14:48:05 GMT) (full text, mbox, link).

Message #14 received at 910390-close@bugs.debian.org (full text, mbox, reply):

Source: libpdfbox-java
Source-Version: 1:1.8.16-1

We believe that the bug you reported is fixed in the latest version of
libpdfbox-java, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 910390@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany <apo@debian.org> (supplier of updated libpdfbox-java package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 06 Oct 2018 15:47:18 +0200
Source: libpdfbox-java
Binary: libpdfbox-java libpdfbox-java-doc libjempbox-java libjempbox-java-doc libfontbox-java libfontbox-java-doc
Architecture: source
Version: 1:1.8.16-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libfontbox-java - Java font library
 libfontbox-java-doc - Java font library (Documentation)
 libjempbox-java - XMP Compatible Java Library
 libjempbox-java-doc - XMP Compatible Java Library (documentation)
 libpdfbox-java - PDF library for Java
 libpdfbox-java-doc - PDF library for Java (documentation)
Closes: 910390
Changes:
 libpdfbox-java (1:1.8.16-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream version 1.8.16.
     - Fix CVE-2018-11797: denial-of-service via specially crafted PDF file.
       (Closes: #910390)
   * Declare compliance with Debian Policy 4.2.1.
Checksums-Sha1:
 08528048a82c8ba62b2247113f46f78e5fc49f09 2834 libpdfbox-java_1.8.16-1.dsc
 992a5e484d02e9e8d3dc0e64c8bf527b1bdd7af7 6551876 libpdfbox-java_1.8.16.orig.tar.xz
 56ca2b51ee51227c289eb8bca3cdf993c4df28e9 11604 libpdfbox-java_1.8.16-1.debian.tar.xz
 3e0f364650a0ef3d5bc8ddbe40ea1989db1d2154 17170 libpdfbox-java_1.8.16-1_amd64.buildinfo
Checksums-Sha256:
 568d6472cb0cf10b78e0a214b60b8bac7bf378434e3d4107f6bc506916e6bff2 2834 libpdfbox-java_1.8.16-1.dsc
 33571a3fc7c7353d4ced7665a8679b62eaad804df7e3f3f16a776dc75a67fb03 6551876 libpdfbox-java_1.8.16.orig.tar.xz
 a49d4e21feec12ae9cd185f8f9420c77b7833eb936754355e60c73dead90b54b 11604 libpdfbox-java_1.8.16-1.debian.tar.xz
 a8cb7d7fab4eb81641ca2d7d66a92ccab5da3746cb97b0ebc2fbf264940b4f99 17170 libpdfbox-java_1.8.16-1_amd64.buildinfo
Files:
 70ffbde10d9ec923ec1e1c2923eb4cb5 2834 java optional libpdfbox-java_1.8.16-1.dsc
 1fa679668910d82f8ebfcfc098e81574 6551876 java optional libpdfbox-java_1.8.16.orig.tar.xz
 fbd2f0b84e021bd77ad9e6a54628048a 11604 java optional libpdfbox-java_1.8.16-1.debian.tar.xz
 1acf2987a28a82eca6485c90b735c8e2 17170 java optional libpdfbox-java_1.8.16-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlu4vmdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkPPAQAMeS3rQP3vBAgwxU6VzsMdAsEl5V6wvcDgd4
NjO1VDCnoMB8fHP4IwtFshp/SXb4LCXHOSz1tS1kurIu1POgFVjyxGAdgldz6Jyd
BHlvq1W60gR5eVZbAABw9ihMBf3zTxAQwstHs2vsJUJg0fQehDBj3pMxovg2j9l/
/ucsX/xIT3Wjv1ezUQnbuU3PTGa3nyPhp0R2NkocBFeirPRXhht6AZTSKblFTHG8
+w4xOJ97qcMz3fD6gPRDRDBw3mQaIW5fPlf2tMW0H5DUZwrmYoyyyOBDpPJ4BCEA
7iGSr9xR+tjJKLYIzTUBJgj9XxBJFkrNRHVOVVifnyUtMaKNwZbcrQ8jwJIgPJbl
5Td13OdI9lLvCtmgpf/2fcPApUZSL5M7QreWMAlBqdJj2OslpuDCbf5NyLC6AviW
NyhGyyJyMScawpva5wpyKKiq3rJsO6mb0eWI3ia4CeSFMhPGUlrJSKM1k3c6/r/i
Y7vWQyS9BhEJinSoGaX5kA/ch+m8NoP0ZEzdfGXItgTLMPiwUzu/pJrpD4iGLf6Z
9KnVGUUpExWH91spOkfGgxl9VbQtd4QuBuzfyR8s4j8uDC5erL1QxuLlwF46+Gy0
c5OSAPWdrG6INKuFTeABfMkGmvNN2dow+cS4OuZhvrgaVqE9mqIlsjJ55ryeF3kM
rJHxXk1V
=3W5O
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 09 Nov 2018 07:30:42 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:44:14 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

libpdfbox-java: CVE-2018-11797

Debian Bug report logs - #910390
libpdfbox-java: CVE-2018-11797

Vulmon Search

About

Products

Connect

libpdfbox-java: CVE-2018-11797

Debian Bug report logs - #910390 libpdfbox-java: CVE-2018-11797

Vulmon Search

About

Products

Connect

Debian Bug report logs - #910390
libpdfbox-java: CVE-2018-11797