Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2018-18385

Related Vulnerabilities: CVE-2018-18385  

Source

Debian Bug report logs - #913892
CVE-2018-18385

version graph

Package: src:asciidoctor; Maintainer for src:asciidoctor is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>;

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Fri, 16 Nov 2018 16:15:01 UTC

Severity: important

Tags: fixed-upstream, security, upstream

Found in version asciidoctor/1.5.7.1-1

Fixed in version asciidoctor/1.5.8-1

Done: Joseph Herlant <aerostitch@debian.org>

Bug is archived. No further changes may be made.

Forwarded to https://github.com/asciidoctor/asciidoctor/issues/2888

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>:
Bug#913892; Package src:asciidoctor. (Fri, 16 Nov 2018 16:15:09 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>. (Fri, 16 Nov 2018 16:15:09 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2018-18385
Date: Fri, 16 Nov 2018 17:12:59 +0100
Source: asciidoctor
Severity: important
Tags: security

Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18385

Cheers,
        Moritz

Set Bug forwarded-to-address to 'https://github.com/asciidoctor/asciidoctor/issues/2888'. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 16 Nov 2018 19:51:02 GMT) (full text, mbox, link).

Added tag(s) upstream. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 16 Nov 2018 19:51:03 GMT) (full text, mbox, link).

Marked as found in versions asciidoctor/1.5.7.1-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 16 Nov 2018 19:51:05 GMT) (full text, mbox, link).

Added tag(s) fixed-upstream. Request was from debian-bts-link@lists.debian.org to control@bugs.debian.org. (Thu, 22 Nov 2018 17:15:02 GMT) (full text, mbox, link).

Reply sent to Joseph Herlant <aerostitch@debian.org>:
You have taken responsibility. (Wed, 28 Nov 2018 10:09:08 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Wed, 28 Nov 2018 10:09:08 GMT) (full text, mbox, link).

Message #18 received at 913892-close@bugs.debian.org (full text, mbox, reply):

From: Joseph Herlant <aerostitch@debian.org>
To: 913892-close@bugs.debian.org
Subject: Bug#913892: fixed in asciidoctor 1.5.8-1
Date: Wed, 28 Nov 2018 10:04:09 +0000
Source: asciidoctor
Source-Version: 1.5.8-1

We believe that the bug you reported is fixed in the latest version of
asciidoctor, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 913892@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Joseph Herlant <aerostitch@debian.org> (supplier of updated asciidoctor package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 22 Nov 2018 21:43:15 -0800
Source: asciidoctor
Binary: ruby-asciidoctor asciidoctor asciidoctor-doc
Architecture: source
Version: 1.5.8-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Joseph Herlant <aerostitch@debian.org>
Description:
 asciidoctor - AsciiDoc to HTML rendering for Ruby
 asciidoctor-doc - AsciiDoc to HTML rendering for Ruby (documentation)
 ruby-asciidoctor - AsciiDoc to HTML rendering for Ruby (core libraries)
Closes: 909105 913892
Changes:
 asciidoctor (1.5.8-1) unstable; urgency=medium
 .
   * New upstream version 1.5.8
     + CVE-2018-18385: fix infinite loop in Parser#next_block (Closes: #913892)
   * Refresh patches for new version
   * Fix Timezone tests when SOURCE_DATE_EPOCH is set.
   * d/control: bump standards to 4.2.1
   * d/control: ruby-thread-safe has been dropped from upstream
     in favor of ruby-concurrent
   * d/control: add dependency version from ruby-asciidoctor to the ruby pkg
   * Switch the architecture of asciidoctor back to all (Closes: #909105)
   * Set asciidoctor-doc Multi-Arch: foreign
   * Update my email to my new debian one
   * Use the new debhelper-compat(=11) notation and drop d/compat.
Checksums-Sha1:
 fa5df01dcc6464084da48ce8f0c162695e9fa093 2007 asciidoctor_1.5.8-1.dsc
 db92962071e267056d5cf34ae58366dd31cb1636 431171 asciidoctor_1.5.8.orig.tar.gz
 d1fe88e8c73376f617d775f3eb9c5d0b8fcfe0ed 7924 asciidoctor_1.5.8-1.debian.tar.xz
 f7ab737604e2484254fbc6b270139b5c6af44f4c 13806 asciidoctor_1.5.8-1_source.buildinfo
Checksums-Sha256:
 bdee34086ca18226094c2123c87dc89d6bdfe5054ff70b36085220fed0ca67f6 2007 asciidoctor_1.5.8-1.dsc
 e78badc51593b33a5bd1a6071af57b3afaaa3da9cb41848c2817c29f22bc5e84 431171 asciidoctor_1.5.8.orig.tar.gz
 117f2b1eb2e962ba78c5a861cbcfefea196786232df7ddbfb00de76e10d5c3f7 7924 asciidoctor_1.5.8-1.debian.tar.xz
 aae2e5a42fb211efc2eece31a78f9e7b80eb1ab573df05707d9ff2342ef06830 13806 asciidoctor_1.5.8-1_source.buildinfo
Files:
 f6dac9e1a37bbc23751d81ae3ca9fa69 2007 text optional asciidoctor_1.5.8-1.dsc
 6d4116f3d28a9cf4fbdf57abb125c144 431171 text optional asciidoctor_1.5.8.orig.tar.gz
 a93d383875c69ad0671909c51e46323a 7924 text optional asciidoctor_1.5.8-1.debian.tar.xz
 7140e612b508c8ac0c8a07fb4d1b28fe 13806 text optional asciidoctor_1.5.8-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEnM1rMZ2/jkCrGr0aia+CtznNIXoFAlv+YtkACgkQia+CtznN
IXpVqggAm8Xf/7G2RG8Y2aYnlsEF7ALCL44hp6HXpEAp9ZcSiv8TVJVqFlv/+12p
FCGcjOMKb1x9f8DMLvnr+ckXunreHKV0pGUes7J6yW63rL3xWoHdc+no89srJ8YE
6pSl3RW99kj39ZWkTDN9GgQKTAQrOyeWgUwJFx5mkBoO/GsL4qyZ32VJKo4Wd5xb
W/PUt7qi/GMQ52fH4dAfRaFqLBCwLUMxutgVdp7rzCtuHupIMDO5rOlU4ZmlOZKg
qoOuo4pylfoRxqyqPEqKVrmOz9JnabRIusAVnvsFrwWqkFapz9YO4iBt8Z/N91lH
ppcddWUPtMUYdGWafd7c1G1uYfYcBA==
=MOI7
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 28 Dec 2018 07:29:27 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 18:15:32 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started