Debian Bug report logs -
#913892
CVE-2018-18385
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
:
Bug#913892
; Package src:asciidoctor
.
(Fri, 16 Nov 2018 16:15:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
.
(Fri, 16 Nov 2018 16:15:09 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: asciidoctor
Severity: important
Tags: security
Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18385
Cheers,
Moritz
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Fri, 16 Nov 2018 19:51:03 GMT) (full text, mbox, link).
Marked as found in versions asciidoctor/1.5.7.1-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Fri, 16 Nov 2018 19:51:05 GMT) (full text, mbox, link).
Added tag(s) fixed-upstream.
Request was from debian-bts-link@lists.debian.org
to control@bugs.debian.org
.
(Thu, 22 Nov 2018 17:15:02 GMT) (full text, mbox, link).
Reply sent
to Joseph Herlant <aerostitch@debian.org>
:
You have taken responsibility.
(Wed, 28 Nov 2018 10:09:08 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>
:
Bug acknowledged by developer.
(Wed, 28 Nov 2018 10:09:08 GMT) (full text, mbox, link).
Message #18 received at 913892-close@bugs.debian.org (full text, mbox, reply):
Source: asciidoctor
Source-Version: 1.5.8-1
We believe that the bug you reported is fixed in the latest version of
asciidoctor, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 913892@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Joseph Herlant <aerostitch@debian.org> (supplier of updated asciidoctor package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 22 Nov 2018 21:43:15 -0800
Source: asciidoctor
Binary: ruby-asciidoctor asciidoctor asciidoctor-doc
Architecture: source
Version: 1.5.8-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Joseph Herlant <aerostitch@debian.org>
Description:
asciidoctor - AsciiDoc to HTML rendering for Ruby
asciidoctor-doc - AsciiDoc to HTML rendering for Ruby (documentation)
ruby-asciidoctor - AsciiDoc to HTML rendering for Ruby (core libraries)
Closes: 909105 913892
Changes:
asciidoctor (1.5.8-1) unstable; urgency=medium
.
* New upstream version 1.5.8
+ CVE-2018-18385: fix infinite loop in Parser#next_block (Closes: #913892)
* Refresh patches for new version
* Fix Timezone tests when SOURCE_DATE_EPOCH is set.
* d/control: bump standards to 4.2.1
* d/control: ruby-thread-safe has been dropped from upstream
in favor of ruby-concurrent
* d/control: add dependency version from ruby-asciidoctor to the ruby pkg
* Switch the architecture of asciidoctor back to all (Closes: #909105)
* Set asciidoctor-doc Multi-Arch: foreign
* Update my email to my new debian one
* Use the new debhelper-compat(=11) notation and drop d/compat.
Checksums-Sha1:
fa5df01dcc6464084da48ce8f0c162695e9fa093 2007 asciidoctor_1.5.8-1.dsc
db92962071e267056d5cf34ae58366dd31cb1636 431171 asciidoctor_1.5.8.orig.tar.gz
d1fe88e8c73376f617d775f3eb9c5d0b8fcfe0ed 7924 asciidoctor_1.5.8-1.debian.tar.xz
f7ab737604e2484254fbc6b270139b5c6af44f4c 13806 asciidoctor_1.5.8-1_source.buildinfo
Checksums-Sha256:
bdee34086ca18226094c2123c87dc89d6bdfe5054ff70b36085220fed0ca67f6 2007 asciidoctor_1.5.8-1.dsc
e78badc51593b33a5bd1a6071af57b3afaaa3da9cb41848c2817c29f22bc5e84 431171 asciidoctor_1.5.8.orig.tar.gz
117f2b1eb2e962ba78c5a861cbcfefea196786232df7ddbfb00de76e10d5c3f7 7924 asciidoctor_1.5.8-1.debian.tar.xz
aae2e5a42fb211efc2eece31a78f9e7b80eb1ab573df05707d9ff2342ef06830 13806 asciidoctor_1.5.8-1_source.buildinfo
Files:
f6dac9e1a37bbc23751d81ae3ca9fa69 2007 text optional asciidoctor_1.5.8-1.dsc
6d4116f3d28a9cf4fbdf57abb125c144 431171 text optional asciidoctor_1.5.8.orig.tar.gz
a93d383875c69ad0671909c51e46323a 7924 text optional asciidoctor_1.5.8-1.debian.tar.xz
7140e612b508c8ac0c8a07fb4d1b28fe 13806 text optional asciidoctor_1.5.8-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEnM1rMZ2/jkCrGr0aia+CtznNIXoFAlv+YtkACgkQia+CtznN
IXpVqggAm8Xf/7G2RG8Y2aYnlsEF7ALCL44hp6HXpEAp9ZcSiv8TVJVqFlv/+12p
FCGcjOMKb1x9f8DMLvnr+ckXunreHKV0pGUes7J6yW63rL3xWoHdc+no89srJ8YE
6pSl3RW99kj39ZWkTDN9GgQKTAQrOyeWgUwJFx5mkBoO/GsL4qyZ32VJKo4Wd5xb
W/PUt7qi/GMQ52fH4dAfRaFqLBCwLUMxutgVdp7rzCtuHupIMDO5rOlU4ZmlOZKg
qoOuo4pylfoRxqyqPEqKVrmOz9JnabRIusAVnvsFrwWqkFapz9YO4iBt8Z/N91lH
ppcddWUPtMUYdGWafd7c1G1uYfYcBA==
=MOI7
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Fri, 28 Dec 2018 07:29:27 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:15:32 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.