Debian Bug report logs -
#902786
CVE-2018-1002209
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Sat, 30 Jun 2018 20:51:07 UTC
Severity: grave
Tags: security
Found in version libquazip/0.7.3-7
Fixed in version libquazip/0.7.6-1
Done: Andreas Tille <tille@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian Med Packaging Team <debian-med-packaging@lists.alioth.debian.org>:
Bug#902786; Package src:libquazip.
(Sat, 30 Jun 2018 20:51:10 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Med Packaging Team <debian-med-packaging@lists.alioth.debian.org>.
(Sat, 30 Jun 2018 20:51:10 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: libquazip
Severity: grave
Tags: security
Please see https://bugzilla.redhat.com/show_bug.cgi?id=1593011
This is fixed upstream in 0.7.6
Cheers,
Moritz
Reply sent
to Andreas Tille <tille@debian.org>:
You have taken responsibility.
(Sun, 01 Jul 2018 19:39:10 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Sun, 01 Jul 2018 19:39:10 GMT) (full text, mbox, link).
Message #10 received at 902786-close@bugs.debian.org (full text, mbox, reply):
Source: libquazip
Source-Version: 0.7.6-1
We believe that the bug you reported is fixed in the latest version of
libquazip, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 902786@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Tille <tille@debian.org> (supplier of updated libquazip package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 01 Jul 2018 20:26:59 +0200
Source: libquazip
Binary: libquazip1 libquazip-dev libquazip5-1 libquazip5-dev libquazip-headers libquazip5-headers libquazip-doc
Architecture: source
Version: 0.7.6-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Med Packaging Team <debian-med-packaging@lists.alioth.debian.org>
Changed-By: Andreas Tille <tille@debian.org>
Description:
libquazip-dev - C++ wrapper for ZIP/UNZIP (development files, Qt4 build)
libquazip-doc - C++ wrapper for ZIP/UNZIP (documentation)
libquazip-headers - C++ wrapper for ZIP/UNZIP (development header files)
libquazip1 - C++ wrapper for ZIP/UNZIP (Qt4 build)
libquazip5-1 - C++ wrapper for ZIP/UNZIP (Qt5 build)
libquazip5-dev - C++ wrapper for ZIP/UNZIP (development files, Qt5 build)
libquazip5-headers - C++ wrapper for ZIP/UNZIP (development header files, Qt5 build)
Closes: 902786
Changes:
libquazip (0.7.6-1) unstable; urgency=medium
.
* Project moved to Github
* New upstream version
Closes: #902786
* Build-Depends: doxygen, graphviz
* Some optional symbols were removed
* Switch to d-shlibs
Checksums-Sha1:
611c7c14341937ec9524d03f43d9e7d983e76804 2496 libquazip_0.7.6-1.dsc
ea30998d7a18631152ea28062f56b43fc34710a0 149029 libquazip_0.7.6.orig.tar.gz
43b51a848d67ba402ba0964ddb9fd381e60331c1 9612 libquazip_0.7.6-1.debian.tar.xz
Checksums-Sha256:
d8716aaaad50ff1c6c976e0af0b6a039df9209480a7d32805c3c6c56b5f44153 2496 libquazip_0.7.6-1.dsc
4118a830a375a81211956611cc34b1b5b4ddc108c126287b91b40c2493046b70 149029 libquazip_0.7.6.orig.tar.gz
ddac16f63c55e9ddcee8e7d2d28b865d5b0cf4db3df5a806a0101030db47098b 9612 libquazip_0.7.6-1.debian.tar.xz
Files:
d565e7484246d9dabf797089d05b8829 2496 libs optional libquazip_0.7.6-1.dsc
ab41bda24f0c54e870408eeb0413c7d1 149029 libs optional libquazip_0.7.6.orig.tar.gz
2bc9261b1bce0110dbb687a19373468d 9612 libs optional libquazip_0.7.6-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCAAvFiEE8fAHMgoDVUHwpmPKV4oElNHGRtEFAls5J0cRHHRpbGxlQGRl
Ymlhbi5vcmcACgkQV4oElNHGRtHdPQ//YKFzVlrKXEcMu1Cjb5lkd/uvDv0ut2YU
3cexy82fDPCLs0DWnvJWdOmKN9FEztecG3bdWAhqOwAJZ7bGRtG/gCO9CKYT+q/E
CIy7ivLDVlOCYGLwR29NU1SqOy+PPuprpc8Tz0fKHM01lkRUEMvpvvPVFqh62k5f
9UIbZ41+zSbO28VIfSwA7AHLTlQRvwIwCpjD9s80PZRwgHLSEETLBSutL2Xe9aBE
LoRir4HZjg4m3g+wdoFWMT/ZqaBgrWSFFQqkeCAKAFs9F2zzBMgq48oDJM1qS1eA
6fxBFM+kdRc8g5RMcphEdyZuwfcaiJrnvn1hxyz00u+Mk0h6NPUpPH6L/k6b74wJ
Ke/hQ9db3rQkbQaNTFxe2Jct7Nq3ZotPfWdhIjZRPSsVQX/w0mQEiMTK/6A3/w2+
vqL3oq6tHT9nCwDzGoXJlmSCpFhs23Umc/VM7qgg2wee1jMwlFmzDhoBm/CIotze
T0aXiK5g/07HZD+js0sbtyJL8AVD3/15c+OJvApG9TjJf2V4PuhMBI96aPsad+32
FNWaKJ9XJC3J9oefH32tTJO6PK6PRs8taqgu6nFnGmVjvICXHtS25Cx++ZK9zUqm
woWFoA2vxdb+8DjYWvOo33jXVV0Fp/6iR8tPvwarQCT4KV3FQpC2hKOsZeGN2y5Z
NwFBeKOgp+k=
=5l2g
-----END PGP SIGNATURE-----
Marked as found in versions libquazip/0.7.3-7.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 02 Jul 2018 20:39:02 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 31 Jul 2018 07:31:46 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:13:11 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon