[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#954891: marked as done (okular: CVE-2020-9359: Local binary execution via action links)

Your message dated Wed, 25 Mar 2020 06:20:01 +0000
with message-id <E1jGzOT-0005dc-EK@fasolo.debian.org>
and subject line Bug#954891: fixed in okular 4:19.12.3-2
has caused the Debian Bug report #954891,
regarding okular: CVE-2020-9359: Local binary execution via action links
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
954891: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954891
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: okular
Version: 4:19.12.3-1
Severity: important
Tags: security upstream
Control: found -1 4:17.12.2-2.2
Control: found -1 4:16.08.2-1+deb9u1
Control: found -1 4:16.08.2-1

Hi,

The following vulnerability was published for okular.

CVE-2020-9359[0]:
| KDE Okular before 1.10.0 allows code execution via an action link in a
| PDF document.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-9359
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9359
[1] https://kde.org/info/security/advisory-20200312-1.txt
[2] https://invent.kde.org/kde/okular/-/commit/6a93a033b4f9248b3cd4d04689b8391df754e244

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: okular
Source-Version: 4:19.12.3-2
Done: Pino Toscano <pino@debian.org>

We believe that the bug you reported is fixed in the latest version of
okular, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 954891@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Pino Toscano <pino@debian.org> (supplier of updated okular package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 25 Mar 2020 07:06:56 +0100
Source: okular
Architecture: source
Version: 4:19.12.3-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Pino Toscano <pino@debian.org>
Closes: 954891
Changes:
 okular (4:19.12.3-2) unstable; urgency=medium
 .
   * Team upload.
   * Backport upstream commit 6a93a033b4f9248b3cd4d04689b8391df754e244 to not
     execute local binaries via action links (CVE-2020-9359); patch
     upstream_Document-processAction-If-the-url-points-to-a-binary.patch.
     (Closes: #954891)
Checksums-Sha1:
 11b138631ffc66354361dc3d88d4d08d201b60f2 3624 okular_19.12.3-2.dsc
 bfea787920e060d56f156d4f2f2c01bc008e17ce 20332 okular_19.12.3-2.debian.tar.xz
 85e61d4ffa5700ca9dddf8a1fbf24952e55e9c6f 21461 okular_19.12.3-2_source.buildinfo
Checksums-Sha256:
 12e0230cb367f2a3c4c0500bc89d85230008bc504dabd35c3089e9e63bf7f6b3 3624 okular_19.12.3-2.dsc
 0b0c3a6defede9fe26ee40a7a4b5a0a05abd4c862733587616bf4d620a285f00 20332 okular_19.12.3-2.debian.tar.xz
 f59df9b67cb321dd917d19267c82d7511a3b47f42a2443b94fa731a14a5669cc 21461 okular_19.12.3-2_source.buildinfo
Files:
 df047995bf52ce3bce9296d52a2c76f2 3624 kde optional okular_19.12.3-2.dsc
 68a3a4a7ec0b4180286134107081d58e 20332 kde optional okular_19.12.3-2.debian.tar.xz
 b4c71a696ad11b6c83efa331bb826e0d 21461 kde optional okular_19.12.3-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXyqfuC+mweEHcAcHLRkciEOxP00FAl569SwACgkQLRkciEOx
P018rRAAkVPUnpmv8e9m8GwZGemTGOnQv3jIUZUvcjRD9RMvMYqQI9s6kkj7oHBU
gaBsQYS16bud8GczzqcqoKDvf/5FvcwClE6XrPNOAJmKN/TaBSnLTrfmeKeVPpAU
sHRpoflT76iJnu1NoAnMO8wyMIy+DrpWJQ9xH0HXpwOfOJcNjAClIxLy1fD1Uw2z
rVWkeXWOfm7vCukgdh986bO4F4bw4UwGC7szZZCuV1oJE7AxJa+HFKXAjCR2xTqs
9vEPcMN8f8KINICjWFAgEzJjKExl8x85gPRw+zybymVnKu4LuUeD/bvEniaiEbUg
IaRdDM92TqaAyyvwDMLsQfecBwAHrnAkg7lDaPUjs2tC3qfoQeJ6iaFvovmJuxEZ
1nB05QG0ZARS4QkZqMeB1to5JACjaMfkwp/NmF8IBS129DcZ6w/qHkvNeYqoVGxI
18leWkp4AP7fstCjpXW/WMGFfDD42zZZIJ2ImRLbo33+chKbYtHMixmVFaElqRuH
Y27eSHEfFRNHyVVQB/02TBevSOSicaGBLuLWVtprAIEyyRGUm+f/C4Ez0VGXEqsa
e9PaQVv6jLLWdAmhzE27IgLCZM38btUVg5czwf/66Mx9f2arzEJ3uJVN2Y/Dqn3T
LvJtwxq/30MvhxM/lr727ryVuOaoCDwreKMRsfjMMJZqXrXh8Pw=
=YzF9
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: