Bug#884923: marked as done (abiword: CVE-2017-17529)
Your message dated Sun, 11 Mar 2018 11:19:15 +0000
with message-id <E1euz0V-000HNk-A7@fasolo.debian.org>
and subject line Bug#884923: fixed in abiword 3.0.2-6
has caused the Debian Bug report #884923,
regarding abiword: CVE-2017-17529
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
884923: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884923
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: abiword: CVE-2017-17529
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Thu, 21 Dec 2017 13:55:30 +0100
- Message-id: <151386093073.14781.10410668693912453622.reportbug@eldamar.local>
Source: abiword
Version: 3.0.2-5
Severity: normal
Tags: security upstream
Hi,
the following vulnerability was published for abiword.
CVE-2017-17529[0]:
| af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings
| before launching the program specified by the BROWSER environment
| variable, which might allow remote attackers to conduct
| argument-injection attacks via a crafted URL.
Might be possible to just compile with --with-gnomevfs and not use the
problematic function.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-17529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17529
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: abiword
Source-Version: 3.0.2-6
We believe that the bug you reported is fixed in the latest version of
abiword, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 884923@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon Quigley <tsimonq2@ubuntu.com> (supplier of updated abiword package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 11 Mar 2018 04:41:01 -0500
Source: abiword
Binary: abiword-common abiword abiword-plugin-grammar libabiword-3.0 libabiword-dev gir1.2-abi-3.0
Architecture: source
Version: 3.0.2-6
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Simon Quigley <tsimonq2@ubuntu.com>
Description:
abiword - efficient, featureful word processor with collaboration
abiword-common - efficient, featureful word processor with collaboration -- common
abiword-plugin-grammar - grammar checking plugin for AbiWord
gir1.2-abi-3.0 - GObject introspection data for libabiword
libabiword-3.0 - efficient, featureful word processor with collaboration -- shared
libabiword-dev - efficient, featureful word processor with collaboration -- develo
Closes: 884923
Changes:
abiword (3.0.2-6) unstable; urgency=medium
.
* QA upload.
* Compile with --with-gnomevfs to fix CVE-2017-17529
(Closes: #884923).
* Bump to debhelper compat 11, no changes needed.
* Bump Standards-version to 4.1.3, no changes needed.
* Update Vcs-* to reflect the move to Salsa.
Checksums-Sha1:
7e4083a93218c3ca73e7e1607cdcaa3004eb56e9 2946 abiword_3.0.2-6.dsc
194d68df68e309916fab96634c42e31915f01009 48948 abiword_3.0.2-6.debian.tar.xz
Checksums-Sha256:
f39ff3f64c418ee94757b1379480330b829590d458dfeba7f76813eac6517045 2946 abiword_3.0.2-6.dsc
7bc2d5887e5dadf11676d177240c9903dab747aadf37621ea6b67befae75e77d 48948 abiword_3.0.2-6.debian.tar.xz
Files:
58e09d58d9ca38cd89fe54cdd650441a 2946 gnome optional abiword_3.0.2-6.dsc
8e5f86edcf0062e770e596dd222d300c 48948 gnome optional abiword_3.0.2-6.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEJeP/LX9Gnb59DU5Qr8/sjmac4cIFAlqlAaYACgkQr8/sjmac
4cKSvA//QkOXL7Cn0ybz4El6JX7V3u2mHVZLnskt9t63ZRMOVen/gnPgNBVKPXiU
7iVbpBishgM5UD30Qolkz6ncMQrVSGWXU/QZjELGQqKFD1OoEHJPMRvY+Hg/ctMC
+CP6XgUCMcRIGbj5Ara/e+0pBnFfue6jmUeJeNi+taDciOB61Dyu0NiRapfx9oJd
uRc5yjGjvSoOj65jk26wiC/ikfsc9HrENC9lnKb+iTsJ8PkxehbIHL+66HKUxY0X
f4/SOtiYUvRKdKK/Us68BsT5PyL5Qz2tRR8eQfWFklR/hsIDX5hz4NaEnbB7MSF/
0ySYQoOzYSNMkE3Pjf60GXMxMOBVH5za+jtU7Ew1ORHi600imDggZfQ1ShAOynEM
ONv7sjvwee8myWIic84awEfrnkkvmNGpYZvcMX0uaBIU+lNiyO3sY8Cm6Td/Ug3l
vzDXdb8FVHW75EGRrBuKnv1Mcq/NY0y7n/2qGsgeb8M2GBZkU3dcladLW5A7WWsb
5oT9034ZdtlpJcCH7FN4bU5AQcACMRoJVXf42glWWRjnHWab+ea6DiMtd0Ga9oNT
suPsuLRH3gtXMgHEu4QeJtgGMVXEeGhhaQ5BApP6Z8TijO0HH9AjZs+JuYwVsL5g
bWsV6BiS7LDqaHdqG+3GyYOKLiHAEAAsMz4DjN4uuemoIgRecZg=
=AWFj
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: