[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#908866: marked as done (tcpdf: CVE-2018-17057)



Your message dated Mon, 25 Feb 2019 22:08:13 +0000
with message-id <E1gyOQ1-0005EK-83@fasolo.debian.org>
and subject line Bug#908866: fixed in tcpdf 6.2.26+dfsg-1
has caused the Debian Bug report #908866,
regarding tcpdf: CVE-2018-17057
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
908866: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908866
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Source: tcpdf
Version: 6.2.13+dfsg-1
Severity: grave
Tags: patch security upstream

Hi,

The following vulnerability was published for tcpdf.

CVE-2018-17057[0]:
| An issue was discovered in TCPDF before 6.2.22. Attackers can trigger
| deserialization of arbitrary data via the phar:// wrapper.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-17057
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17057
[1] https://github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26e

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: tcpdf
Source-Version: 6.2.26+dfsg-1

We believe that the bug you reported is fixed in the latest version of
tcpdf, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 908866@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emanuele Rocca <ema@debian.org> (supplier of updated tcpdf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 25 Feb 2019 22:23:26 +0100
Source: tcpdf
Binary: php-tcpdf
Architecture: source all
Version: 6.2.26+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Emanuele Rocca <ema@debian.org>
Description:
 php-tcpdf  - PHP class for generating PDF files on-the-fly
Closes: 908866
Changes:
 tcpdf (6.2.26+dfsg-1) unstable; urgency=medium
 .
   [ Emanuele Rocca ]
   * QA upload
   * New upstream release (Closes: #908866, CVE-2018-17057)
 .
   [ Jelmer Vernooij ]
   * Use secure copyright file specification URI.
   * Trim trailing whitespace.
 .
   [ Ondřej Nový ]
   * d/rules: Remove trailing whitespaces
   * d/watch: Use https protocol
Checksums-Sha1:
 85ac1d1bb4bd7d8ef676a102f438e4823f95ac3d 1852 tcpdf_6.2.26+dfsg-1.dsc
 95f1963a36c0c321f28873ea4af39a7ea291ef7a 10777849 tcpdf_6.2.26+dfsg.orig.tar.gz
 b86c6c73dc28e70cd67ca05daa4ca9eb2da9ed55 5812 tcpdf_6.2.26+dfsg-1.debian.tar.xz
 24f01c66658da865a7da3c9ed83071559ba3818f 7830892 php-tcpdf_6.2.26+dfsg-1_all.deb
 7907e6f369cb88554bfca4d57b633d6adade6ce1 5323 tcpdf_6.2.26+dfsg-1_amd64.buildinfo
Checksums-Sha256:
 37a42ab41190f1092821941491a01ba8b9115af767b367366b9b992789cd3d82 1852 tcpdf_6.2.26+dfsg-1.dsc
 14da284ddf8db4730ff0e4769c506f42cba3e25e7501e0e72ac8b63439815f09 10777849 tcpdf_6.2.26+dfsg.orig.tar.gz
 8f20516ae7a613957d394315709bb23ba0ada5a8cdfc313cc7061118220f71ec 5812 tcpdf_6.2.26+dfsg-1.debian.tar.xz
 4ca5302277c5927f234906e81d7a5c187354e82d4dd0155e764309a189f0dd01 7830892 php-tcpdf_6.2.26+dfsg-1_all.deb
 b7d354fe60873b4da63a9c0a3fb8b0a7f6ff14bf89b4c4961fb40f5204782d49 5323 tcpdf_6.2.26+dfsg-1_amd64.buildinfo
Files:
 e3d0c6ae853c1407c44fee065e54003d 1852 php optional tcpdf_6.2.26+dfsg-1.dsc
 239ed6e7e4bc086e8baec9b4f25c33dc 10777849 php optional tcpdf_6.2.26+dfsg.orig.tar.gz
 4eef11dd355783c6a07888f2d977e733 5812 php optional tcpdf_6.2.26+dfsg-1.debian.tar.xz
 cc1d13c71efb1fb3211ffba830949bba 7830892 php optional php-tcpdf_6.2.26+dfsg-1_all.deb
 a96f6d590eff3755e4528ba2583902d9 5323 php optional tcpdf_6.2.26+dfsg-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEElUWWlhkoHBf/rFiR1QhaB1D9t6MFAlx0YCcPHGVtYUBkZWJp
YW4ub3JnAAoJENUIWgdQ/bejCUMQAIo2x3zbL7JeNee/DUMe4MWNgj/PBKCgsQUe
8BwZ7F+eLHEsltV7zaPvui2zLjkFW0AADYT5ZGBhAeIaMiEX8ruvJIcfG/mT9zMT
YGrPcJjpZh52EihOwp/W517OV3fIU6HMsNkfUj+LNAFUFyjAnbcIpBsA8scHzZA4
RW+eNZI2LHYJ8IGJt5jzq/kkgtojb1wx11mr4GRFBfaMrxfPi82U4imo4K++ljKT
FABb9vfIudy2qKwdS3y5I7pGzIDZyITkYRKdP1sNVv+3RJLga/kx8hWA4oBXcbsh
+HR5gOqBmEWrJuM49MhoNw5euzVt89eyJR+CRTxM3MxHNa9U7KTp75RJvv+XO7Wg
/gCq1LfKXVgQmdgkbK/ljnf44E4OgmGtSZgDlNAsn3nx3q76fDnHY9mL1apsShxJ
BNmSXMfBW6nJf3JQDkQb7mnom5NB8GGe4+o6h8fmehqUdOEYY/Xb0lU2WG+qd4lW
CHV7i4N8eDej/1sVk6UmAucrAtXAqn+pChlPp5hpnwGsNeCTMWyXBFSIpjPu1hr0
aX+EXRxkuWFI2mAjlIB6pvWiVKwZ1Rl4WLFP2YomBltyTb80rlmL7KBrjwvVUmBI
8U7FDDHObH8gRENx/2gHP0byLMDcSjBi4Q3zF8O7uIZKfAfzMg+7qFc+Gt3H28AA
fsfHTOfU
=AEs6
-----END PGP SIGNATURE-----

--- End Message ---

Reply to: