Bug#850874: marked as done (ark: CVE-2017-5330: Unintended execution of scripts and executable files)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Fri, 10 Feb 2017 15:48:35 +0000
with message-id <E1ccDR5-000Hyt-JG@fasolo.debian.org>
and subject line Bug#850874: fixed in ark 4:16.08.3-2
has caused the Debian Bug report #850874,
regarding ark: CVE-2017-5330: Unintended execution of scripts and executable files
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
850874: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850874
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: ark: CVE-2017-5330: Unintended execution of scripts and executable files
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Tue, 10 Jan 2017 21:01:36 +0100
• Message-id: <148407849625.20328.12299035702145164468.reportbug@eldamar.local>

Source: ark
Version: 4:16.08.3-1
Severity: grave
Tags: upstream patch security fixed-upstream
Justification: user security hole
Forwarded: https://bugs.kde.org/show_bug.cgi?id=374572

Hi,

the following vulnerability was published for ark.

CVE-2017-5330[0]:
unintended execution of scripts and executable files

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-5330
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5330
[1] https://bugs.kde.org/show_bug.cgi?id=374572
[2] https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f9065

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

• To: 850874-close@bugs.debian.org
• Subject: Bug#850874: fixed in ark 4:16.08.3-2
• From: Maximiliano Curia <maxy@debian.org>
• Date: Fri, 10 Feb 2017 15:48:35 +0000
• Message-id: <E1ccDR5-000Hyt-JG@fasolo.debian.org>

Source: ark
Source-Version: 4:16.08.3-2

We believe that the bug you reported is fixed in the latest version of
ark, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 850874@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Maximiliano Curia <maxy@debian.org> (supplier of updated ark package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 10 Feb 2017 16:29:46 +0100
Source: ark
Binary: ark
Architecture: source
Version: 4:16.08.3-2
Distribution: unstable
Urgency: medium
Maintainer: Debian/Kubuntu Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Maximiliano Curia <maxy@debian.org>
Description:
 ark        - archive utility
Closes: 850874
Changes:
 ark (4:16.08.3-2) unstable; urgency=medium
 .
   * Add new patch: Stop-running-executables-when-opening-urls.patch (CVE-2017-5330)
     Thanks to Salvatore Bonaccorso for reporting (Closes: 850874)
Checksums-Sha1:
 f2faa9741c382620460d46e05dc806d338edf66e 2709 ark_16.08.3-2.dsc
 9403875bc224c24eceaf3327b85fccba36857e68 7968 ark_16.08.3-2.debian.tar.xz
 ba4f25b142349014a3a284fdc4daf47c95fdd179 11871 ark_16.08.3-2_source.buildinfo
Checksums-Sha256:
 519d1b6547f3e056653174dbe1da58512588f2bd462f370adc4fbd540e9123b3 2709 ark_16.08.3-2.dsc
 5de7ca0021eff1a1aadace0ea985c388bd060f924af0d5aaa38f3a2593fcd80e 7968 ark_16.08.3-2.debian.tar.xz
 642dee3a297d1eac3631121cb6a8ad5cc61c28eb7a200496e0bb1821fa812db6 11871 ark_16.08.3-2_source.buildinfo
Files:
 6a5a531454dd96b7f9d8514617a60539 2709 kde optional ark_16.08.3-2.dsc
 9e1531880f08338487b6d490073149a3 7968 kde optional ark_16.08.3-2.debian.tar.xz
 862108aaf2853acacf1caf49e1102220 11871 kde optional ark_16.08.3-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE+JIdOnQEyG4RNSIVxxl2mbKbIyoFAlid3KIACgkQxxl2mbKb
Iyr9Ow//dAdqV83y9P5/QbqT9d3rMvmPfPinWZxC7k3hefxg4XFJR76r3ozVQ/ay
6Xgbg6ZGe/YGmFbCnN7jirYEtdx85Gc/yUbVQKFxfc0hhZSctUM4c8wJZSiY8K6C
W6BX2YAesVBzVjU6OAWWKGnIs6MNr8HUtIwOrDxPl8C1VByI0XW8QzQVh1I5mcAn
qHSnpt6E7mOhSHciTs8HFTzlCA2AdlIrffTmSw6NY2mI+tMj6DUITFC9/TfqviqE
bTKEUkDtqUk3Flvl3w/UsG8uq59yVx6y0WREROcPXuQCRBgzDYyfI4pS3Psihs1B
NcEQjE9BHMmxO7w43m4nCMMqTa3810tYgKszpbib7wTU72mrh+sHnoHWT7GNv3A6
7eA1IIlhOUfsMu4+6h2v3mJsrnu75KyUpp/wt2jBre19QssKPlwAwVYHVYyWgTAP
/f1CBcwTUSxzYvm3Yoj/ry7Ee0RRSvyb3ly57gWB578Vr9JGogOvNE5Rnf2MH7VE
W6mPjdnRDHAT5uWWE7z3U7helxxLufq2nrhHWyjprgVAnH7Xgm0O7HSUX3Y8YhgS
QY6cV1RaX1TP9NxYfgE3XDBFWYyMMD7BnI0kRwnqtqvj0kyU7Z0RsmpQcjlujF8z
hQL1GMYHlu3bNKedcuUuRuROaaL0+BNs4IKZRHsJA/nRYElb14g=
=5Oqi
-----END PGP SIGNATURE-----

--- End Message ---