it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Markus Koschany <apo AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5323-1] libitext5-java security update
- Date: Thu, 19 Jan 2023 22:43:13 +0000
- Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
- List-archive: https://lists.debian.org/msgid-search/Y8nHgZhHXlljuifS AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=HeU+lNw2t5FzbO9YxCsohV5po/ses8ZdaeP72oC3nGc=; b=mv jkGZuq6tAgmKKwnY8Af6tisWs+QMpid1vZTZE7PpunTLMNPjC/FKkp3C0dxt3PrxPnfQgNSCqyR8P 0XKxb/5iNuFpbvvw4LXC5aoEEpi19ezs+0x3VYOK1CsMSiJIIm3kuMyx4iJmEYIlGRKXmiyOP1VK3 I8l+FvLaSX8JTJgZvhvxdnoUo1LOc/Q0vGkpbBk7AACUaXpJ4ihg29oFFCCkYrIvWA1vHe/ulKmAn mrxVeTuMLif6RLvBGbw27O6P38aossQOurRXZx/tf6jGjrbUMOyND/kbuZZ5uEz3+MSmenbxBWESF Opa5HAWVh/F8uXJ4JfD5UmI+zDOoBuug==;
- Old-return-path: <apo AT seger.debian.org>
- Priority: urgent
- Resent-date: Thu, 19 Jan 2023 23:00:13 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <j0Zz4_E3R5H.A.H3E.9tcyjB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5323-1 security AT debian.org
https://www.debian.org/security/ Markus Koschany
January 19, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : libitext5-java
CVE ID : CVE-2021-43113
Debian Bug : 1014597
It was discovered that the CompareTool of iText, a Java PDF library which uses
the external ghostscript software to compare PDFs at a pixel level, allowed
command injection when parsing a specially crafted filename.
For the stable distribution (bullseye), this problem has been fixed in
version 5.5.13.2-1+deb11u1.
We recommend that you upgrade your libitext5-java packages.
For the detailed security status of libitext5-java please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libitext5-java
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmPJxhlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSSQw//dNjqrUajjV4/7uztzOajIWwBM7Ra3PNl3Up9jaZJaKdhdBAtDT4qRjK+
lVx9CNojQplJQ6k4N3Yzq0Ose3HozR99+bj2J/MC8+skq8LpChDzKCVdVww9To9T
XxWaHWHlxSyn9j8nZTvbBAiQcr/KdZFuivFlLtmiLKG0n0S/Czp3YEwYcmv27LbS
CehfmOjxpgbLOWGScqQqk9e3aisQ7twMIVU1ED3rKDsjqSHOkxEq9ZZo04TRxGnf
okue6KYTizeQq396mzLPd8HlFzTJGDjMqokyrNYBPxFZqPVXm40GSyZiA2OEXcba
Txikx6+XSi/yqngVZxa9gZPL1ATCNaPoJh+n/4eLczHXm90MZ7JWHe8AIGV4mA5i
W3olP4blcyRcS10bxwR/qwNikrr0j7PSLv/SP6T/p+ZUzpBXcV9+tPPfzAQ/Wsjd
9h/fuPiAdA06OBe0r9hXwO6hX6bxCVVwK6gA8vzCY84kgQp8HUXa6RBSxy/xbfFE
GqQW1VToiOOL4IhMY7Pl/4NAaUJUxc4kbpFh2Y8BKytPAivk+DfZGpfsGxP+QXYR
5l7nfnIS+j6+F/wL77cxaCGgF7NgH9YuRYQypstHRDrAqGbA97ZE2bAfBX/9TpIG
eyqG9sE+rrCbcm/dDr7be31f5TVQ4XmV4gZSE5iw7x5tg+1Wj9c=
=Z8P9
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5323-1] libitext5-java security update, Markus Koschany, 20.01.2023
Archiv bereitgestellt durch MHonArc 2.6.24.