Article <FPMcF-1BqI-1@gated-at.bofh.it>

Deutsch English Français Italiano
<FPMcF-1BqI-1@gated-at.bofh.it>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: ...!news.mixmin.net!aioe.org!bofh.it!news.nic.it!robomod
From: Markus Koschany <apo@debian.org>
Newsgroups: linux.debian.announce.security
Subject: [SECURITY] [DSA 5323-1] libitext5-java security update
Date: Fri, 20 Jan 2023 00:10:01 +0100
Message-ID: <FPMcF-1BqI-1@gated-at.bofh.it>
X-Original-To: debian-security-announce@lists.debian.org
X-Mailbox-Line: From debian-security-announce-request@lists.debian.org  Thu Jan 19 23:00:13 2023
Old-Return-Path: <apo@seger.debian.org>
X-Amavis-Spam-Status: No, score=-113.391 tagged_above=-10000 required=5.3
	tests=[BAYES_00=-2, DIGITS_LETTERS=1, DKIMWL_WL_HIGH=-0.001,
	DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	DKIM_VALID_EF=-0.1, FOURLA=0.1, FVGT_m_MULTI_ODD=0.02,
	LDO_WHITELIST=-5, PGPSIGNATURE=-5, RCVD_IN_DNSWL_MED=-2.3,
	USER_IN_DKIM_WELCOMELIST=-0.01, USER_IN_DKIM_WHITELIST=-100]
	autolearn=ham autolearn_force=no
Old-Dkim-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org;
	s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date
	:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description:
	In-Reply-To:References; bh=HeU+lNw2t5FzbO9YxCsohV5po/ses8ZdaeP72oC3nGc=; b=mv
	jkGZuq6tAgmKKwnY8Af6tisWs+QMpid1vZTZE7PpunTLMNPjC/FKkp3C0dxt3PrxPnfQgNSCqyR8P
	0XKxb/5iNuFpbvvw4LXC5aoEEpi19ezs+0x3VYOK1CsMSiJIIm3kuMyx4iJmEYIlGRKXmiyOP1VK3
	I8l+FvLaSX8JTJgZvhvxdnoUo1LOc/Q0vGkpbBk7AACUaXpJ4ihg29oFFCCkYrIvWA1vHe/ulKmAn
	mrxVeTuMLif6RLvBGbw27O6P38aossQOurRXZx/tf6jGjrbUMOyND/kbuZZ5uEz3+MSmenbxBWESF
	Opa5HAWVh/F8uXJ4JfD5UmI+zDOoBuug==;
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Debian: PGP check passed for security officers
Priority: urgent
X-Debian: PGP check passed for security officers
Reply-To: debian-security-announce-request@lists.debian.org
X-Mailing-List: <debian-security-announce@lists.debian.org> archive/latest/4223
List-ID: <debian-security-announce.lists.debian.org>
List-URL: <http://lists.debian.org/debian-security-announce/>
List-Archive: https://lists.debian.org/msgid-search/Y8nHgZhHXlljuifS@seger.debian.org
Approved: robomod@news.nic.it
Lines: 49
Organization: linux.* mail to news gateway
Sender: robomod@news.nic.it
X-Original-Date: Thu, 19 Jan 2023 22:43:13 +0000
X-Original-Message-ID: <Y8nHgZhHXlljuifS@seger.debian.org>
Bytes: 4700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5323-1                   security@debian.org
https://www.debian.org/security/                          Markus Koschany
January 19, 2023                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libitext5-java
CVE ID         : CVE-2021-43113
Debian Bug     : 1014597

It was discovered that the CompareTool of iText, a Java PDF library which uses
the external ghostscript software to compare PDFs at a pixel level, allowed
command injection when parsing a specially crafted filename.

For the stable distribution (bullseye), this problem has been fixed in
version 5.5.13.2-1+deb11u1.

We recommend that you upgrade your libitext5-java packages.

For the detailed security status of libitext5-java please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libitext5-java

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmPJxhlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSSQw//dNjqrUajjV4/7uztzOajIWwBM7Ra3PNl3Up9jaZJaKdhdBAtDT4qRjK+
lVx9CNojQplJQ6k4N3Yzq0Ose3HozR99+bj2J/MC8+skq8LpChDzKCVdVww9To9T
XxWaHWHlxSyn9j8nZTvbBAiQcr/KdZFuivFlLtmiLKG0n0S/Czp3YEwYcmv27LbS
CehfmOjxpgbLOWGScqQqk9e3aisQ7twMIVU1ED3rKDsjqSHOkxEq9ZZo04TRxGnf
okue6KYTizeQq396mzLPd8HlFzTJGDjMqokyrNYBPxFZqPVXm40GSyZiA2OEXcba
Txikx6+XSi/yqngVZxa9gZPL1ATCNaPoJh+n/4eLczHXm90MZ7JWHe8AIGV4mA5i
W3olP4blcyRcS10bxwR/qwNikrr0j7PSLv/SP6T/p+ZUzpBXcV9+tPPfzAQ/Wsjd
9h/fuPiAdA06OBe0r9hXwO6hX6bxCVVwK6gA8vzCY84kgQp8HUXa6RBSxy/xbfFE
GqQW1VToiOOL4IhMY7Pl/4NAaUJUxc4kbpFh2Y8BKytPAivk+DfZGpfsGxP+QXYR
5l7nfnIS+j6+F/wL77cxaCGgF7NgH9YuRYQypstHRDrAqGbA97ZE2bAfBX/9TpIG
eyqG9sE+rrCbcm/dDr7be31f5TVQ4XmV4gZSE5iw7x5tg+1Wj9c=
=Z8P9
-----END PGP SIGNATURE-----