Your message dated Sun, 03 Aug 2008 07:32:05 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#493162: fixed in libxslt 1.1.24-2
has caused the Debian Bug report #493162,
regarding libxslt1.1: buffer overflow [CVE-2008-2935]
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
493162: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493162
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: libxslt1.1
Version: 1.1.24-1
Severity: grave
Tags: security
According to DSA 1624-1:
Chris Evans discovered that a buffer overflow in the RC4 functions of
libexslt may lead to the execution of arbitrary code.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libxslt1.1 depends on:
ii libc6 2.7-13 GNU C Library: Shared libraries
ii libgcrypt11 1.4.1-1 LGPL Crypto library - runtime libr
ii libxml2 2.6.32.dfsg-2 GNOME XML library
libxslt1.1 recommends no packages.
libxslt1.1 suggests no packages.
-- no debconf information
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only
troff on top of XML: http://crustytoothpaste.ath.cx/~bmc/code/thwack
OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: libxslt
Source-Version: 1.1.24-2
We believe that the bug you reported is fixed in the latest version of
libxslt, which is due to be installed in the Debian FTP archive:
libxslt1-dbg_1.1.24-2_amd64.deb
to pool/main/libx/libxslt/libxslt1-dbg_1.1.24-2_amd64.deb
libxslt1-dev_1.1.24-2_amd64.deb
to pool/main/libx/libxslt/libxslt1-dev_1.1.24-2_amd64.deb
libxslt1.1_1.1.24-2_amd64.deb
to pool/main/libx/libxslt/libxslt1.1_1.1.24-2_amd64.deb
libxslt_1.1.24-2.diff.gz
to pool/main/libx/libxslt/libxslt_1.1.24-2.diff.gz
libxslt_1.1.24-2.dsc
to pool/main/libx/libxslt/libxslt_1.1.24-2.dsc
python-libxslt1_1.1.24-2_amd64.deb
to pool/main/libx/libxslt/python-libxslt1_1.1.24-2_amd64.deb
xsltproc_1.1.24-2_amd64.deb
to pool/main/libx/libxslt/xsltproc_1.1.24-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mike Hommey <[EMAIL PROTECTED]> (supplier of updated libxslt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 03 Aug 2008 09:03:42 +0200
Source: libxslt
Binary: libxslt1.1 libxslt1-dev libxslt1-dbg xsltproc python-libxslt1
Architecture: source amd64
Version: 1.1.24-2
Distribution: unstable
Urgency: high
Maintainer: Debian XML/SGML Group <[EMAIL PROTECTED]>
Changed-By: Mike Hommey <[EMAIL PROTECTED]>
Description:
libxslt1-dbg - XSLT processing library - debugging symbols
libxslt1-dev - XSLT processing library - development kit
libxslt1.1 - XSLT processing library - runtime library
python-libxslt1 - Python bindings for libxslt1
xsltproc - XSLT command line processor
Closes: 493162
Changes:
libxslt (1.1.24-2) unstable; urgency=high
.
* libexslt/crypto.c: Apply upstream fix for CVE-2008-2935. Closes: #493162.
Checksums-Sha1:
3db0e9c552e7348403d33db064e17a238c9e184a 1232 libxslt_1.1.24-2.dsc
72607bab3e3c2c800e486fe33d4e982d48090dba 75826 libxslt_1.1.24-2.diff.gz
40386cbd706bdeedb5e6402f16240c63600f8d32 237372 libxslt1.1_1.1.24-2_amd64.deb
1d8236f11aa5e092c1a2c37fd7cc54bac79ed3c1 645604 libxslt1-dev_1.1.24-2_amd64.deb
7faf50ba3f8005c10404c03c9061dd28c017d954 368028 libxslt1-dbg_1.1.24-2_amd64.deb
87342d4c95b09f5be6cf303e714cff165aea1fe5 111620 xsltproc_1.1.24-2_amd64.deb
1e18169d081ba46a160db15f0883b2c59ec8d5cd 164688
python-libxslt1_1.1.24-2_amd64.deb
Checksums-Sha256:
0e757bf6a46f671a5d121707fab5098976ddd932f612e63ec02ab686c3b26978 1232
libxslt_1.1.24-2.dsc
92e8cc530ce1aa1bdce3087c9190e6b1326a473b021516ec79b473785e73d9cd 75826
libxslt_1.1.24-2.diff.gz
504340bbcdd4d0c43ea5f6374cc4f466f6a63431e493fbd60de4037408303eb3 237372
libxslt1.1_1.1.24-2_amd64.deb
f68a93c97a57e193033061dd0da67bf6e713ff59b003e400fcb8d2e508fec6a9 645604
libxslt1-dev_1.1.24-2_amd64.deb
4a3e479c81250ed664f3c982a189a0fa5707a3f5a656dd04941bed0e3e52900a 368028
libxslt1-dbg_1.1.24-2_amd64.deb
e7df3f017604bebb822d86e97714391a1498861033f402a5cfa71502a1a6500b 111620
xsltproc_1.1.24-2_amd64.deb
1da28769b09fa9247e0d34ef101e4572b3000360919d65d3bb9a978668b5497e 164688
python-libxslt1_1.1.24-2_amd64.deb
Files:
11fe9a2590b41cb184ff9498bb79d23a 1232 text optional libxslt_1.1.24-2.dsc
d78aab20d0206a90d30c65beead53d9e 75826 text optional libxslt_1.1.24-2.diff.gz
eb108d285293804f989b269a182968f1 237372 libs optional
libxslt1.1_1.1.24-2_amd64.deb
c34e264e540c103f170884428ffcb571 645604 libdevel optional
libxslt1-dev_1.1.24-2_amd64.deb
296b16b0a317bb3780be88fe32187a7c 368028 libdevel extra
libxslt1-dbg_1.1.24-2_amd64.deb
ade4dd2d638cddf03a1dd1f7b3136999 111620 text optional
xsltproc_1.1.24-2_amd64.deb
a841a1d044464122c9c9cccde8dd017f 164688 python optional
python-libxslt1_1.1.24-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIlVrM3kvaLFT9KlgRAqMlAJkBEDZZQcpojDc1IMVLBw/mzSW0ugCfdviY
wuke6pKVDSqW5HmfzgOYIFU=
=R22p
-----END PGP SIGNATURE-----
--- End Message ---
