Your message dated Sun, 13 Dec 2009 11:33:37 +0000
with message-id <e1njmhl-00023z...@ries.debian.org>
and subject line Bug#560901: fixed in expat 2.0.1-6
has caused the Debian Bug report #560901,
regarding expat: CVE-2009-3560
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
560901: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560901
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
package: expat
version: 1.95.8-3.4
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xpat.
CVE-2009-3560[0]:
| The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1,
| as used in the XML-Twig module for Perl, allows context-dependent
| attackers to cause a denial of service (application crash) via an XML
| document with malformed UTF-8 sequences that trigger a buffer
| over-read, related to the doProlog function in lib/xmlparse.c, a
| different vulnerability than CVE-2009-2625 and CVE-2009-3720.
I've checked etch and lenny. They are both affected by this issue.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560
http://security-tracker.debian.org/tracker/CVE-2009-3560
--- End Message ---
--- Begin Message ---
Source: expat
Source-Version: 2.0.1-6
We believe that the bug you reported is fixed in the latest version of
expat, which is due to be installed in the Debian FTP archive:
expat_2.0.1-6.diff.gz
to main/e/expat/expat_2.0.1-6.diff.gz
expat_2.0.1-6.dsc
to main/e/expat/expat_2.0.1-6.dsc
expat_2.0.1-6_amd64.deb
to main/e/expat/expat_2.0.1-6_amd64.deb
libexpat1-dev_2.0.1-6_amd64.deb
to main/e/expat/libexpat1-dev_2.0.1-6_amd64.deb
libexpat1-udeb_2.0.1-6_amd64.udeb
to main/e/expat/libexpat1-udeb_2.0.1-6_amd64.udeb
libexpat1_2.0.1-6_amd64.deb
to main/e/expat/libexpat1_2.0.1-6_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 560...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Leidert (dale) <daniel.leid...@wgdd.de> (supplier of updated expat
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 13 Dec 2009 12:06:07 +0100
Source: expat
Binary: lib64expat1-dev lib64expat1 libexpat1-dev libexpat1 libexpat1-udeb expat
Architecture: source amd64
Version: 2.0.1-6
Distribution: unstable
Urgency: medium
Maintainer: Debian XML/SGML Group <debian-xml-sgml-p...@lists.alioth.debian.org>
Changed-By: Daniel Leidert (dale) <daniel.leid...@wgdd.de>
Description:
expat - XML parsing C library - example application
lib64expat1 - XML parsing C library - runtime library (64bit)
lib64expat1-dev - XML parsing C library - development kit (64bit)
libexpat1 - XML parsing C library - runtime library
libexpat1-dev - XML parsing C library - development kit
libexpat1-udeb - XML parsing C library - runtime library (udeb)
Closes: 560901
Changes:
expat (2.0.1-6) unstable; urgency=medium
.
* debian/patches/560901_CVE_2009_3560.dpatch: Added.
- lib/xmlparse.c (doProlog): Fix DoS vulnerability CVE-2009-3560 (closes:
#560901).
* debian/patches/00list: Adjusted.
Checksums-Sha1:
6e7e832adf7bbbc80771583a947ad6e994176a20 1418 expat_2.0.1-6.dsc
dc4fa6bedbc10572d3f13d082cfb713cd2ca604a 134075 expat_2.0.1-6.diff.gz
d496e6f98a4c076180a100510e2b4e9f859db211 221202 libexpat1-dev_2.0.1-6_amd64.deb
76857cf5eb42fa33af6a44032de09ee09d6555a7 136964 libexpat1_2.0.1-6_amd64.deb
426d348dabbbd3639c8c97a4f6098fd35129f9cb 63070
libexpat1-udeb_2.0.1-6_amd64.udeb
1f276302eb6bc0c427a115a4c287e2daf4dad00f 23988 expat_2.0.1-6_amd64.deb
Checksums-Sha256:
af6374bc1957b81c37e74686eb3e3e45b59b4fbcb70d2e3951b40df805da4149 1418
expat_2.0.1-6.dsc
79de8139412de83cb6f14f4ff8e54c8956140b03b499b812072da0269d464a66 134075
expat_2.0.1-6.diff.gz
37557abe77fdb7be04343b464eb80b16dcc4f0ca00e91dea6c386880c36ce179 221202
libexpat1-dev_2.0.1-6_amd64.deb
2bdf49b5f3625fe5812c92b33c238c29cdbb1bbe1c9503d6d374d74ae4b586f9 136964
libexpat1_2.0.1-6_amd64.deb
7d402bd8558483827c28686ba969a16a6f26bf00b7832802568276a915ca6bc6 63070
libexpat1-udeb_2.0.1-6_amd64.udeb
81817ef38551c107c7ba1a4ac823a770180061bfa2e184e8a77f970ccad7f65e 23988
expat_2.0.1-6_amd64.deb
Files:
a23550b4fdc3660219880acab7981893 1418 text optional expat_2.0.1-6.dsc
ae75685589ea4179c07f7ad0a955bb42 134075 text optional expat_2.0.1-6.diff.gz
b742a7fc1a29e266c7ed179ba0f68364 221202 libdevel optional
libexpat1-dev_2.0.1-6_amd64.deb
a17c55e88c27f7c07d4cd2b7bf3945e4 136964 libs optional
libexpat1_2.0.1-6_amd64.deb
b8eb4c0217d238d5b2050c9006c0d919 63070 debian-installer extra
libexpat1-udeb_2.0.1-6_amd64.udeb
851f97fb13786fd4806cebc3c60a9573 23988 text optional expat_2.0.1-6_amd64.deb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksky64ACgkQm0bx+wiPa4wtBwCfWGa7xmYxVpYFg3+GCSPrcmiE
CksAoLGIxVHeEtbys+5dzIvQMnvd6a+N
=Sc/E
-----END PGP SIGNATURE-----
--- End Message ---
