Bug#661949: marked as done (libxml-atom-perl: security issue with external entities)

[Debian Bug Tracking System]

Your message dated Sun, 04 Mar 2012 22:32:08 +0000
with message-id <e1s4jyk-0006o0...@franck.debian.org>
and subject line Bug#661949: fixed in libxml-atom-perl 0.37-1+squeeze1
has caused the Debian Bug report #661949,
regarding libxml-atom-perl: security issue with external entities
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
661949: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661949
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libxml-atom-perl
Version: 0.37-1
Severity: important
Tags: security

XML::Atom 0.39 contains the following changelog entry:

0.39  2011.06.20
    * Disabled external entities and network to avoid possible security flaw 
(yannk)

Unfortunately no more details are readily available. As such, it's not
clear whether this is something which should be applied to squeeze,
but it probably warrants further investigation.

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)

--- End Message ---

--- Begin Message ---

Source: libxml-atom-perl
Source-Version: 0.37-1+squeeze1

We believe that the bug you reported is fixed in the latest version of
libxml-atom-perl, which is due to be installed in the Debian FTP archive:

libxml-atom-perl_0.37-1+squeeze1.debian.tar.gz
  to main/libx/libxml-atom-perl/libxml-atom-perl_0.37-1+squeeze1.debian.tar.gz
libxml-atom-perl_0.37-1+squeeze1.dsc
  to main/libx/libxml-atom-perl/libxml-atom-perl_0.37-1+squeeze1.dsc
libxml-atom-perl_0.37-1+squeeze1_all.deb
  to main/libx/libxml-atom-perl/libxml-atom-perl_0.37-1+squeeze1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 661...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dominic Hargreaves <d...@earth.li> (supplier of updated libxml-atom-perl 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 04 Mar 2012 15:40:37 +0000
Source: libxml-atom-perl
Binary: libxml-atom-perl
Architecture: source all
Version: 0.37-1+squeeze1
Distribution: stable-security
Urgency: low
Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org>
Changed-By: Dominic Hargreaves <d...@earth.li>
Description: 
 libxml-atom-perl - module for manipulating Atom feeds
Closes: 661949
Changes: 
 libxml-atom-perl (0.37-1+squeeze1) stable-security; urgency=low
 .
   * Switch to dpkg-source 3.0 (quilt) format
   * Security fix: disable external entities (Closes: #661949)
Checksums-Sha1: 
 09e8511bf67e8e1535db7ad11e1e2092b4c3faf4 1865 
libxml-atom-perl_0.37-1+squeeze1.dsc
 60aa3c636b32799af0f27c1c62377b4fc3b74114 62807 
libxml-atom-perl_0.37.orig.tar.gz
 ab79c19d3d6bf712240c62bf38bb1720938e6c31 5361 
libxml-atom-perl_0.37-1+squeeze1.debian.tar.gz
 79511a478616fc029c0853be45429ec40f5a0540 48148 
libxml-atom-perl_0.37-1+squeeze1_all.deb
Checksums-Sha256: 
 08cc11ed8c580de9a2ebb3ad758e6d88377340aa348db6163c5e980fe2987603 1865 
libxml-atom-perl_0.37-1+squeeze1.dsc
 57947e439afe10592531daec74d173b6eb1bccf70b539e9eb4479bcd82211c78 62807 
libxml-atom-perl_0.37.orig.tar.gz
 2fc967f5356dd3c3f0e822ac527785e8af020ece50250849f26b98e5c1a2102a 5361 
libxml-atom-perl_0.37-1+squeeze1.debian.tar.gz
 0cc05446fcbe4a1dab8f0230c1b90f05fdbe464fbfc7243a4e87fbd5c80aebf2 48148 
libxml-atom-perl_0.37-1+squeeze1_all.deb
Files: 
 f604ff3153faa5a13526bb2ddd42229f 1865 perl optional 
libxml-atom-perl_0.37-1+squeeze1.dsc
 f4cbbb2feb893d42893f000e90464842 62807 perl optional 
libxml-atom-perl_0.37.orig.tar.gz
 3e3888a3c64b493488ec5219d21e2eec 5361 perl optional 
libxml-atom-perl_0.37-1+squeeze1.debian.tar.gz
 62f598dae856615e874105cf14d8356a 48148 perl optional 
libxml-atom-perl_0.37-1+squeeze1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFPU40wYzuFKFF44qURAh4SAJ4jQxW2qxLdUdC0izjfdxya2RBffwCghQCu
J1zgkfvpituzCN8eQD5Br9g=
=kZSq
-----END PGP SIGNATURE-----

--- End Message ---