Bug#663579: marked as done (Three security issues)

Debian Bug Tracking System Tue, 20 Mar 2012 14:51:29 -0700

Your message dated Tue, 20 Mar 2012 21:47:15 +0000
with message-id <e1sa6tf-0002xh...@franck.debian.org>
and subject line Bug#663579: fixed in expat 2.1.0~beta3-1
has caused the Debian Bug report #663579,
regarding Three security issues
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
663579: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663579
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libexpat1
Severity: grave
Tags: security

Three denial of service issues have been discovered in Expat:

#2895533: CVE-2012-1147 - Resource leak in readfilemap.c.
http://mail.python.org/pipermail/expat-bugs/2009-November/002858.html
http://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127
https://bugzilla.redhat.com/show_bug.cgi?id=801634

#2958794: CVE-2012-1148 - Memory leak in poolGrow.
http://mail.python.org/pipermail/expat-bugs/2010-February/002870.html
http://sourceforge.net/tracker/?func=detail&atid=110127&aid=2958794&group_id=10127
https://bugzilla.redhat.com/show_bug.cgi?id=801648

#3496608: CVE-2012-0876 - Hash DOS attack.
http://blog.gmane.org/gmane.text.xml.expat.bugs/month=20120301
http://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127
https://bugzilla.redhat.com/show_bug.cgi?id=786617

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: expat
Source-Version: 2.1.0~beta3-1

We believe that the bug you reported is fixed in the latest version of
expat, which is due to be installed in the Debian FTP archive:

expat_2.1.0~beta3-1.debian.tar.gz
  to main/e/expat/expat_2.1.0~beta3-1.debian.tar.gz
expat_2.1.0~beta3-1.dsc
  to main/e/expat/expat_2.1.0~beta3-1.dsc
expat_2.1.0~beta3-1_amd64.deb
  to main/e/expat/expat_2.1.0~beta3-1_amd64.deb
expat_2.1.0~beta3.orig.tar.gz
  to main/e/expat/expat_2.1.0~beta3.orig.tar.gz
libexpat1-dev_2.1.0~beta3-1_amd64.deb
  to main/e/expat/libexpat1-dev_2.1.0~beta3-1_amd64.deb
libexpat1-udeb_2.1.0~beta3-1_amd64.udeb
  to main/e/expat/libexpat1-udeb_2.1.0~beta3-1_amd64.udeb
libexpat1_2.1.0~beta3-1_amd64.deb
  to main/e/expat/libexpat1_2.1.0~beta3-1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 663...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthias Klose <d...@debian.org> (supplier of updated expat package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 20 Mar 2012 22:37:22 +0100
Source: expat
Binary: lib64expat1-dev lib64expat1 libexpat1-dev libexpat1 libexpat1-udeb expat
Architecture: source amd64
Version: 2.1.0~beta3-1
Distribution: unstable
Urgency: low
Maintainer: Debian XML/SGML Group <debian-xml-sgml-p...@lists.alioth.debian.org>
Changed-By: Matthias Klose <d...@debian.org>
Description: 
 expat      - XML parsing C library - example application
 lib64expat1 - XML parsing C library - runtime library (64bit)
 lib64expat1-dev - XML parsing C library - development kit (64bit)
 libexpat1  - XML parsing C library - runtime library
 libexpat1-dev - XML parsing C library - development kit
 libexpat1-udeb - XML parsing C library - runtime library (udeb)
Closes: 653526 663579
Changes: 
 expat (2.1.0~beta3-1) unstable; urgency=low
 .
   * QA upload.
   * Beta release 2.1.0 beta3. Closes: #663579.
     - CVE-2012-1147 - Resource leak in readfilemap.c.
     - CVE-2012-1148 - Memory leak in poolGrow.
     - CVE-2012-0876 - Hash DOS attack.
     - Remove patches applied upstream.
   * Remove Daniel from uploaders (orphaned package).
   * Update package format to 3.0.
   * Enable hardened build. Closes: #653526.
   * Add a symbols file.
   * Install expat pkgconfig file.
Checksums-Sha1: 
 fd32acbb0e95acbf053fc923bb82a9e818d8ad90 1668 expat_2.1.0~beta3-1.dsc
 956e05916d4840c46ca9f5377a01b13cafc4b510 562612 expat_2.1.0~beta3.orig.tar.gz
 e9b43a6ceaa29cb4f67f993b28479947be530821 11215 
expat_2.1.0~beta3-1.debian.tar.gz
 3bf346aaa2f70e47db98c3a9ef116ead2482e869 228726 
libexpat1-dev_2.1.0~beta3-1_amd64.deb
 955a8f3b96d0ca9605394a136789f76f2d7a9852 141224 
libexpat1_2.1.0~beta3-1_amd64.deb
 d14b3cfa1fdbdbdb0fb3c389e0c3f2f629ba196f 64002 
libexpat1-udeb_2.1.0~beta3-1_amd64.udeb
 3feec5019c797f7f6b5bbf69575bff0a99b804a2 25528 expat_2.1.0~beta3-1_amd64.deb
Checksums-Sha256: 
 0fab203660ce7a428700f8c73c3a454bd642db8bfe2952d012533a0db63941d0 1668 
expat_2.1.0~beta3-1.dsc
 69d2ec90d46b1308ffd2f4e8f2f269124951f9c12314d422df8f47fe315f2aa6 562612 
expat_2.1.0~beta3.orig.tar.gz
 2c86348cf039984fc36fcd5b04f3b0f4a257a68241434838f764be3ad1eb66ee 11215 
expat_2.1.0~beta3-1.debian.tar.gz
 4984da0f180fbbdbf615b67e21a4f2a5fb39d108d375898433e7d53c5a497033 228726 
libexpat1-dev_2.1.0~beta3-1_amd64.deb
 08a351bc8a931dfd325ac3ffe92c127131915b16b9aec0e2e33ee6dbd65c4235 141224 
libexpat1_2.1.0~beta3-1_amd64.deb
 2e02b506972ba43a931f801b1bb89256d367b576a5e2eb68597d5db0627c81a4 64002 
libexpat1-udeb_2.1.0~beta3-1_amd64.udeb
 eb0ae403c854463b00e374abc25e69944a19c47e07ab6d591c38fc60bee32f5c 25528 
expat_2.1.0~beta3-1_amd64.deb
Files: 
 653907dadc72958e6044fb26b39d0c57 1668 text optional expat_2.1.0~beta3-1.dsc
 34ef793d4eafd96af6df4d96b134c95f 562612 text optional 
expat_2.1.0~beta3.orig.tar.gz
 1acb619c3e2a06ba83605ba7e5a56ca7 11215 text optional 
expat_2.1.0~beta3-1.debian.tar.gz
 c5cae281d86419635f8ac9daa35f6a53 228726 libdevel optional 
libexpat1-dev_2.1.0~beta3-1_amd64.deb
 acab14c4164040a875a0fb6241d4f1a6 141224 libs optional 
libexpat1_2.1.0~beta3-1_amd64.deb
 dd8873906b6c9c707763146e75b46db9 64002 debian-installer extra 
libexpat1-udeb_2.1.0~beta3-1_amd64.udeb
 bb7efb5076f347988e47e91ba4270754 25528 text optional 
expat_2.1.0~beta3-1_amd64.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk9o+RYACgkQStlRaw+TLJwhLgCggrLHnCPeqaL8pHPtxy7C4Sis
TTIAoLGLCGaZY8fAiRehATuSbRIPc1XU
=8V/k
-----END PGP SIGNATURE-----

--- End Message ---

Bug#663579: marked as done (Three security issues)

Reply via email to