Your message dated Thu, 12 Jul 2012 22:47:15 +0000
with message-id <e1spsaf-0007m6...@franck.debian.org>
and subject line Bug#679283: fixed in libxslt 1.1.26-6+squeeze1
has caused the Debian Bug report #679283,
regarding CVE-2012-2825
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
679283: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679283
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libxslt
Severity: grave
Tags: security
The Chrome developers found a denial of service issue in the embedded copy of
libxslt, which has been assigned CVE-2012-2825:
http://googlechromereleases.blogspot.de/2012/06/stable-channel-update_26.html:
[$500] [127417] Medium CVE-2012-2825: Wild read in XSL handling. Credit to
Nicholas Gregoire.
This is fixed by the following commit:
http://git.chromium.org/gitweb/?p=chromium/src.git;a=patch;h=bb7bfb81c158268fb242292b7e0fbd2d3b933d09
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: libxslt
Source-Version: 1.1.26-6+squeeze1
We believe that the bug you reported is fixed in the latest version of
libxslt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 679...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aron Xu <a...@debian.org> (supplier of updated libxslt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 05 Jul 2012 11:31:18 +0800
Source: libxslt
Binary: libxslt1.1 libxslt1-dev libxslt1-dbg xsltproc python-libxslt1
python-libxslt1-dbg
Architecture: source amd64
Version: 1.1.26-6+squeeze1
Distribution: stable
Urgency: low
Maintainer: Debian XML/SGML Group <debian-xml-sgml-p...@lists.alioth.debian.org>
Changed-By: Aron Xu <a...@debian.org>
Description:
libxslt1-dbg - XSLT 1.0 processing library - debugging symbols
libxslt1-dev - XSLT 1.0 processing library - development kit
libxslt1.1 - XSLT 1.0 processing library - runtime library
python-libxslt1 - Python bindings for libxslt1
python-libxslt1-dbg - Python bindings for libxslt1 (debug extension)
xsltproc - XSLT 1.0 command line processor
Closes: 617413 660650 679283
Changes:
libxslt (1.1.26-6+squeeze1) stable; urgency=low
.
[ Daniel Veillard ]
* Fix generate-id() to not expose object addresses
CVE-2011-1202, Closes: #617413.
.
[ Abhishek Arya ]
* Fix some case of pattern parsing errors
CVE-2011-3970, Closes: #660650.
.
[ Chris Evans ]
* [PATCH] Fix crash with unexpected DTD nodes in XSLT.
CVE-2012-2825, Closes: #679283.
Checksums-Sha1:
8fc2d6dca4e40ab8ea3fee90a43d91db0281d1dd 1770 libxslt_1.1.26-6+squeeze1.dsc
badbf74a68958bbe35ae5c3ef80027645e40290c 92211
libxslt_1.1.26-6+squeeze1.diff.gz
011dab9e25dd8a4828a60e8eb43cb0c80864957a 247382
libxslt1.1_1.1.26-6+squeeze1_amd64.deb
6192f6b70263afe20f04cc3a771cc806758de76f 634310
libxslt1-dev_1.1.26-6+squeeze1_amd64.deb
37e667b74c89c1cbe0659312420faabcdeff5413 368756
libxslt1-dbg_1.1.26-6+squeeze1_amd64.deb
8b3b92b922515301f95ac852a5c976f3d9ca919d 114878
xsltproc_1.1.26-6+squeeze1_amd64.deb
2534205ee8bf5f122745fccbdc83cced891a3291 167766
python-libxslt1_1.1.26-6+squeeze1_amd64.deb
96de54ec71c94fcdc3cfc938aa713413db73b87c 371938
python-libxslt1-dbg_1.1.26-6+squeeze1_amd64.deb
Checksums-Sha256:
3e79189fcefbbf626d8629e864cdbf261f764cf32f9052026ff47ed636a7d1b3 1770
libxslt_1.1.26-6+squeeze1.dsc
3accd931ca30e8342fece1b6c706ba537defd2eae005f826488a7bdaea105648 92211
libxslt_1.1.26-6+squeeze1.diff.gz
8a780642d750eabf61d01e7d515f4c81757cbf373b97834cd783fb21d0dfbef8 247382
libxslt1.1_1.1.26-6+squeeze1_amd64.deb
af285b4cc24575ee5bcd906526a9d297a3e01a7541023d94d90893fae2f750fc 634310
libxslt1-dev_1.1.26-6+squeeze1_amd64.deb
836d752700e16008b5a66258f763e19980341caf0a1b2e3a7ec672d6cc704419 368756
libxslt1-dbg_1.1.26-6+squeeze1_amd64.deb
ce3a5da5bb7c8891d5e1a98d5a56a91b057edbdb995ffb8c8ad7991e4d32daaa 114878
xsltproc_1.1.26-6+squeeze1_amd64.deb
d8ca7151cd6760f1e538ccaad0e7259fb9883e4dc6c236637e991a9dd753888d 167766
python-libxslt1_1.1.26-6+squeeze1_amd64.deb
371b359da5b3ff052c6e533f7c4544e92682928d5080b1fd1b38e50379b8f276 371938
python-libxslt1-dbg_1.1.26-6+squeeze1_amd64.deb
Files:
028b01d96cc0718823102cd928f97409 1770 text optional
libxslt_1.1.26-6+squeeze1.dsc
5bac5ada3b045dea2c47750f35c77d5e 92211 text optional
libxslt_1.1.26-6+squeeze1.diff.gz
334845cea28e39d2968fe841bbef6c28 247382 libs optional
libxslt1.1_1.1.26-6+squeeze1_amd64.deb
8b45ef28e19a346f1f97129797822ec7 634310 libdevel optional
libxslt1-dev_1.1.26-6+squeeze1_amd64.deb
1b090ec5058e34c51f5810b85a2bc856 368756 debug extra
libxslt1-dbg_1.1.26-6+squeeze1_amd64.deb
18fdcdbe143ccb9a1f79443324858859 114878 text optional
xsltproc_1.1.26-6+squeeze1_amd64.deb
76e13bc9cd015c536c9778756e25e30e 167766 python optional
python-libxslt1_1.1.26-6+squeeze1_amd64.deb
46755b21c6733d8f622520312fc5a470 371938 debug extra
python-libxslt1-dbg_1.1.26-6+squeeze1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAEBAgAGBQJP98QdAAoJEIAhAkTu07wNJ+YH/0Hy74cFmf1K8Nzt6sv0b/Gx
3MyVikCO1j8nP6WPvHd62Su8wRE+4KhbzS8UflXSjVuA/7Nm8pE1/BtdX2o0TQHz
L6UVh/mDNMDg32R67ZhbKEwh/mp+28lndK+X24+1lI2MexUQC7Hk8BWchL2jW/kK
WaYoa2aGmhhU0FdfcfZHaR75DxcaH/V7YZnIvkcJkuDUUmECM71PVkB2/kEdcRzW
m0NjVAHaPrg/HT82mQNJBcHFvpmNVt6tbQs8tkvV5YdOhRC2tRi/2tIgU/Ax4TtR
NGIYGB1bn7x+GWNyfBjAOSvew7MGyAwSm4+lys54UHrsTZuFg6Ondaku6n8qUPE=
=31ET
-----END PGP SIGNATURE-----
--- End Message ---
