Bug#679280: marked as done (CVE-2012-2807)

Sun, 22 Jul 2012 06:06:25 -0700 

Your message dated Sun, 22 Jul 2012 13:03:28 +0000
with message-id <e1ssvom-0001ix...@franck.debian.org>
and subject line Bug#679280: fixed in libxml2 2.8.0+dfsg1-5
has caused the Debian Bug report #679280,
regarding CVE-2012-2807
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
679280: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679280
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: libxml2
Severity: grave
Tags: security

The Chrome developers found an integer overflow in the embedded copy of
libxml, which has been assigned CVE-2012-2807:

http://googlechromereleases.blogspot.de/2012/06/stable-channel-update_26.html:

[64-bit Linux only] [$3000] [129930] High CVE-2012-2807: Integer overflows in 
libxml. Credit to Jüri Aedla.

This is fixed by the following commit:
http://git.chromium.org/gitweb/?p=chromium/src.git;a=patch;h=f183580d61c054f7f6bb35cfe29e1b342390fbeb

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: libxml2
Source-Version: 2.8.0+dfsg1-5

We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 679...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aron Xu <a...@debian.org> (supplier of updated libxml2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 19 Jul 2012 17:11:09 +0800
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg 
libxml2-doc python-libxml2 python-libxml2-dbg
Architecture: source amd64 all
Version: 2.8.0+dfsg1-5
Distribution: unstable
Urgency: low
Maintainer: Debian XML/SGML Group <debian-xml-sgml-p...@lists.alioth.debian.org>
Changed-By: Aron Xu <a...@debian.org>
Description: 
 libxml2    - GNOME XML library
 libxml2-dbg - Debugging symbols for the GNOME XML library
 libxml2-dev - Development files for the GNOME XML library
 libxml2-doc - Documentation for the GNOME XML library
 libxml2-utils - XML utilities
 libxml2-utils-dbg - XML utilities (debug extension)
 python-libxml2 - Python bindings for the GNOME XML library
 python-libxml2-dbg - Python bindings for the GNOME XML library (debug 
extension)
Closes: 679280
Changes: 
 libxml2 (2.8.0+dfsg1-5) unstable; urgency=low
 .
   [ Daniel Veillard ]
   * Fix parser local buffers size problems
   * Fix entities local buffers size problems
   CVE-2012-2807, Closes: #679280.
Checksums-Sha1: 
 71dcc1997232c10ca140876d31990f07bfe795ae 2137 libxml2_2.8.0+dfsg1-5.dsc
 cfa3607971766c1fad0a4093156ee4ef175eadba 31732 
libxml2_2.8.0+dfsg1-5.debian.tar.gz
 a1eeb90cdf0c12ec618451857c47191690186438 902868 libxml2_2.8.0+dfsg1-5_amd64.deb
 42962cf2d53a4eeee3f95dbfdad31db747ca3a13 96084 
libxml2-utils_2.8.0+dfsg1-5_amd64.deb
 b2bce6fa1eecff4e29db9ac59b4141ee36644d09 126608 
libxml2-utils-dbg_2.8.0+dfsg1-5_amd64.deb
 76e3476dce56a327a73c11c86746e996ef7cc5c2 899162 
libxml2-dev_2.8.0+dfsg1-5_amd64.deb
 48a58bb74c124a2e1b5d6d8655a40283b8f61676 1399146 
libxml2-dbg_2.8.0+dfsg1-5_amd64.deb
 a37fae7cf64e97979bc125c88ec3e5d06e4f72ff 1355630 
libxml2-doc_2.8.0+dfsg1-5_all.deb
 70ca8272af9813bf9dbf1a189b488c0f7369e3c1 345030 
python-libxml2_2.8.0+dfsg1-5_amd64.deb
 96e4c8425108396971dadd6dc3a6855cfdf013ed 726816 
python-libxml2-dbg_2.8.0+dfsg1-5_amd64.deb
Checksums-Sha256: 
 1f4587ad5ee32eea2b1bf02ed6ff27da885a00a7083d815e20c4e31fc61bfedf 2137 
libxml2_2.8.0+dfsg1-5.dsc
 3fe8bc675b88322758ee2aea12a96c1831bce234dfa79ca6840e57497d6c2bcc 31732 
libxml2_2.8.0+dfsg1-5.debian.tar.gz
 739972eaeccf9eb619b3dc06f9f35abdef305c2b2ff214e2ec77efd8dd9837f5 902868 
libxml2_2.8.0+dfsg1-5_amd64.deb
 48c50f600627277c75b8d20e6e080214f75e744bfa3048977335914a02f72c6b 96084 
libxml2-utils_2.8.0+dfsg1-5_amd64.deb
 76b510b145a4fe3333d9586c1c911cb0de43c2fa4889ee797768d2dbab653942 126608 
libxml2-utils-dbg_2.8.0+dfsg1-5_amd64.deb
 98caadd25e99b5a729c93e2a9ccaa37599b782ef0d50b8d4008a7b294d5534b3 899162 
libxml2-dev_2.8.0+dfsg1-5_amd64.deb
 a55c755e50c0efc2ca2499d4317416c732c2c6e8fac5d7695660c583bb71883f 1399146 
libxml2-dbg_2.8.0+dfsg1-5_amd64.deb
 617091a8d44720b014b1a3f1a3c8e4897fad48a790098df49cf707bc4bc38993 1355630 
libxml2-doc_2.8.0+dfsg1-5_all.deb
 1e5cb8ddb0135e7fdc6dffba1d2e0378a26cb0f7f1f24ee3ea5bf92fd8c3402c 345030 
python-libxml2_2.8.0+dfsg1-5_amd64.deb
 d826dea66276dc28d2154472a4c879cef24359d3c0ed9e0be55915636b0bae8c 726816 
python-libxml2-dbg_2.8.0+dfsg1-5_amd64.deb
Files: 
 66757617254ab03ec422ca07c6f3c904 2137 libs optional libxml2_2.8.0+dfsg1-5.dsc
 0951506ff8342e74c3fe3333ee0c1f65 31732 libs optional 
libxml2_2.8.0+dfsg1-5.debian.tar.gz
 21808c80ed12de76a24312819c342653 902868 libs standard 
libxml2_2.8.0+dfsg1-5_amd64.deb
 3c13a96d37b392367425147671cc38b6 96084 text optional 
libxml2-utils_2.8.0+dfsg1-5_amd64.deb
 bd94bd3799b70c634986372b2a5d03bd 126608 debug extra 
libxml2-utils-dbg_2.8.0+dfsg1-5_amd64.deb
 b03baf01273c79ecc838e67ba44a71d0 899162 libdevel optional 
libxml2-dev_2.8.0+dfsg1-5_amd64.deb
 170b55c029490df6aa763a299986f94a 1399146 debug extra 
libxml2-dbg_2.8.0+dfsg1-5_amd64.deb
 c29bbe8abdb9835b0997b93a5254bedd 1355630 doc optional 
libxml2-doc_2.8.0+dfsg1-5_all.deb
 33ebf550b18cdbd81f6d78edfe7ea452 345030 python optional 
python-libxml2_2.8.0+dfsg1-5_amd64.deb
 208712f77d5a0fdc9cc45fd17c3b6471 726816 debug extra 
python-libxml2-dbg_2.8.0+dfsg1-5_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAEBAgAGBQJQC/iOAAoJEIAhAkTu07wNWo0H/3VS3dafoIKuMWDjzDSfam6Z
CGgrgMFTWKdpW3zreX1NO8W5vLeIt224wflCSjiycpeL/kpvoaBDrBKuS4l4XXAw
Hpl2C05ZkeArOatsZALHnxl6d/8AzTvVclsQdF/siv2I8uwO6bKrsXYQDSQL1MIH
RYqO/xe5sipweuJFGW0wlrWjaQZ0nzpc63nesMgLiOnnwTZgasoUFyI5zHNrd13o
SsvxfXDy0YJAXRzgSD9ZV1cR63k8f1iaMEJFAsqKrESQmb/yAhu5SRzuaPNBziid
i6Ev++4tUz+PXfrBODSg7za16ZuorNZV+h279LFPD5AIQiL9QZ73hi37/SvuDG8=
=n00+
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to