Your message dated Tue, 02 Oct 2012 17:32:35 +0000 with message-id <e1tj6kh-00050c...@franck.debian.org> and subject line Bug#689422: fixed in libxslt 1.1.26-14 has caused the Debian Bug report #689422, regarding libxslt: Three security issues to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 689422: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689422 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libxslt Severity: grave Tags: security patch Justification: user security hole The chrome developers found three security issues in libxslt: CVE-2012-2893: http://googlechromereleases.blogspot.de/2012/09/stable-channel-update_25.html Patch: http://git.gnome.org/browse/libxslt/commit/?id=54977ed7966847e305a2008cb18892df26eeb065 CVE-2012-2870: http://googlechromereleases.blogspot.in/2012/08/stable-channel-update_30.html Patches: http://git.gnome.org/browse/libxslt/commit/libxslt/pattern.c?id=8566ab4a10158d195adb5f1f61afe1ee8bfebd12 http://git.gnome.org/browse/libxslt/commit/libxslt/functions.c?id=4da0f7e207f14a03daad4663865c285eb27f93e9 http://git.gnome.org/browse/libxslt/commit/libexslt/functions.c?id=24653072221e76d2f1f06aa71225229b532f8946 http://git.gnome.org/browse/libxslt/commit/?id=1564b30e994602a95863d9716be83612580a2fed CVE-2012-2871: http://googlechromereleases.blogspot.in/2012/08/stable-channel-update_30.html Patch: http://git.gnome.org/browse/libxslt/commit/?id=937ba2a3eb42d288f53c8adc211bd1122869f0bf Can you please also prepare packages for stable-security? Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: libxslt Source-Version: 1.1.26-14 We believe that the bug you reported is fixed in the latest version of libxslt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 689...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aron Xu <a...@debian.org> (supplier of updated libxslt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 02 Oct 2012 23:53:39 +0800 Source: libxslt Binary: libxslt1.1 libxslt1-dev libxslt1-dbg xsltproc python-libxslt1 python-libxslt1-dbg Architecture: source amd64 Version: 1.1.26-14 Distribution: unstable Urgency: low Maintainer: Debian XML/SGML Group <debian-xml-sgml-p...@lists.alioth.debian.org> Changed-By: Aron Xu <a...@debian.org> Description: libxslt1-dbg - XSLT 1.0 processing library - debugging symbols libxslt1-dev - XSLT 1.0 processing library - development kit libxslt1.1 - XSLT 1.0 processing library - runtime library python-libxslt1 - Python bindings for libxslt1 python-libxslt1-dbg - Python bindings for libxslt1 (debug extension) xsltproc - XSLT 1.0 command line processor Closes: 689422 Changes: libxslt (1.1.26-14) unstable; urgency=low . * Patch to fix three CVEs (Closes: #689422): - CVE-2012-2870 by Daniel Veillard and Chris Evans - CVE-2012-2871 by Daniel Veillard - CVE-2012-2893 by Chris Evans Checksums-Sha1: 6beec4c09450c64bad073d65cba5ff27869a1c24 1970 libxslt_1.1.26-14.dsc 49231be189cae628e96a13275af6b9cf3107b28f 37851 libxslt_1.1.26-14.debian.tar.gz c061894556cf26cf2e65c9e3eabaf9164f9da9ed 253330 libxslt1.1_1.1.26-14_amd64.deb ee6dda8f4fb8c7bed74d0e4b1eac41203e2b9688 651078 libxslt1-dev_1.1.26-14_amd64.deb 383e8fe3f9b9f6b981c9c9b027244b22d58f300b 503204 libxslt1-dbg_1.1.26-14_amd64.deb af2055d367f461ff99a51e60c4a1bd0c3ccaa38e 116790 xsltproc_1.1.26-14_amd64.deb 69fe4b15d25970c73a155a86163f03cc684fc4b7 171472 python-libxslt1_1.1.26-14_amd64.deb 320dd9d603d405a2265b8f816571c71d6212980e 410756 python-libxslt1-dbg_1.1.26-14_amd64.deb Checksums-Sha256: e77009e62840eeb9f46319d9198bca9e0df74dc94690dffcc8e268e89da93c14 1970 libxslt_1.1.26-14.dsc 085fcf7edb0f929b5f189e9e77e50a0b3ea4f76dcdc4fad5889163bfc07802a3 37851 libxslt_1.1.26-14.debian.tar.gz 74389b29cec25e8dc068ffc6763a4afbcff516d0eeef4b76e85a2cea46b2d71f 253330 libxslt1.1_1.1.26-14_amd64.deb 4b543b0c0faeba3811775a1cec64801d2fe92ff358b318c2438d6952c60d53f9 651078 libxslt1-dev_1.1.26-14_amd64.deb d810b8487be15b12e4c96266b71cd4f4480a28e318bd65841f559af119d2a1d5 503204 libxslt1-dbg_1.1.26-14_amd64.deb b13479bdcf91731f5dd9bc07ca8640729014c2969a32a404dfae610656d97746 116790 xsltproc_1.1.26-14_amd64.deb 6110c78b69242128b9a36a3fa84ac32ad29ffa85d208ca5d9b2725cf91448b53 171472 python-libxslt1_1.1.26-14_amd64.deb 31bb7bdfdcb05ac392b5e9f2a02a69b491a5f11b06e375a6ad5ba4830299c442 410756 python-libxslt1-dbg_1.1.26-14_amd64.deb Files: 7ee74477da15abc287cfd191de5b70ae 1970 text optional libxslt_1.1.26-14.dsc 3cae538053d531be48cdd8971bc7946c 37851 text optional libxslt_1.1.26-14.debian.tar.gz 5f1b848f0ddfb7e98eebb3d88a85519b 253330 libs optional libxslt1.1_1.1.26-14_amd64.deb 8e67330a919e722b138cfeb03e631a28 651078 libdevel optional libxslt1-dev_1.1.26-14_amd64.deb de9180eaa64ab4cc3ba25fe4114659bf 503204 debug extra libxslt1-dbg_1.1.26-14_amd64.deb da925bfd79ec910a4d4e83123a10e891 116790 text optional xsltproc_1.1.26-14_amd64.deb 557a5f150a33ae6a9d1d714d0bdff054 171472 python optional python-libxslt1_1.1.26-14_amd64.deb 6422e2645e23705c823b295f31ad1892 410756 debug extra python-libxslt1-dbg_1.1.26-14_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBAgAGBQJQayGjAAoJEIAhAkTu07wNLuYIALeXWQziA09BHOFmOnyPx7sz hVEfcG8JWEzWy743uL/WChHj2jek/QzDoIrhYh3fBEbr0X352ugJ3LrzsOBMAFoG fbjLxSA7EINjjSYqf8dNYMcCyDI6SatMd9X6diFHmzY6jhjer8MFat5EjXEOarDl E3UGkyA5RCERPhwJupplHXQ4Kz7K17K5GUXNLO+5U+TJCLfuYGn/c9stSJbfLsws 7SL7E/Vj2q/bclzUMRLh69xvTOts+xlfaQQIycaLk7kGR/KhYlLuiebsL+SIRpkY H2b3yZPUtNtDqt5GkX9HAaaWLHVFE9RCoQQZmj1Hs6fzc21dk+FFGhB+1FHVQ4A= =gSVz -----END PGP SIGNATURE-----
--- End Message ---
