Your message dated Fri, 12 Oct 2012 14:48:25 +0000 with message-id <e1tmgxj-0005b8...@franck.debian.org> and subject line Bug#689422: fixed in libxslt 1.1.26-6+squeeze2 has caused the Debian Bug report #689422, regarding libxslt: Three security issues to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 689422: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689422 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libxslt Severity: grave Tags: security patch Justification: user security hole The chrome developers found three security issues in libxslt: CVE-2012-2893: http://googlechromereleases.blogspot.de/2012/09/stable-channel-update_25.html Patch: http://git.gnome.org/browse/libxslt/commit/?id=54977ed7966847e305a2008cb18892df26eeb065 CVE-2012-2870: http://googlechromereleases.blogspot.in/2012/08/stable-channel-update_30.html Patches: http://git.gnome.org/browse/libxslt/commit/libxslt/pattern.c?id=8566ab4a10158d195adb5f1f61afe1ee8bfebd12 http://git.gnome.org/browse/libxslt/commit/libxslt/functions.c?id=4da0f7e207f14a03daad4663865c285eb27f93e9 http://git.gnome.org/browse/libxslt/commit/libexslt/functions.c?id=24653072221e76d2f1f06aa71225229b532f8946 http://git.gnome.org/browse/libxslt/commit/?id=1564b30e994602a95863d9716be83612580a2fed CVE-2012-2871: http://googlechromereleases.blogspot.in/2012/08/stable-channel-update_30.html Patch: http://git.gnome.org/browse/libxslt/commit/?id=937ba2a3eb42d288f53c8adc211bd1122869f0bf Can you please also prepare packages for stable-security? Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: libxslt Source-Version: 1.1.26-6+squeeze2 We believe that the bug you reported is fixed in the latest version of libxslt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 689...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aron Xu <a...@debian.org> (supplier of updated libxslt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 03 Oct 2012 00:02:59 +0800 Source: libxslt Binary: libxslt1.1 libxslt1-dev libxslt1-dbg xsltproc python-libxslt1 python-libxslt1-dbg Architecture: source amd64 Version: 1.1.26-6+squeeze2 Distribution: stable-security Urgency: high Maintainer: Debian XML/SGML Group <debian-xml-sgml-p...@lists.alioth.debian.org> Changed-By: Aron Xu <a...@debian.org> Description: libxslt1-dbg - XSLT 1.0 processing library - debugging symbols libxslt1-dev - XSLT 1.0 processing library - development kit libxslt1.1 - XSLT 1.0 processing library - runtime library python-libxslt1 - Python bindings for libxslt1 python-libxslt1-dbg - Python bindings for libxslt1 (debug extension) xsltproc - XSLT 1.0 command line processor Closes: 689422 Changes: libxslt (1.1.26-6+squeeze2) stable-security; urgency=high . * Patch to fix three CVEs (Closes: #689422): - CVE-2012-2870 by Daniel Veillard and Chris Evans - CVE-2012-2871 by Daniel Veillard - CVE-2012-2893 by Chris Evans Checksums-Sha1: f0651c3b985a6ca2df9df4adbfd93d0ef53c59ba 1770 libxslt_1.1.26-6+squeeze2.dsc 69f74df8228b504a87e2b257c2d5238281c65154 3401513 libxslt_1.1.26.orig.tar.gz fa20858fdb130e66742f5cfbd6596ba9baa17c92 97452 libxslt_1.1.26-6+squeeze2.diff.gz f31c115ccc97fc4fa5bf724cddd004611164b3a7 248946 libxslt1.1_1.1.26-6+squeeze2_amd64.deb 176834cf616780e8924267b143e5acc008b47cf7 635718 libxslt1-dev_1.1.26-6+squeeze2_amd64.deb 6c0e046a4a134f481bd715d2140207c00a22f93e 370502 libxslt1-dbg_1.1.26-6+squeeze2_amd64.deb 432d8519cee8fc61ca902769b9813bf558522183 115830 xsltproc_1.1.26-6+squeeze2_amd64.deb b0ad42fe8c093388c9eb6304beb3404f0b9ddfa5 168748 python-libxslt1_1.1.26-6+squeeze2_amd64.deb ef10a0477d9388dd17bb0b4843e38fcb824119cc 372402 python-libxslt1-dbg_1.1.26-6+squeeze2_amd64.deb Checksums-Sha256: 2247542e2457c9ebb360538c0a00add793a50f7f9afed2acfe734dd1344d4c70 1770 libxslt_1.1.26-6+squeeze2.dsc 55dd52b42861f8a02989d701ef716d6280bfa02971e967c285016f99c66e3db1 3401513 libxslt_1.1.26.orig.tar.gz 373de7249cb2689d3ba02969dba20635762967987d87af56f3845cf5cb70d3a4 97452 libxslt_1.1.26-6+squeeze2.diff.gz 8d0db3f60fc8b67efbf63a9806440df21a90d738a2a73e8ae5711b8973fdbb11 248946 libxslt1.1_1.1.26-6+squeeze2_amd64.deb bf23293eb4de98a28704cc496fb42b0dedf45cb4db8af0c7e983203b8ecf7962 635718 libxslt1-dev_1.1.26-6+squeeze2_amd64.deb f4ab731590cbff663dbe81c81276664831e5e82945a6340400a11b4a5087081c 370502 libxslt1-dbg_1.1.26-6+squeeze2_amd64.deb dcdcbdc4a76dcdb1258cff2ccf41ebef80cef7f00de16aa99a6f5cc2fb4aa9fd 115830 xsltproc_1.1.26-6+squeeze2_amd64.deb a15d3f7f4de8902b69cd5091c990f4c0ea85bc04805ac86e6cbcee98e08da646 168748 python-libxslt1_1.1.26-6+squeeze2_amd64.deb a3f7eb5fd72e4977c2b16c32ad56da021e744b5a9405773bd534ed8221e92810 372402 python-libxslt1-dbg_1.1.26-6+squeeze2_amd64.deb Files: f9303ee79578870ae3b4d8c7fa61771b 1770 text optional libxslt_1.1.26-6+squeeze2.dsc e61d0364a30146aaa3001296f853b2b9 3401513 text optional libxslt_1.1.26.orig.tar.gz 039b45993dbc2682266f379cd1a5dbdf 97452 text optional libxslt_1.1.26-6+squeeze2.diff.gz 77882d6694c61c006df6f373b249207b 248946 libs optional libxslt1.1_1.1.26-6+squeeze2_amd64.deb 4f001754dd803497def0eb723c4b447a 635718 libdevel optional libxslt1-dev_1.1.26-6+squeeze2_amd64.deb 9d83601b4a49a4ca14307fcf31a1ecc2 370502 debug extra libxslt1-dbg_1.1.26-6+squeeze2_amd64.deb 73947f71ba88e618ca65fa1c4397b153 115830 text optional xsltproc_1.1.26-6+squeeze2_amd64.deb 756254b3c11b61ea5ed5d1cb0b9f5196 168748 python optional python-libxslt1_1.1.26-6+squeeze2_amd64.deb a34cb05757eff9258047d00e55039b8d 372402 debug extra python-libxslt1-dbg_1.1.26-6+squeeze2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBAgAGBQJQbeYIAAoJEIAhAkTu07wNDRYH/iDkjfgnZocjd+M+we8YOYp2 YQbiuYP8lJa+xGr/CCOtXIXcn2KXwiNxidXQkNg5QGg8Aienfjq6RB4sXmI2pF8G IYolvljERNpYXc9tGNV6REcnPgz3a8x8SAAAw6IUAVpQ84TIyH516XG42y9m4+Xs 5SC1IWprlOz1k//MjzG6Wm6rw1FUIk3vT/to59WL30ZdbtmEUV1I9UrF+bCspfl9 QulY7QNzqsJasvfiKTT8FIqFL/B09BuHRFJQtjnHPJJPYwGtrnczeoBw9QFYhbic 8yLSejGS4vlMYqfIxZqdSVIT45/1QVHxsLUj320wuhETE+nGKYqD30gTnhmbca0= =c2EX -----END PGP SIGNATURE-----
--- End Message ---
