Your message dated Wed, 06 Mar 2013 21:03:46 +0000 with message-id <e1udlv4-0005gj...@franck.debian.org> and subject line Bug#702260: fixed in libxml2 2.8.0+dfsg1-7+nmu1 has caused the Debian Bug report #702260, regarding libxml2: CVE-2013-0338 CVE-2013-0339 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 702260: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702260 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libxml2 Severity: grave Tags: security Justification: user security hole Please see the Red Hat Bugzilla entries for more details: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0338 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0339 Patch: http://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: libxml2 Source-Version: 2.8.0+dfsg1-7+nmu1 We believe that the bug you reported is fixed in the latest version of libxml2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 702...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Gilbert <mgilb...@debian.org> (supplier of updated libxml2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 06 Mar 2013 20:24:06 +0000 Source: libxml2 Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg Architecture: source amd64 all Version: 2.8.0+dfsg1-7+nmu1 Distribution: unstable Urgency: high Maintainer: Debian XML/SGML Group <debian-xml-sgml-p...@lists.alioth.debian.org> Changed-By: Michael Gilbert <mgilb...@debian.org> Description: libxml2 - GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-utils - XML utilities libxml2-utils-dbg - XML utilities (debug extension) python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) Closes: 702260 Changes: libxml2 (2.8.0+dfsg1-7+nmu1) unstable; urgency=high . * Non-maintainer upload by the Security Team. * Fix cve-2013-0338 and cve-2013-0339: large memory consuption issues when performing string substition during entity expansion (closes: #702260). Checksums-Sha1: 6f7604bc3d4cf910ad988fae566b9996304b9f02 3199 libxml2_2.8.0+dfsg1-7+nmu1.dsc de1f7c8ac8447fd3b7ee205a5be3859ca960db1c 34342 libxml2_2.8.0+dfsg1-7+nmu1.debian.tar.gz e184ba462a20285e0b93d9e8564e10305f47d22e 904406 libxml2_2.8.0+dfsg1-7+nmu1_amd64.deb 12797d70c290c0d485a708714d39854da8fdffae 96490 libxml2-utils_2.8.0+dfsg1-7+nmu1_amd64.deb b5dfa03ba95dc05f3b951c89db65c15b4f2b610d 131624 libxml2-utils-dbg_2.8.0+dfsg1-7+nmu1_amd64.deb fe09a639184dfeeacd0dd525b42fd33205012f49 900944 libxml2-dev_2.8.0+dfsg1-7+nmu1_amd64.deb ba5a8aecbe6cc8937e96630cde7ea47de8c5e06e 1418762 libxml2-dbg_2.8.0+dfsg1-7+nmu1_amd64.deb 249cf295f18d9b22079bd032d681380794fae982 1385148 libxml2-doc_2.8.0+dfsg1-7+nmu1_all.deb 2a24de297b9b6b7b364d911c8b3e2e246100df57 382910 python-libxml2_2.8.0+dfsg1-7+nmu1_amd64.deb caa16309b3793b71c8c422cb2b25cccc4a101bac 774212 python-libxml2-dbg_2.8.0+dfsg1-7+nmu1_amd64.deb Checksums-Sha256: 5273f3555dc25768da27f0bc324880c179915ba8d7fed737882db52eb9e2872c 3199 libxml2_2.8.0+dfsg1-7+nmu1.dsc 458eee6d64777e3dd7f62a02a9c4ebb96c1c550a77b914ddca5fb9ffff5dee99 34342 libxml2_2.8.0+dfsg1-7+nmu1.debian.tar.gz cd5a592df35aee45147949d6c42f82d9bd606392efa2d1fe69d7a17998f602cd 904406 libxml2_2.8.0+dfsg1-7+nmu1_amd64.deb bf757e178668efec936e4606bfd7a1018237a2078636c2b82d4983f2bbca1f46 96490 libxml2-utils_2.8.0+dfsg1-7+nmu1_amd64.deb f75b0a6e23d09a49a949c1a359493eed7ba2113037100ce84fdb28fd48969892 131624 libxml2-utils-dbg_2.8.0+dfsg1-7+nmu1_amd64.deb cb72dc90b6ddfe215f9834f5e7527dfbc033ab8bcc368cb1759191ddb93a4b7b 900944 libxml2-dev_2.8.0+dfsg1-7+nmu1_amd64.deb 83de2f4c27f1c6fdfadb6197f90ea06bb95792a21787c111cba1f4087dd2d7d7 1418762 libxml2-dbg_2.8.0+dfsg1-7+nmu1_amd64.deb 811b44704706ed95b645413846445e370634a00f1c1b2748e35761103bcf942a 1385148 libxml2-doc_2.8.0+dfsg1-7+nmu1_all.deb 25d55bf8cbd19bd6180b455283918eecce493a8aeabf2166baa9da714f15aadc 382910 python-libxml2_2.8.0+dfsg1-7+nmu1_amd64.deb 5bedd90f7939ce03e20e053391388df46dec871c02bc88d7bd35cc7a5673a1e9 774212 python-libxml2-dbg_2.8.0+dfsg1-7+nmu1_amd64.deb Files: 906728b56ef31433e2666a138013ce0b 3199 libs optional libxml2_2.8.0+dfsg1-7+nmu1.dsc 6e3b7595a36dbd1a7f64afeb099d7dc5 34342 libs optional libxml2_2.8.0+dfsg1-7+nmu1.debian.tar.gz d69fe7a74fd7cba3855818e0cb513b75 904406 libs standard libxml2_2.8.0+dfsg1-7+nmu1_amd64.deb b0648584ae5fb6382e357e6676f799bd 96490 text optional libxml2-utils_2.8.0+dfsg1-7+nmu1_amd64.deb 9e2acd7b48ce803091974c2f057b7b4a 131624 debug extra libxml2-utils-dbg_2.8.0+dfsg1-7+nmu1_amd64.deb 796a9e7ac1e5c47dec1579028c3cf88a 900944 libdevel optional libxml2-dev_2.8.0+dfsg1-7+nmu1_amd64.deb c9771195adf237a4164218ef271d3721 1418762 debug extra libxml2-dbg_2.8.0+dfsg1-7+nmu1_amd64.deb fd96504fe344e833addc6c329931028f 1385148 doc optional libxml2-doc_2.8.0+dfsg1-7+nmu1_all.deb 9e93cdb76b31dafa3485b71eadd1c001 382910 python optional python-libxml2_2.8.0+dfsg1-7+nmu1_amd64.deb 8bbb0976926783dbec3d763b0267a480 774212 debug extra python-libxml2-dbg_2.8.0+dfsg1-7+nmu1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQQcBAEBCAAGBQJRN6jqAAoJELjWss0C1vRzLUsf/RjhFdCaYM12noK1J1pjlyCt WrRTO7c5GddvC1hT2x+wicTPMQ1h2XPmkiYqDwwTDs6EZVIJLF/Pi9y3ilizTs4f 5dh6rq4a1ZarpxOgGOxNRF7zTP+V5OM54FAJQHMbizRmtCyCfRrrODp3FyV+nXur rexeYnserMrblm8bQYhnGT08sDVl19KhjqG6MAYeKXiOzLifY/qDvbrmCAcYmdYK n93LohRBOWQHVseJ11igci2+uSDBxj+YauMZsVZZfU8iI1xQomMfcckM8HKP1fgj T0oSn9VadmC2UO4O0NIskTS+pYD4eqhJffnNmhsSpKsSle3kMDMdSZkPjymBQ0I0 lW5RCrB1W6q1XSOQCLJYETjcM3PmPT8dJoVWP+UHCxrD6BXqtHVQBIcC0TyQzqER zez96pj2znDb5ImABQR+3VJEQihTkW/LQVrW+9ngMd9stIy7T8SQYsRCilQyJVck hUGtaKtRHy0BRzuWW1zXsx7ZAGQPR6iOpN9Km/MLUXgJQ4m8086g+wNMgrw/YHzz t0v337AQSb7hknRLAi1Tl4vH0ZogEOMS1CRSfs4zC4ToaDFsrb81yCqGIx7TMSzE jXZrES4HExGkOWEF7dxHx5eQ2NyJLT/MRsLkIPWw36Js8xh1SaKLeB1QbvyJe8pd vBaKeHoz8gSH7daa4LKv5e99xSpow4w1Q1z/h1hQQiDxkxXk9lbceZK2vSPlInGF WViTMIvq3aNnHJWxaHSYbCfHFN6HDDEnLweDrYTydiRI/zsatSVtKS5w3PD9Fnid r/ArWZFkiBMAQ85kfGJe3Qrp6ZVkVeZzgod4yj1wwfM6NqdalV0McLwEE5b0lKHi hcM1GCZQDjmy5310MwU8IioPxvUEosCnSwmEQJt7CDBZjrcl3rv02HeG7JrOumSi GZUYBMIwraoMvtDY2UKgoxF9KcunX85eJn8T9e0N2Ku+ufAxAWOw0qMj5tgotRw3 6397eO+Zg1NcPMwPKpKSDD/ielLuuD3FD1cf9V5uFvZcvlXiY8AkITX7EKgl4IO2 9iGoG2Z/ZuSdtaMyVeuaj6Dl0l/Tv1F7pTLtjeFmI3OMIUQa/n186M6uPPJma715 1FiOzBCzzTkkjqCJfpQrYlbnlfPk+R4wVGfeHbaDzHF4xIOk4uC3AupfkDBUOKZG t/4Wt+ePbm2WfjQYlID8+X5fuISrBLVK8z8yfROVcJfozG0rzCUBgNxMS607zvgx sDAM56kROwdVVfHkxnaZ1OI0/0NkOAA24rnLKnk8926F2BCRoo43ZZVmKl7NtFx1 WRmxuYem14Gms/yCT71uiNcElknTuFPmDVVYiyyrvfqV9AxFDSeyXARuIX2c8ns= =Lirq -----END PGP SIGNATURE-----
--- End Message ---
