Bug#705722: marked as done (libxml2: CVE-2013-1969)

[Debian Bug Tracking System]

Your message dated Sat, 08 Jun 2013 17:33:48 +0000
with message-id <e1uln1q-0003sm...@franck.debian.org>
and subject line Bug#705722: fixed in libxml2 2.9.1+dfsg1-1
has caused the Debian Bug report #705722,
regarding libxml2: CVE-2013-1969
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
705722: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705722
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libxml2
Severity: grave
Tags: security patch upstream

Hi,

the following vulnerability was published for libxml2.

CVE-2013-1969[0]:
se-after-free error in "htmlParseChunk()" and "xmldecl_done()"

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

A patch commited in git upstream repo is at [1].

For further information see:

[0] http://security-tracker.debian.org/tracker/CVE-2013-1969
[1] 
https://git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: libxml2
Source-Version: 2.9.1+dfsg1-1

We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 705...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aron Xu <a...@debian.org> (supplier of updated libxml2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 09 Jun 2013 00:34:16 +0800
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg 
libxml2-doc python-libxml2 python-libxml2-dbg
Architecture: source amd64 all
Version: 2.9.1+dfsg1-1
Distribution: experimental
Urgency: low
Maintainer: Debian XML/SGML Group <debian-xml-sgml-p...@lists.alioth.debian.org>
Changed-By: Aron Xu <a...@debian.org>
Description: 
 libxml2    - GNOME XML library
 libxml2-dbg - Debugging symbols for the GNOME XML library
 libxml2-dev - Development files for the GNOME XML library
 libxml2-doc - Documentation for the GNOME XML library
 libxml2-utils - XML utilities
 libxml2-utils-dbg - XML utilities (debug extension)
 python-libxml2 - Python bindings for the GNOME XML library
 python-libxml2-dbg - Python bindings for the GNOME XML library (debug 
extension)
Closes: 696300 697382 705722
Changes: 
 libxml2 (2.9.1+dfsg1-1) experimental; urgency=low
 .
   * New upstream release (Closes: #696300, #705722).
   * Add -llzma for static linking (Closes: #697382).
   * Update symbols.
   * Update debian/watch, thanks to Bart Martens.
   * Use canonical Vcs-* fields.
   * Mark python-libxml2-dbg as "Multi-Arch: same".
Checksums-Sha1: 
 4e0de14d46d04e673c796eefd661259433b0adf6 2175 libxml2_2.9.1+dfsg1-1.dsc
 357366e7afc9dd03ba883c605d5c369decb2b2e1 3793894 
libxml2_2.9.1+dfsg1.orig.tar.gz
 addc0275fa42f9b15ee1e91aa624970ccb598361 25058 
libxml2_2.9.1+dfsg1-1.debian.tar.gz
 fdf719a472d7dc4223b07ba4510547660c7fd861 911100 libxml2_2.9.1+dfsg1-1_amd64.deb
 1fceff0317b2cb0d7a9fb686a886145105ecbf74 96280 
libxml2-utils_2.9.1+dfsg1-1_amd64.deb
 b136a6c127daa8f6a46a3a281e5a810be4944d9f 127156 
libxml2-utils-dbg_2.9.1+dfsg1-1_amd64.deb
 8d121210d44b7a9803e7354c95f71b33d47a2aab 915338 
libxml2-dev_2.9.1+dfsg1-1_amd64.deb
 91153ae08ef844f316ba6c1bacdaa84045e41f5e 1422466 
libxml2-dbg_2.9.1+dfsg1-1_amd64.deb
 6925933005ff84b08726e16354f70fff245a8324 1371480 
libxml2-doc_2.9.1+dfsg1-1_all.deb
 89c49d30b672dc697e7c285edab0184001e0bd73 242360 
python-libxml2_2.9.1+dfsg1-1_amd64.deb
 c829177b1ec1488a86153cd5aabe969b99f072c3 396810 
python-libxml2-dbg_2.9.1+dfsg1-1_amd64.deb
Checksums-Sha256: 
 c00ae5a2390ff6ec78160e9bd0ce9b51f1da2c85297d7bcf66f3f15fb3cc7604 2175 
libxml2_2.9.1+dfsg1-1.dsc
 f3ec5256412192f74833286c4490672500b232ed1c9195214db2c641df064a28 3793894 
libxml2_2.9.1+dfsg1.orig.tar.gz
 cff6bfddb8cfaafdb49765888469c3a015dfa70d2268adeba1e9405cd9c3763e 25058 
libxml2_2.9.1+dfsg1-1.debian.tar.gz
 aa67e92dceee439886114e32740f8f9b29000c75187a9f2e6fe6dea190445ce7 911100 
libxml2_2.9.1+dfsg1-1_amd64.deb
 e5515787ce71527a38ab49b13f5fa90dc6eb1926f9ffd6f7bfc02f0ca62592a8 96280 
libxml2-utils_2.9.1+dfsg1-1_amd64.deb
 c91243d9d160b2aa83699abe7d569f7b13d2b39a7c3d4c269fee4a4e3a41fdb9 127156 
libxml2-utils-dbg_2.9.1+dfsg1-1_amd64.deb
 e14ea1121af39ef4cb121c606f12ee407e9023aca1008cb3d1f8de86edfda6be 915338 
libxml2-dev_2.9.1+dfsg1-1_amd64.deb
 8da42b6ba270d9c61ccc8a0b36b6d55ca63db775d7d42b381cb71344bf18a92d 1422466 
libxml2-dbg_2.9.1+dfsg1-1_amd64.deb
 72c19555ab7d896e3086c3fe50ffa9b9e18dc8d6babc238e22a8dd4e9cb0cd4a 1371480 
libxml2-doc_2.9.1+dfsg1-1_all.deb
 94b97c1d12e929170789a841d7cb6a1cb9e008eae9602c5237e2b0803064bd67 242360 
python-libxml2_2.9.1+dfsg1-1_amd64.deb
 42ae56dc08b3472be9587b27059e79811d5f6af94cd8f7557f149708d46c27d0 396810 
python-libxml2-dbg_2.9.1+dfsg1-1_amd64.deb
Files: 
 3736eac1ee7a5c65f89f13596a181536 2175 libs optional libxml2_2.9.1+dfsg1-1.dsc
 5f111980c06f927a62492b7b9781b7bf 3793894 libs optional 
libxml2_2.9.1+dfsg1.orig.tar.gz
 0ca567cbe792b9e0b8b30f6ff24eb510 25058 libs optional 
libxml2_2.9.1+dfsg1-1.debian.tar.gz
 658c8c2328345618cf1e89154c1776ea 911100 libs standard 
libxml2_2.9.1+dfsg1-1_amd64.deb
 75e16c7a7196c9fb6c4d9f6c89e53505 96280 text optional 
libxml2-utils_2.9.1+dfsg1-1_amd64.deb
 a08d3ac2bdfcedca46608f1606a6dbda 127156 debug extra 
libxml2-utils-dbg_2.9.1+dfsg1-1_amd64.deb
 fdbef1f2efdc02e03c1b931753936970 915338 libdevel optional 
libxml2-dev_2.9.1+dfsg1-1_amd64.deb
 7c3e0645dd53715163a1c574ae4bc436 1422466 debug extra 
libxml2-dbg_2.9.1+dfsg1-1_amd64.deb
 f9f2484f23cbc927c94040e638d96613 1371480 doc optional 
libxml2-doc_2.9.1+dfsg1-1_all.deb
 398c0453df3e0be12ac58f088c63d787 242360 python optional 
python-libxml2_2.9.1+dfsg1-1_amd64.deb
 b53c8e13edf6e6e3eb41ff870ebd31a5 396810 debug extra 
python-libxml2-dbg_2.9.1+dfsg1-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJRs2l4AAoJEGa1A/2e4BN55aYIAI6rXTFwaP6PqGBWiQGRt0Oi
EZn+XgU0UUhe0nJSuO6v6ZP3FhNUdIFF3K0tFtgE7WbttmqKMUXddjHwM31jSGag
GnE0cyVbIBUOyTkvctTXoHQvv0AThd5EyxDtJAOqBXZoneFouSvsHypP2bzIVhMh
jQQgFm6y8LsvErFuSYoBB1+n1Ufa3MCjUNx6FOdK2hmCk4gOTdC+Gx51+IeSzh/G
7kcfUt0L9rw0bcHwl1mfFGMU+Dws8Rf07w6ACnzYRBoZgU8qlMeaXIKIVdZ6puxc
LbCdRmKc6T2dvf2Z01nRiTLtzNyg0O7ILZ5LbPALtUKby5CNrO2GaC0ACf6S7PI=
=NHgb
-----END PGP SIGNATURE-----

--- End Message ---