Your message dated Tue, 25 Mar 2014 15:30:50 +0000 with message-id <e1wstjs-0000jd...@franck.debian.org> and subject line Bug#742577: fixed in libxalan2-java 2.7.1-9 has caused the Debian Bug report #742577, regarding libxalan2-java: CVE-2014-0107: Xalan-Java insufficient secure processing to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 742577: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742577 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libxalan2-java Severity: grave Tags: security upstream fixed-upstream Hi, the following vulnerability was published for libxalan2-java, could you please verify. CVE-2014-0107[0]: Xalan-Java insufficient secure processing If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://security-tracker.debian.org/tracker/CVE-2014-0107 [1] https://issues.apache.org/jira/browse/XALANJ-2435 [2] https://svn.apache.org/viewvc?view=revision&revision=1581058 [3] http://www.ocert.org/advisories/ocert-2014-002.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libxalan2-java Source-Version: 2.7.1-9 We believe that the bug you reported is fixed in the latest version of libxalan2-java, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 742...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Emmanuel Bourg <ebo...@apache.org> (supplier of updated libxalan2-java package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 25 Mar 2014 15:22:35 +0100 Source: libxalan2-java Binary: libxalan2-java libxsltc-java libxalan2-java-doc Architecture: source all Version: 2.7.1-9 Distribution: unstable Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Emmanuel Bourg <ebo...@apache.org> Description: libxalan2-java - XSL Transformations (XSLT) processor in Java libxalan2-java-doc - Documentation and examples for the Xalan-Java XSLT processor libxsltc-java - XSL Transformations (XSLT) compiler from Xalan-Java Closes: 742577 Changes: libxalan2-java (2.7.1-9) unstable; urgency=high . * Team upload. * Fix CVE-2014-0107: Strengthen the secure processing mode by disabling external general entities, foreign attributes and access to the system properties. This could be exploited to execute arbitrary code remotely. (Closes: #742577) * debian/control: - Standards-Version updated to 3.9.5 (no changes) - Use canonical URLs for the Vcs-* fields - Updated the Homepage field - Removed the duplicate Section fields * Switch to debhelper level 9 * debian/rules: Improved the clean target Checksums-Sha1: 8655db332b2764021935e18ed9f9978e31a86ab1 2369 libxalan2-java_2.7.1-9.dsc b9ccda7cc0922f28ae8f3c22941ef50e0319d4c6 15292 libxalan2-java_2.7.1-9.debian.tar.xz f24a7d22ee06927431b64e46f5645075a3fb695a 3168716 libxalan2-java_2.7.1-9_all.deb 9ac80e1e09493055e1ee9f4176ba4d753f69a206 1231910 libxsltc-java_2.7.1-9_all.deb 30f29bc5065bbf674149ef16991d448a9c84582f 2564952 libxalan2-java-doc_2.7.1-9_all.deb Checksums-Sha256: dc22e7fd2106cc937302ab6c02c302ad5c5cc80ed83c48166f2f2583cc983395 2369 libxalan2-java_2.7.1-9.dsc d4f4d0b2a1e8b0aeba2b8ec7368ac89cb56fbb23efae16d43c8d1fbd89713293 15292 libxalan2-java_2.7.1-9.debian.tar.xz b9b08638101bc2d5a84e84ce967208e4976f12b996a30cbd6ebad5f588fac518 3168716 libxalan2-java_2.7.1-9_all.deb ac3ad41a60f3bbdea2a881bc1a1fedda8af01083c12694d303f090358a810bee 1231910 libxsltc-java_2.7.1-9_all.deb 6b20709ce1d6e627ecf878487e447b53ad2428ee63f5ede0f1039c47febe7f40 2564952 libxalan2-java-doc_2.7.1-9_all.deb Files: f7e23578c4902227a88c610cdb69a425 2369 java optional libxalan2-java_2.7.1-9.dsc fc784a91fd612a17c6380d216de39fad 15292 java optional libxalan2-java_2.7.1-9.debian.tar.xz e904eb7ee7e110c4cba441fbb50728ec 3168716 java optional libxalan2-java_2.7.1-9_all.deb 27e9ad3f3207425535f510691c3cd6bc 1231910 java optional libxsltc-java_2.7.1-9_all.deb d9fe3ad2885dc8061ac3e1ffa1563434 2564952 doc optional libxalan2-java-doc_2.7.1-9_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTMZJVAAoJEPUTxBnkudCsvaQQALZ+1+SYpr15fBgIDyBE+P// SiWx388fB8XWBAe82Ogo2g6hzhV+qruhBWI6aFxlLK0bj/7Lt+tCSF6YFYimYMMO PQzJMlXzcyPF7G+CoU+O0NCSzpsVMTUNXB685b6hTi60cTqJVivSfob3ikp4LQSo 8qKmm5Eg08/NIjsObuVYBTwqMA8D8XvIAN5j5tjvgpaAqRhuzJU/4bOOjsmFgmuh hmXUYiqXNuObSkPY8VzCxwFYZ+qnRcWsGFDS267ORq3FvjgXcDMLy4F0do1jzoo7 T0Xkrwk95/yS/ZzJrv1XQo5uc3nIdeaC+ZbSxQwx5YBYCmR/jjAQHYf6my7UpUTR hc/qKyL/2xrqyOFSVbMtOH9ahVCpgpc3h2BnmC/9FLZecFpQGzpiMPTJ7XvUMHsq x3tKOMNOdipFDpAaDORRAo1MX+oWRYknMOcPHPvWno9BrmcBvcdcDSHqstlbgeze XA3M1k7CxPNvRr9jeYn8y3/VKx/HQZO1PCYGrZDPZQR+6t1f1CLN98/mbFAzxpKs Y0fBpTkRQAI/jmUdL/CjsIUWMP2eYgo5eGzGxvJ6PKzPEEs7cDrvItzaVmiAurJe 3jDS2KY/oTI+vi49Go5nc4YeaKaBgFvMITNJjvLbYz8MbiZWzfXm8OMsePoow0Hv m9vXi1jhH4fAI/F7yKPt =nDr9 -----END PGP SIGNATURE-----
--- End Message ---
