Your message dated Tue, 01 Apr 2014 21:17:13 +0000 with message-id <e1wv63v-0003j7...@franck.debian.org> and subject line Bug#742577: fixed in libxalan2-java 2.7.1-7+deb7u1 has caused the Debian Bug report #742577, regarding libxalan2-java: CVE-2014-0107: Xalan-Java insufficient secure processing to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 742577: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742577 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libxalan2-java Severity: grave Tags: security upstream fixed-upstream Hi, the following vulnerability was published for libxalan2-java, could you please verify. CVE-2014-0107[0]: Xalan-Java insufficient secure processing If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://security-tracker.debian.org/tracker/CVE-2014-0107 [1] https://issues.apache.org/jira/browse/XALANJ-2435 [2] https://svn.apache.org/viewvc?view=revision&revision=1581058 [3] http://www.ocert.org/advisories/ocert-2014-002.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libxalan2-java Source-Version: 2.7.1-7+deb7u1 We believe that the bug you reported is fixed in the latest version of libxalan2-java, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 742...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Emmanuel Bourg <ebo...@apache.org> (supplier of updated libxalan2-java package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 25 Mar 2014 15:37:47 +0100 Source: libxalan2-java Binary: libxalan2-java libxsltc-java libxalan2-java-doc Architecture: source all Version: 2.7.1-7+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Emmanuel Bourg <ebo...@apache.org> Description: libxalan2-java - XSL Transformations (XSLT) processor in Java libxalan2-java-doc - Documentation and examples for the Xalan-Java XSLT processor libxsltc-java - XSL Transformations (XSLT) compiler from Xalan-Java Closes: 742577 Changes: libxalan2-java (2.7.1-7+deb7u1) wheezy-security; urgency=high . * Team upload. * Fix CVE-2014-0107: Strengthen the secure processing mode by disabling external general entities, foreign attributes and access to the system properties. This could be exploited to execute arbitrary code remotely. (Closes: #742577) Checksums-Sha1: 2a87a9451f35672cfdf29c3ea86cb094d40402fe 2097 libxalan2-java_2.7.1-7+deb7u1.dsc b90f75bcf925c93c882909a34bc2fdbe1154e38b 3781074 libxalan2-java_2.7.1.orig.tar.gz f1e13246846d6a9801df7e274b4f30864c113a33 17889 libxalan2-java_2.7.1-7+deb7u1.debian.tar.gz 630d0f05741c2662631f72f624f35307cb1ccf5c 3342508 libxalan2-java_2.7.1-7+deb7u1_all.deb 6aefc830eaf620527ad1612bd89f4c22a2e1e1c6 1301044 libxsltc-java_2.7.1-7+deb7u1_all.deb 34f298fabae015c0384d15248b908e4617563dd5 4819132 libxalan2-java-doc_2.7.1-7+deb7u1_all.deb Checksums-Sha256: a58128ebd52a35081feceb4518d954e3d0770d45685807ef4c464e53dddf438d 2097 libxalan2-java_2.7.1-7+deb7u1.dsc 5a1213342047da146525c545b3fb71935617c2caf16c17ce9626df4606678501 3781074 libxalan2-java_2.7.1.orig.tar.gz b253dcf323564c11fa38a5e10104ca94fa007148907b61cec2bc7436553d1374 17889 libxalan2-java_2.7.1-7+deb7u1.debian.tar.gz 22ab6709fea5e48c18d07d07a2272b8d7c48b05602abf77d69674f540e44c291 3342508 libxalan2-java_2.7.1-7+deb7u1_all.deb d281bc93aa85765507ca64f0c34bab5d9ab84d8db0bac3598672376ebc645b59 1301044 libxsltc-java_2.7.1-7+deb7u1_all.deb 7a1711440135a00c52fb0bccec9917098c1f8f70ec1e7038ea1a743a9d847c56 4819132 libxalan2-java-doc_2.7.1-7+deb7u1_all.deb Files: 20978867aff0a19d56b5e3f0a25fac2e 2097 java optional libxalan2-java_2.7.1-7+deb7u1.dsc fb936695fff53e4d8c685913f0577719 3781074 java optional libxalan2-java_2.7.1.orig.tar.gz 3b3641b826d61347aecf1d250b25d088 17889 java optional libxalan2-java_2.7.1-7+deb7u1.debian.tar.gz 3ed8f27cdb6b7521577a8e10c987abfb 3342508 java optional libxalan2-java_2.7.1-7+deb7u1_all.deb 6c1a4a59ec0ba0023176e73690d07d4d 1301044 java optional libxsltc-java_2.7.1-7+deb7u1_all.deb ea02da29e438601ce68f4e3c47e0c338 4819132 doc optional libxalan2-java-doc_2.7.1-7+deb7u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJTMzaDAAoJEL97/wQC1SS+oR4IALRNdIMENJXHLVelG2wF+sYj OTWPI0qNAo5Qw+a5Z2x5Lb9IU094NFgPGgRVFnHj9ebIi5/1TIO1WhYzQDWw1W/I 18TQpf+3p2/kznSD3zwS5xcjYpOV8jyn67bD7QD3WCMC2OXW4KVkMPHZfcYrYKIH 0drJB1Tlqa+sG/6XDBkeWi0Ly+BEN3Xv2kfZqCiV1TlVIcmI4R1l9L37MeT08CD3 AANON2eNZlAzgPTUyjF6G9Gjaz79i/9Ag8LWAPkfe2Nh+ZSupisiPlvo3fNRWwXC Yq6sRZTMzCZle5ewsMqBmuTxQNOUtdw9A8Q+usabLpuMQSrvfm8a4b1jSctdAXs= =cJc5 -----END PGP SIGNATURE-----
--- End Message ---
