Your message dated Wed, 29 Oct 2014 06:35:09 +0800
with message-id
<CAMr=8w7N49H7niUkOJyW3uvcQNwA2M=l-8cywrydjge7ds2...@mail.gmail.com>
and subject line
has caused the Debian Bug report #765722,
regarding CVE-2014-3660 libxml2 billion laugh variant
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
765722: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765722
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libxml2
Severity: serious
Tags: security patch
Hi,
The Netherlands Cyber Security Center announced an issue in libxml2.
https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html
It seems to be a variant of the classic 'billion laughs' vulnerability.
Upstream has fixed this in 2.9.2:
https://git.gnome.org/browse/libxml2/commit/?id=be2a7edaf289c5da74a4f9ed3a0b6c733e775230
Cheers,
Thijs
--- End Message ---
--- Begin Message ---
Source: libxml2
Source-Version: 2.8.0+dfsg1-7+wheezy2
Fixed in wheezy security update.
--- End Message ---
