Bug#720375: marked as done (libxml-security-java: CVE-2013-2172)

Fri, 07 Nov 2014 07:36:55 -0800 

Your message dated Fri, 07 Nov 2014 15:32:06 +0000
with message-id <e1xmlwa-0000hl...@franck.debian.org>
and subject line Bug#720375: fixed in libxml-security-java 1.4.5-1+deb7u1
has caused the Debian Bug report #720375,
regarding libxml-security-java: CVE-2013-2172
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
720375: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720375
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: libxml-security-java
Severity: grave
Tags: security patch upstream fixed-upstream

Hi,

the following vulnerability was published for libxml-security-java.

CVE-2013-2172[0]:
Java XML Signature spoofing attack

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2172
    http://security-tracker.debian.org/tracker/CVE-2013-2172
[1] http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc
[2] http://svn.apache.org/viewvc?view=revision&revision=1493772

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: libxml-security-java
Source-Version: 1.4.5-1+deb7u1

We believe that the bug you reported is fixed in the latest version of
libxml-security-java, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 720...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastien Delafond <s...@debian.org> (supplier of updated libxml-security-java 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 03 Nov 2014 11:24:21 +0100
Source: libxml-security-java
Binary: libxml-security-java libxml-security-java-doc
Architecture: source all
Version: 1.4.5-1+deb7u1
Distribution: wheezy-security
Urgency: medium
Maintainer: Debian Java Maintainers 
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: Sebastien Delafond <s...@debian.org>
Description: 
 libxml-security-java - Apache Santuario
 libxml-security-java-doc - Documentation for Apache Santuario
Closes: 720375
Changes: 
 libxml-security-java (1.4.5-1+deb7u1) wheezy-security; urgency=medium
 .
   * Fix CVE-2013-2172 (Closes: #720375)
Checksums-Sha1: 
 0bd069615846b12dc8b9d077947ccf49818841fb 2157 
libxml-security-java_1.4.5-1+deb7u1.dsc
 db2122074ad86cee1d0763d7aaffe9e6815470f0 1205867 
libxml-security-java_1.4.5.orig.tar.gz
 45c5450050b99a9486886abe27cd5fc4ebad29b7 5297 
libxml-security-java_1.4.5-1+deb7u1.debian.tar.gz
 7339353c115f6e5f1cc8b0fbfb1941b19aa89f78 516950 
libxml-security-java_1.4.5-1+deb7u1_all.deb
 1f33d96651b9571cebe202adbd59c63458c88e6e 2408878 
libxml-security-java-doc_1.4.5-1+deb7u1_all.deb
Checksums-Sha256: 
 cba683a21107e516939966eeeab56cd4fe8fdcf222d3178bba308a1a8f638b78 2157 
libxml-security-java_1.4.5-1+deb7u1.dsc
 8774f7680548d1768f383eff3f74f6151ea9144a4e1a6591a121b34ddbb08242 1205867 
libxml-security-java_1.4.5.orig.tar.gz
 ff6dcb874495bcaa9fa8d96a7fb273be46ec2a9314d3e1029129e8800d0c9e2a 5297 
libxml-security-java_1.4.5-1+deb7u1.debian.tar.gz
 8661bb687b673cc2b0fa9e3b265b879e833585e39c89f98b8687f3236aac9730 516950 
libxml-security-java_1.4.5-1+deb7u1_all.deb
 33df16ee3b34f86b8a21c11d9f47be7a990ae0593f9d8c614c9e69840a6eb7a2 2408878 
libxml-security-java-doc_1.4.5-1+deb7u1_all.deb
Files: 
 ca6cc38b7be0c735e76c6e43f154e699 2157 java optional 
libxml-security-java_1.4.5-1+deb7u1.dsc
 19e6ac5ad1e3ab7756cefec1f8aec2c1 1205867 java optional 
libxml-security-java_1.4.5.orig.tar.gz
 b1f12b1a6a9509244d95586d54a60532 5297 java optional 
libxml-security-java_1.4.5-1+deb7u1.debian.tar.gz
 ccdd0b948e18bddebacf50806fdc9bbd 516950 java optional 
libxml-security-java_1.4.5-1+deb7u1_all.deb
 0aefad6093f363a0db5f7102769ac35c 2408878 doc optional 
libxml-security-java-doc_1.4.5-1+deb7u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJUWyhXAAoJEBC+iYPz1Z1kSOAIAMpYoaM7X6x65CzfB4xTmImy
OVgvUg8I9eLfOBbdmiihSAFJbokgAw6y95kJSd2KEGVE5uAvSGeO4dPHrknLPuCm
W2Cz0swxOPMhtOtOcCwQbH1QDex5KTYlr6o44/t30kEBYBgi/58ISgXAijRz7zBN
m7BWWgTPRDnZ63yrjj1HSSn9aD3zvix3IbuKX4kW+NApghLNYabg4EZGRt5/qJjJ
bGnFo8bDoUkMs8GyygcfqRG6Oa4m1QPPq1IxkRMMizVQPK4iDKbjGb6HDt3Ehkiu
lYQm0JSlQXBXuz5lI10L+Xs4wEcu/ELQUgxtWuAcdv47Ist9St1lk3IEaDMDNkY=
=sFKz
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to