Bug#720375: marked as done (libxml-security-java: CVE-2013-2172)

[Debian Bug Tracking System]

Your message dated Sun, 09 Nov 2014 16:19:29 +0000
with message-id <e1xnvd7-0006wi...@franck.debian.org>
and subject line Bug#720375: fixed in libxml-security-java 1.4.3-2+deb6u1
has caused the Debian Bug report #720375,
regarding libxml-security-java: CVE-2013-2172
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
720375: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720375
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libxml-security-java
Severity: grave
Tags: security patch upstream fixed-upstream

Hi,

the following vulnerability was published for libxml-security-java.

CVE-2013-2172[0]:
Java XML Signature spoofing attack

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2172
    http://security-tracker.debian.org/tracker/CVE-2013-2172
[1] http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc
[2] http://svn.apache.org/viewvc?view=revision&revision=1493772

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: libxml-security-java
Source-Version: 1.4.3-2+deb6u1

We believe that the bug you reported is fixed in the latest version of
libxml-security-java, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 720...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thorsten Alteholz <deb...@alteholz.de> (supplier of updated 
libxml-security-java package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 09 Nov 2014 16:24:21 +0100
Source: libxml-security-java
Binary: libxml-security-java
Architecture: source all
Version: 1.4.3-2+deb6u1
Distribution: squeeze-lts
Urgency: high
Maintainer: Debian Java Maintainers 
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: Thorsten Alteholz <deb...@alteholz.de>
Description: 
 libxml-security-java - implementation of security standards for XML
Closes: 720375
Changes: 
 libxml-security-java (1.4.3-2+deb6u1) squeeze-lts; urgency=high
 .
   * Non-maintainer upload by the Squeeze LTS Team.
   * Fix CVE-2013-2172 (Closes: #720375)
Checksums-Sha1: 
 566cc96fe6c7374615ce78cac73120545a3b3209 2289 
libxml-security-java_1.4.3-2+deb6u1.dsc
 311e5ec6829a990b6d12fbbad1caaaf45133e214 1034408 
libxml-security-java_1.4.3.orig.tar.gz
 e56b007626d3e9bb15aac6cd0d8880b60a640630 3441 
libxml-security-java_1.4.3-2+deb6u1.diff.gz
 3b712b37bcb6c60965839d9b97b1bce993d0e1c5 517978 
libxml-security-java_1.4.3-2+deb6u1_all.deb
Checksums-Sha256: 
 d885d9a7459d71522350c962458455b33bab22fd1e99ee2e1d97ef31591c0bdb 2289 
libxml-security-java_1.4.3-2+deb6u1.dsc
 3cbf558a419473315e5ff556388901e4cdc79a387aa2efcd6b14fef99ed1fcd1 1034408 
libxml-security-java_1.4.3.orig.tar.gz
 812609140a4af6861cd83eeb08db48226248b661dfc55f3437cc6e35cae18d60 3441 
libxml-security-java_1.4.3-2+deb6u1.diff.gz
 3526ff5115a774584975eea3726aee43b1da0180b37a2e5a5ce02ebb423f864d 517978 
libxml-security-java_1.4.3-2+deb6u1_all.deb
Files: 
 425a735f132702b8b1cac45c09e85feb 2289 java optional 
libxml-security-java_1.4.3-2+deb6u1.dsc
 28dd2eb4c9d3d11d23038447cee35a1c 1034408 java optional 
libxml-security-java_1.4.3.orig.tar.gz
 2731ac2464f22d4897b2121e8bbe5174 3441 java optional 
libxml-security-java_1.4.3-2+deb6u1.diff.gz
 0fcf7712859b16085672112314d23e09 517978 java optional 
libxml-security-java_1.4.3-2+deb6u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJUX5G+XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHfjQP/RnsDoi94PoS5B7ZAbo80J4a
quSOsses1SdTurOBsZfm8mvijlUgY9Zua9GcrfMsAOiBhxk/KecmnWMQysNlYq3t
JagU8iUmYA4j9P/l6/zgCdan/+cndcG+IWj5WLTLU7tT+41MvEDijBFd9FmImNQ1
ktu6Sfiyk4kx0YUl7fk9Sr2PaT6umv5orR/EyF4ozvVchDwbUsmKWvjifP2RoXcz
/eRDUBPgytn9AdMf4xvKFjnN97vlTkHfRY9GkWplbtlycfHkIkqfRzIJE0+Rr0zW
Qo6K4KN722VBYemT9FonxcRSlF8y+/eo9k9cHS/Tzgy4D26oSJaNDCz/kO2u3EXn
YCYCyg1k/G9Tws8JfXhfKb/BLWca9uzElPWwTGYosgL2t4G/aFTbshSn1TgOVe1z
+ILE2+UTUFZs/dD2teVXsZZGrkz3BAMTYH614lExt+w2u50d+D1N8BHyrhEVns4S
u+AQokKzGunBApDlwGJSXQjhsbKBdbXcwlaD1WDm6TukXHyaxhmjtn1WhhSStmRe
n2taEif92QWwBPGLFjHWoJhVwuB4pTRfrpP7CZ6CAaAcduxlsGF7OlG0hhlKwhGd
pZEDEKVlE3NJqv1AJgIaxgfHBipJiWCmBpTNBdGrWx0fAoL72KMBJiOO2Nh6yC17
G1kWYCxjAVNIIIO1/XRn
=JafK
-----END PGP SIGNATURE-----

--- End Message ---