Your message dated Thu, 19 Feb 2015 17:18:48 +0000 with message-id <e1youks-0003v0...@franck.debian.org> and subject line Bug#765722: fixed in libxml2 2.9.1+dfsg1-5 has caused the Debian Bug report #765722, regarding CVE-2014-3660 libxml2 billion laugh variant to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 765722: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765722 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libxml2 Severity: serious Tags: security patch Hi, The Netherlands Cyber Security Center announced an issue in libxml2. https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html It seems to be a variant of the classic 'billion laughs' vulnerability. Upstream has fixed this in 2.9.2: https://git.gnome.org/browse/libxml2/commit/?id=be2a7edaf289c5da74a4f9ed3a0b6c733e775230 Cheers, Thijs
--- End Message ---
--- Begin Message ---Source: libxml2 Source-Version: 2.9.1+dfsg1-5 We believe that the bug you reported is fixed in the latest version of libxml2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 765...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aron Xu <a...@debian.org> (supplier of updated libxml2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 01 Feb 2015 13:48:36 +0800 Source: libxml2 Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg Architecture: source amd64 all Version: 2.9.1+dfsg1-5 Distribution: testing Urgency: medium Maintainer: Debian XML/SGML Group <debian-xml-sgml-p...@lists.alioth.debian.org> Changed-By: Aron Xu <a...@debian.org> Description: libxml2 - GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-utils - XML utilities libxml2-utils-dbg - XML utilities (debug extension) python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) Closes: 765722 768089 Changes: libxml2 (2.9.1+dfsg1-5) testing; urgency=medium . * Add pkg-config to B-D * Cherry-pick upstream memory related fixes - Including CVE-2014-3660 (Closes: #765722, #768089) Checksums-Sha1: 28ba030b95de233bdeed8d66f9d4c4f332785edf 2217 libxml2_2.9.1+dfsg1-5.dsc e1de54e052e92d5c46b20e250adfde4df577e55f 41216 libxml2_2.9.1+dfsg1-5.debian.tar.xz 3585568e126d89525e3d2b9f89255701b1f4d6df 799914 libxml2_2.9.1+dfsg1-5_amd64.deb 5d657cc8ac22f658b5ac73443f8a88a5d4db6253 90482 libxml2-utils_2.9.1+dfsg1-5_amd64.deb 3e0a5879144248e5b3055a03ac8907eecf62fcbf 120694 libxml2-utils-dbg_2.9.1+dfsg1-5_amd64.deb 9c77608a8a5093c0524fa0be7a7c00f6fc152cc5 693092 libxml2-dev_2.9.1+dfsg1-5_amd64.deb da618bd8480630b4942856428f3739759cc5a196 1231148 libxml2-dbg_2.9.1+dfsg1-5_amd64.deb c8deb5a3af72f6f881bca41c916848ffa96701ed 811014 libxml2-doc_2.9.1+dfsg1-5_all.deb 4ccc5ea89d12aeedec6584cf25d5d3520f2df57a 193290 python-libxml2_2.9.1+dfsg1-5_amd64.deb d683c1c282f2cb7ea1b28761f3178acacf431498 319002 python-libxml2-dbg_2.9.1+dfsg1-5_amd64.deb Checksums-Sha256: b5c3828c56cf16df0ed4bb89f16a020bfdaeb3843415cb1dce40223061cc2899 2217 libxml2_2.9.1+dfsg1-5.dsc bae5cd32f47c8c0c8dbe51abaa6056435ffef29038216824e2ae4d746376f756 41216 libxml2_2.9.1+dfsg1-5.debian.tar.xz 1f8ec65a97d80da632b154d47d9657136af6a68a841ceef406f9d8f0cb3e236b 799914 libxml2_2.9.1+dfsg1-5_amd64.deb 50692f80ee56bb7db8e9fa7f49a94b2fc04431ca0c2f39b8f248501dc74fb64a 90482 libxml2-utils_2.9.1+dfsg1-5_amd64.deb ad293659c9b71dd87a0e97c41c507c6ce5c4f6e2ec73d05dc041f2de3d29de0c 120694 libxml2-utils-dbg_2.9.1+dfsg1-5_amd64.deb a9cdef488cbcd18cc2bb9cc007b01abb179c61077acaf909ec3cd6d609f45b3b 693092 libxml2-dev_2.9.1+dfsg1-5_amd64.deb de34d894d78241ff5a30e6183365256f23a0655ca1c5949ec8e74c65ac6522ba 1231148 libxml2-dbg_2.9.1+dfsg1-5_amd64.deb fda004bb461202c3a9cd42a32736c37d96db8cdadc6e887060f8ae226e60123f 811014 libxml2-doc_2.9.1+dfsg1-5_all.deb 954190bf32508f9765f3e62d20735641c62d50e89f7418678907bb5d64ca8efc 193290 python-libxml2_2.9.1+dfsg1-5_amd64.deb 285d64b89fc3434ec914da913be9b612fd89e76b95510100e1845cbc3f7ad75c 319002 python-libxml2-dbg_2.9.1+dfsg1-5_amd64.deb Files: 312c07b37c06d43da7a368c6dbfdbd38 2217 libs optional libxml2_2.9.1+dfsg1-5.dsc 62d007b34760042cf11438bb80e70543 41216 libs optional libxml2_2.9.1+dfsg1-5.debian.tar.xz 2c7b8ceda85db0cc7a6a66490d870509 799914 libs standard libxml2_2.9.1+dfsg1-5_amd64.deb e6335aad202de3415389d7ed46dd73bc 90482 text optional libxml2-utils_2.9.1+dfsg1-5_amd64.deb 07172942a683a108428c6c7864f80d24 120694 debug extra libxml2-utils-dbg_2.9.1+dfsg1-5_amd64.deb 72105bf1e6a7cd5c69650cd023dfabdc 693092 libdevel optional libxml2-dev_2.9.1+dfsg1-5_amd64.deb 26dc420532f607131b69eaee6fb05394 1231148 debug extra libxml2-dbg_2.9.1+dfsg1-5_amd64.deb a0e5b9e80b7659c9af5e105e00b01691 811014 doc optional libxml2-doc_2.9.1+dfsg1-5_all.deb c79bac6e99bc7a33d10756d9247ce264 193290 python optional python-libxml2_2.9.1+dfsg1-5_amd64.deb 34ba8c4cd29a60356312d4df488c79b6 319002 debug extra python-libxml2-dbg_2.9.1+dfsg1-5_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJU5hicAAoJEPbsVcVkKA0e89gH+gOeEjE78oOCrMwduXe1ut7v xXNeoHG8CiE+coGpF87EFpFHHGszLXg/XGc2lQVUyY/CpvEKRHW7SSQ/AHDX8Lsp OUALWNWZYq9XOE8ZuqBRiWvsdZ68yd2yWDF3Okp4AqCjG4CgpdscbnFCA7qWeJ3w xkwob/BktWzPDjERIFEdSkdIKcUKizZAGBrL6j3/aMvrpy/A6EKEk+RbXdOsBxc3 RRk919GXnHiwI8C6c4Kgrgg5iAWV+nAxIO/Sj6zajrK5Pm17n33Bd4QCDMfe8t2N RvOKWeFszi55I7wBOxQHfMB/4UXzWdbhwhTUXN7mcKca5ZrBlKwd7vFICcqfPcg= =s77w -----END PGP SIGNATURE-----
--- End Message ---
