Your message dated Sun, 22 Mar 2015 19:19:06 +0000 with message-id <e1yzlos-0006j6...@franck.debian.org> and subject line Bug#780827: fixed in xerces-c 3.1.1-5.1 has caused the Debian Bug report #780827, regarding xerces-c: CVE-2015-0252: Apache Xerces-C XML Parser Crashes on Malformed Input to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 780827: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780827 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: xerces-c Version: 3.1.1-1 Severity: grave Tags: security patch upstream fixed-upstream Hi, the following vulnerability was published for xerces-c. CVE-2015-0252[0]: Apache Xerces-C XML Parser Crashes on Malformed Input If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-0252 [1] https://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt [2] http://svn.apache.org/viewvc?view=revision&revision=1667870 Regards, Salvatore p.s.: I uploaded already prepared packages for wheezy-security, but the packages are not yet released.
--- End Message ---
--- Begin Message ---Source: xerces-c Source-Version: 3.1.1-5.1 We believe that the bug you reported is fixed in the latest version of xerces-c, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 780...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated xerces-c package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 20 Mar 2015 19:40:31 +0100 Source: xerces-c Binary: libxerces-c3.1 libxerces-c-dev libxerces-c-doc libxerces-c-samples Architecture: source all amd64 Version: 3.1.1-5.1 Distribution: unstable Urgency: high Maintainer: Jay Berkenbilt <q...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: libxerces-c-dev - validating XML parser library for C++ (development files) libxerces-c-doc - validating XML parser library for C++ (documentation) libxerces-c-samples - validating XML parser library for C++ (compiled samples) libxerces-c3.1 - validating XML parser library for C++ Closes: 780827 Changes: xerces-c (3.1.1-5.1) unstable; urgency=high . * Non-maintainer upload. * Add CVE-2015-0252.patch patch. CVE-2015-0252: Apache Xerces-C XML parser crashes on malformed input. (Closes: #780827) Checksums-Sha1: 7fc880ce7365a50ec492e5f2d1f64985a4f0d324 1937 xerces-c_3.1.1-5.1.dsc f958a10ba4526853ca96bf286a979069e0429e7f 7008 xerces-c_3.1.1-5.1.debian.tar.xz 7619c5436ba44404d53fdfcb2a8db06970bfa68e 1294666 libxerces-c-doc_3.1.1-5.1_all.deb Checksums-Sha256: 91e32be662356395adb6c2a1f4f0662dd1c1b637497334a5532e2acd9eaf5202 1937 xerces-c_3.1.1-5.1.dsc 1bec9a65f745d12e528710018d87800cf5a412452b1ab3a2d2a231de74930e1e 7008 xerces-c_3.1.1-5.1.debian.tar.xz 89b0ecc8bb65a15e39fb00ca6bee79485ceeff77b293d726624cbf797de42720 1294666 libxerces-c-doc_3.1.1-5.1_all.deb Files: b8482444bc286519181802b39d98aa3e 1937 libs optional xerces-c_3.1.1-5.1.dsc 2beb82692e72d7b84699f6401f37fc31 7008 libs optional xerces-c_3.1.1-5.1.debian.tar.xz 81c0370786743bce507f889fb2911d3a 1294666 doc optional libxerces-c-doc_3.1.1-5.1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVDGwLAAoJEAVMuPMTQ89ETNkP/0zv35L4lv809zzUPUDvCLK1 3NjfKVnm1PRHBFgAWCkHcGGVbP9qI3e6LS291ryHfY+ld1WI2pWKPOemWo+CEMv1 HrDChAnHaL1DqBdruACQaJ1zkcdwi+p/8kv9PQPhLvfXeCgRqZNyd349vR9P647A NNqlEfHVdQ8PQS/D5i68tqrrf4WRvms8YrTyodt27bO/s8NkAXp9zD6N5i02kS3t bWxq3IJqLryBSoFISsGBT4pDNqcgZh35oMS9IPxwj7Oe1ubBq94qw2hXB4SSXyV7 INJe44MuFq2ytPzLPBBKreXVArCUr6zoWCb7OpD2kDZzXC+K2r2tIvrAJlC/aOh4 DXMDthkjgol1tWdTKGDhFtJEKTgFwtyxcUFyeymjPqoUFnZo6mryjUfvQsJL69wS WCz66hcybaEZ70GZ2V2EGSoTOGXvcb1lUYggg5+aI4ioe9eHVDRAu3Ao+eDSHbdC MbrqBq/e/I8mR9wUvyLLrQ3bc9hhxR3y+t0ijEUtF9DvGcjJ4V5t1R4E4fxBvNx5 zm4BKTyCxUkKRdJJwqIpi7NnQiB+ZUn0Dt9/j3zVV8me1wqi0Z9Tleziux//neo6 /sINCNvNiSq2dlvcErvvd6mcn47IsqObw4NK3SK4tcqtA8IIPillZNrTfnDUxGs+ JwL/w9IqKIVcHrAGVGgt =BCEP -----END PGP SIGNATURE-----
--- End Message ---
