Your message dated Tue, 04 Aug 2015 21:17:50 +0000 with message-id <e1zmjao-0007is...@franck.debian.org> and subject line Bug#793484: fixed in expat 2.1.0-1+deb7u2 has caused the Debian Bug report #793484, regarding expat: CVE-2015-1283: Multiple integer overflows in the XML_GetBuffer function to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 793484: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793484 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: expat Severity: grave Tags: security patch Hi, the following vulnerability was published for expat. CVE-2015-1283[0]: | Multiple integer overflows in the XML_GetBuffer function in Expat | through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other | products, allow remote attackers to cause a denial of service | (heap-based buffer overflow) or possibly have unspecified other impact | via crafted XML data, a related issue to CVE-2015-2716. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-1283 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283 Please adjust the affected versions in the BTS as needed. It looks like that Mozilla wrote a patch here: https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c And chromium reused that patch too. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/
--- End Message ---
--- Begin Message ---Source: expat Source-Version: 2.1.0-1+deb7u2 We believe that the bug you reported is fixed in the latest version of expat, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 793...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Laszlo Boszormenyi (GCS) <g...@debian.org> (supplier of updated expat package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 24 Jul 2015 15:57:09 +0000 Source: expat Binary: lib64expat1-dev lib64expat1 libexpat1-dev libexpat1 libexpat1-udeb expat Architecture: source amd64 Version: 2.1.0-1+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <g...@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <g...@debian.org> Description: expat - XML parsing C library - example application lib64expat1 - XML parsing C library - runtime library (64bit) lib64expat1-dev - XML parsing C library - development kit (64bit) libexpat1 - XML parsing C library - runtime library libexpat1-dev - XML parsing C library - development kit libexpat1-udeb - XML parsing C library - runtime library (udeb) Closes: 793484 Changes: expat (2.1.0-1+deb7u2) wheezy-security; urgency=high . * Fix CVE-2015-1283, multiple integer overflows in the XML_GetBuffer function (closes: #793484). Checksums-Sha1: 82c59697c82e9b6eeca634c7f8e6903174dbae9c 2177 expat_2.1.0-1+deb7u2.dsc 9fb2ace86afecdf8437ac15d52d8f549b54b5531 12424 expat_2.1.0-1+deb7u2.debian.tar.gz 11f3741d610a750c1ab1b30b79417d8e19fbf912 222480 libexpat1-dev_2.1.0-1+deb7u2_amd64.deb cd46ae8e4b187bdb0436fd6231cc6509ca16d451 138896 libexpat1_2.1.0-1+deb7u2_amd64.deb f444c73f72c17c6a97705b133f315fe2f7cf0810 52698 libexpat1-udeb_2.1.0-1+deb7u2_amd64.udeb 6a50b28b261537c3cd3acd4b120164c3bb869844 25964 expat_2.1.0-1+deb7u2_amd64.deb Checksums-Sha256: 1735d42012c5121cf610b86cb622258290524305756217a03b91a399d528d1ce 2177 expat_2.1.0-1+deb7u2.dsc 57ec7e3545669725ec0ffd13b39db7a10c5e5257fbfa1f31ea3b459482ee394c 12424 expat_2.1.0-1+deb7u2.debian.tar.gz 0e98c2262b84f3a18acc7571f8e5b69bee235d07413f51cc6c6b108ea07b6bbb 222480 libexpat1-dev_2.1.0-1+deb7u2_amd64.deb 1bc45d06071851b5ffb9cd34f917a94f3024bfd7a81d067da2efc4d12abfa2df 138896 libexpat1_2.1.0-1+deb7u2_amd64.deb d0399a73036b176caa96524688476c3113ef0e648678eafbef0abb95255ecba4 52698 libexpat1-udeb_2.1.0-1+deb7u2_amd64.udeb cee98e61443a85b70d697699f4f1fac4300a8ddb4f9f6515bac6a32859336459 25964 expat_2.1.0-1+deb7u2_amd64.deb Files: 294f70a71b39290e6b636ee121938393 2177 text optional expat_2.1.0-1+deb7u2.dsc 3a5861fe791ffb0ed49962f82cc09311 12424 text optional expat_2.1.0-1+deb7u2.debian.tar.gz b4e5c6d683a6e7b892690c33e434ea2b 222480 libdevel optional libexpat1-dev_2.1.0-1+deb7u2_amd64.deb 38e63077970391d7b153c5bc2421ceba 138896 libs optional libexpat1_2.1.0-1+deb7u2_amd64.deb 7861f02b394984c0a365b012dec6ec72 52698 debian-installer extra libexpat1-udeb_2.1.0-1+deb7u2_amd64.udeb bfe488882e97ce3758187e11ec66d89c 25964 text optional expat_2.1.0-1+deb7u2_amd64.deb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJVs6yfAAoJENzjEOeGTMi/EToP/3WqLL5il553AUXD6HFUwrof F/ADD0V+ScFTt7QMe26ebgwnODPvdxdBRhFQfA4WnEvrSqxPutYz6oKUd0o7JKIK 9k3Bd13D6qjf0S7x3tHpGwpY/THEykA/BqW3QgmVnQhOCHz+sqDIFXK+7JwCzr+/ oLkZmBmg38nXT0SO9mlx1Se6s/vhgmsOQEVZ6L/+MrFcTvH9qsxbJ8Fv5EoVkLE5 kDGK2OTujaHc1fpwVA9WmMSNs7vPua+yte9y9uhNGQGyDLaxVAquezkKWNTG6h+K covlJkYitBHkTlfTjULuR0Id/vqB/fwx0uLKMbTDtdmq59HBFeI8MFMKZhf3NEBL bYsVDHUS6yYUtOq97W9bcPXijAqv9J4iDEsdM7ijYdXt4MLCFl++kIve3+LIpGCF VGXtPjIvSwDiBPq7QbavaiKLZg6bI6SPEcm5Kux8iQegAvTE9gUEM6qByFukPhyx 0s2Pq1l80xrCp+ly1OGeVAnFXX5+n15c+omBZCpAOfmaZyPaG36s+ZWZQOIMtQ7b XDgraYoFmOnRjQ00cD73wPemxjqaw8AciYK/bMtQ9M/2LI9gZcf62zDrIVwMhnUF Ih+uT6yfkxlUeJFYt9gUtAQgdNXmKVRYRnoBWnVKyg12j9H436si6rNyTewj6Efe EJXPPA7mLdb4BFHTQV8H =Agnt -----END PGP SIGNATURE-----
--- End Message ---
