Your message dated Wed, 18 May 2016 22:54:02 +0000 with message-id <e1b3alq-0006zg...@franck.debian.org> and subject line Bug#823863: fixed in xerces-c 3.1.1-5.1+deb8u2 has caused the Debian Bug report #823863, regarding xerces-c: CVE-2016-2099: use-after-free to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 823863: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823863 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: xerces-c Version: 3.1.1-1 Severity: grave Tags: security upstream patch Forwarded: https://issues.apache.org/jira/browse/XERCESC-2066 Hi, the following vulnerability was published for xerces-c. CVE-2016-2099[0]: use-after-free If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-2099 [1] https://issues.apache.org/jira/browse/XERCESC-2066 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: xerces-c Source-Version: 3.1.1-5.1+deb8u2 We believe that the bug you reported is fixed in the latest version of xerces-c, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 823...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated xerces-c package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 14 May 2016 05:45:10 +0200 Source: xerces-c Binary: libxerces-c3.1 libxerces-c-dev libxerces-c-doc libxerces-c-samples Architecture: all source Version: 3.1.1-5.1+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Jay Berkenbilt <q...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 823863 Description: libxerces-c-dev - validating XML parser library for C++ (development files) libxerces-c-doc - validating XML parser library for C++ (documentation) libxerces-c-samples - validating XML parser library for C++ (compiled samples) libxerces-c3.1 - validating XML parser library for C++ Changes: xerces-c (3.1.1-5.1+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2016-2099: Use-after-free in heap on specially crafted XML input (Closes: #823863) Checksums-Sha1: 175d8f626fef082d6ac954437c65c9043e985c57 1965 xerces-c_3.1.1-5.1+deb8u2.dsc eb96d10c6dde58c0e2960ede2d9d7ccf3002edc9 8928 xerces-c_3.1.1-5.1+deb8u2.debian.tar.xz e6e2df3c96e6cb610c2b6d51989c8f0b0c0f2554 1294914 libxerces-c-doc_3.1.1-5.1+deb8u2_all.deb Checksums-Sha256: 4b93a2dd309c6cf34366037af0dd5fd5bec5da33eea3b930f273f49efde55cec 1965 xerces-c_3.1.1-5.1+deb8u2.dsc 9426a484224bdaf996b1b5cf39c2027f426fe6c54c3c3db2a6fece2f8c8c4e64 8928 xerces-c_3.1.1-5.1+deb8u2.debian.tar.xz 0f39cddabbbb00d2d2e1a5fe820599dd114999f1fab6fd986ea8f01064120aa7 1294914 libxerces-c-doc_3.1.1-5.1+deb8u2_all.deb Files: f2b08e78b6019ca9c89df05e4d7d3bd6 1965 libs optional xerces-c_3.1.1-5.1+deb8u2.dsc 4386583b1ec44de4e6f6a02b0fe78abc 8928 libs optional xerces-c_3.1.1-5.1+deb8u2.debian.tar.xz 320c873a10cc33c6b726b3c09490d61c 1294914 doc optional libxerces-c-doc_3.1.1-5.1+deb8u2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJXNqXLAAoJEAVMuPMTQ89EwLwP/A6aCdyxxM9+LesScJVheW8y mUS9FLfZCkH7BO62bE1OYC0bCWTSRbW2SbhSJTtUaEKv2ig+UZrjMw+EIBW+tn6u VParYsopzKljbeueWh33lP3wtlKtj5q914FeogJvy86dYzLHhovHZjhSDUgaujqw uC19ve5h6VjrPjpdlcW2AeankrUDsBYNe32LJrSLcjAGlrF05WolEyAb0ARwuhJW m1CfAiEfdFGVC87w/W5r2BEqDwRDEzvTD2zQx8cTtjlX+Z4prIvk7JbhN5P7JiPe GnsjBjXmSCtaxzB3vF2g9DRUHNCXehfVPF4MvzjhoJbYNffaIypdk3z1kLzJ4PML SMm11170MPmTqnLmj9SVHuPnq9F2FZqZG1iErkxI8HlxVcHFMRTEeq/EpPCEAAL7 82to3F2lVSp0TM/4J09fPajqkti7ARGcH8NgNxzV/FEZlk3Tb5nmvRlopTlWUtLJ vlTTzarD/Y7P8xYCXlAFHMFxvL3MXrPc++vhqhqvWXuGeKhQ10DBA1u58hhGlY2r TmGTFwja574nLoNsOZrhPcRKkf1mwDkX+f74rkcEurCKNc591eMMQXxIa1d0AGSt wobDCTRWcpENLbXfPYcfth/mHwEV61gEYt3IhbMPyCKGnYZ/1A/oyyuQGlcW+mIH EaMuPzQjcXr01HK9LBtZ =hdlY -----END PGP SIGNATURE-----
--- End Message ---
