Your message dated Sun, 30 Oct 2016 16:35:36 +0000 with message-id <e1c0t56-000eng...@fasolo.debian.org> and subject line Bug#840553: fixed in libxml2 2.9.4+dfsg1-2.1 has caused the Debian Bug report #840553, regarding libxml2: CVE-2016-4658 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 840553: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840553 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libxml2 Version: 2.9.4+dfsg1-2 Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for libxml2. CVE-2016-4658[0]: | libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and | watchOS before 3 allows remote attackers to execute arbitrary code or | cause a denial of service (memory corruption) via a crafted XML | document. Although the MITRE description at the moment explicitly mention that as Apple related, the upstream commit is now know as [1]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-4658 [1] https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libxml2 Source-Version: 2.9.4+dfsg1-2.1 We believe that the bug you reported is fixed in the latest version of libxml2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 840...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libxml2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 30 Oct 2016 16:30:55 +0100 Source: libxml2 Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg python3-libxml2 python3-libxml2-dbg Architecture: all source Version: 2.9.4+dfsg1-2.1 Distribution: unstable Urgency: medium Maintainer: Debian XML/SGML Group <debian-xml-sgml-p...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 840553 840554 Description: libxml2 - GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-utils - XML utilities libxml2-utils-dbg - XML utilities (debug extension) python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) python3-libxml2 - Python3 bindings for the GNOME XML library python3-libxml2-dbg - Python3 bindings for the GNOME XML library (debug extension) Changes: libxml2 (2.9.4+dfsg1-2.1) unstable; urgency=medium . * Non-maintainer upload. * Fix comparison with root node in xmlXPathCmpNodes * Fix XPointer paths beginning with range-to (CVE-2016-5131) (Closes: #840554) * Disallow namespace nodes in XPointer ranges (CVE-2016-4658) (Closes: #840553) * Fix more NULL pointer derefs in xpointer.c Checksums-Sha1: 267a7d892b9be45ab462d18e2a3aafe2ff45303b 2992 libxml2_2.9.4+dfsg1-2.1.dsc a87cdd246581b9c16e76d85f370ce940261570c8 28036 libxml2_2.9.4+dfsg1-2.1.debian.tar.xz e28016a9d650ec40e7e53a0c17dbc5ad0c7af18f 828180 libxml2-doc_2.9.4+dfsg1-2.1_all.deb Checksums-Sha256: be01780a7b7bf2531e065c8b783ab425d4fb03ab4d1b61386be7be636be913b3 2992 libxml2_2.9.4+dfsg1-2.1.dsc e71790a415e5d6b4a6490040d946d584fa79465571da3b186cc67b8f064cd104 28036 libxml2_2.9.4+dfsg1-2.1.debian.tar.xz a42c045e2edc5007b4b5bb0608ef59f6dd59faa7766de891ae780f9f2a2559ea 828180 libxml2-doc_2.9.4+dfsg1-2.1_all.deb Files: adafe65e8fe3d1f22f4b4f81b35bfecb 2992 libs optional libxml2_2.9.4+dfsg1-2.1.dsc 08fd0b330d3b53b6d5eac185fb2c9973 28036 libs optional libxml2_2.9.4+dfsg1-2.1.debian.tar.xz bc9ea1f1b544d7fadea851721c174282 828180 doc optional libxml2-doc_2.9.4+dfsg1-2.1_all.deb -----BEGIN PGP SIGNATURE----- iQKPBAEBCgB5BQJYFhObXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0NjQ0NDA5ODA4QzE3MUUwNTUzMURERUUw NTRDQjhGMzEzNDNDRjQ0EhxjYXJuaWxAZGViaWFuLm9yZwAKCRAFTLjzE0PPRL8q D/4gV9gt4FkmQzYNlzznVJnx9cNcqgoZzi91H3Ap9vFpJy80XAJT1w32joBjINxu boZuOV6Bo4rJt3zHHdprIlqYyAdKjxXIHHePAlFU8FutRPsU9EE76qeho/ovR/GT Crq2YZatqXmvgJqzOMM3SSVOFw5WL9xbin8qiI69TPFAW4x6M2LDUAbSWze5ekHa yhRvzuZHAvWlBAPCSkfLo02m1RNv4y1dr29hMRGkX9ZSW1fdSzXrhfodinMInUL2 aJBkmc+hU8wb5SSdwvQsHjjN1Xu55KqNWv9J8/XIddcsCAqzxqNFEc3tJL0l99yk 5S9wxSZAv1XOa3WXl5kgHtlr2zzqGIXiyeCP6HMmGhCVuzBMb2PdLQE4jYAD2q8O U7zigLerh4aJiCl6JR1HbPyzptixdBQkdP/knoW7ZwvPFnf3k9oHl2GgFAD1M7L7 hRBx2H4TOTDN8vTu5NDRyNitU34SijEdI9C2pbUqXADOdxnn1Cjec8NgtaXQ7Anq 0qkVcj2Mkw5ppqdA/omP6I3grlthQT/nuNrBm/p58kMrKxlv6bhvjBL4qreHi8Q5 up1xrLTeBYiAtTXldBTjVx8HF5KgyjErE2tJgkaA3rlFJ2m40rb4ZHI8a+0OWT8G XHj1Hxv3xzxsbAL76/xa7CdL3qyA25hy1FUxAgtBwdnqOQ== =SiRy -----END PGP SIGNATURE-----
--- End Message ---
