Your message dated Sun, 29 Oct 2017 12:49:41 +0000 with message-id <e1e8n25-000frp...@fasolo.debian.org> and subject line Bug#866676: fixed in libxml-libxml-perl 2.0128+dfsg-4 has caused the Debian Bug report #866676, regarding libxml-libxml-perl: CVE-2017-10672: Use-after-free in XML::LibXML::Node::replaceChild to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 866676: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866676 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libxml-libxml-perl Version: 2.0116+dfsg-1 Severity: grave Tags: security upstream Forwarded: https://rt.cpan.org/Ticket/Display.html?id=122246 Hi, the following vulnerability was published for libxml-libxml-perl. Filling this one for now as severity grave, but we might adjust later the severity if not appropriate. CVE-2017-10672[0]: | Use-after-free in the XML-LibXML module through 2.0129 for Perl allows | remote attackers to execute arbitrary code by controlling the arguments | to a replaceChild call. There is no upstream fix yet. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-10672 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10672 [1] https://rt.cpan.org/Ticket/Display.html?id=122246 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libxml-libxml-perl Source-Version: 2.0128+dfsg-4 We believe that the bug you reported is fixed in the latest version of libxml-libxml-perl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 866...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libxml-libxml-perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 29 Oct 2017 13:26:40 +0100 Source: libxml-libxml-perl Binary: libxml-libxml-perl Architecture: source Version: 2.0128+dfsg-4 Distribution: experimental Urgency: medium Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 866676 Description: libxml-libxml-perl - Perl interface to the libxml2 library Changes: libxml-libxml-perl (2.0128+dfsg-4) experimental; urgency=medium . * Team upload. * CVE-2017-10672: Use-after-free by controlling the arguments to a replaceChild call (Closes: #866676) * Declare compliance with Debian policy 4.1.1 Checksums-Sha1: 384d5fe88a73ec0041f1624c54e2f6a6dc3b8223 2407 libxml-libxml-perl_2.0128+dfsg-4.dsc 472878aa3a79bf6637924e2f387511318ed83e0e 12244 libxml-libxml-perl_2.0128+dfsg-4.debian.tar.xz Checksums-Sha256: 1ff0c573ff9cb0179181aba6083e3021519f08d49ae818166e145bd9df3315aa 2407 libxml-libxml-perl_2.0128+dfsg-4.dsc a99898bc20c87515c8b905cb92302b7a8ba7169745e4eb0333b21981a5a1ca82 12244 libxml-libxml-perl_2.0128+dfsg-4.debian.tar.xz Files: 0ab1c9033a849657d3a7c656a5fdc0c8 2407 perl optional libxml-libxml-perl_2.0128+dfsg-4.dsc 3935707b074554dfa464dc45ace1a966 12244 perl optional libxml-libxml-perl_2.0128+dfsg-4.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAln1zIBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E+ZIP/1wunU7OcsNfs8no84u3WraArZMOyT9Q LD45vTtAXX0mvnC8rpVVxwO2TiOYsv5joGobO2SU+mYu4jOAjkUHJuSkQZA2SzXp BHmzLRQmjhf16fgqSccnmPxETn3hmEOWudeGW+QBDAA2PX63xak9CZBAtk0QS9Cw aEE/FRZ2ZLDLBXVuTp8yghnQ6CYJZeKfOo0sM+oVyYl7vdUk7tthuZyaStTub8U/ ntbgasgBlKqXS4bTdEhvbkeGRLBfFHnUD91pG80/8kQgfd5bLSg+roHBSh3w8dhv 7YFTC0kNB5OczJgjeHlhn5gFfc0iv6wjb55LC1KMk74BHLM0Wj8eTHKn8qN12JD3 WPofHPuF2ZaZDYvqJvvIn/qCzLutF87z1l4nFWrDt1KjLmS4LC09s6PpUdUKoB2+ KDV3e7JiJZT+QVQPPKq2CmsmvOre1iiIUsfU3/SAC1fphshP9IXHXMrWjGoNm+Qg 8DPO5pW0RE+L9LfFTVGpv/pp0YvgY6rgh7gcGpli09mgBAyXgrd78UK4l6e6wS++ AHKZzYN5ku0fGnNv5yDk4s1RRcer+YDcyzLbS3d4PY6k8YvpHa08v+FasnkP3a4f Q9+7LMt32D/YUOr9WFcmk9RMxCsgdK6izoEUBLcw+njJaJxz3q4EvzHy/AEjKFjR Tw8GY5bZkdPy =b4Ys -----END PGP SIGNATURE-----
--- End Message ---
