Your message dated Sun, 19 Nov 2017 22:47:09 +0000 with message-id <e1egymn-000eb9...@fasolo.debian.org> and subject line Bug#866676: fixed in libxml-libxml-perl 2.0128+dfsg-1+deb9u1 has caused the Debian Bug report #866676, regarding libxml-libxml-perl: CVE-2017-10672: Use-after-free in XML::LibXML::Node::replaceChild to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 866676: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866676 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libxml-libxml-perl Version: 2.0116+dfsg-1 Severity: grave Tags: security upstream Forwarded: https://rt.cpan.org/Ticket/Display.html?id=122246 Hi, the following vulnerability was published for libxml-libxml-perl. Filling this one for now as severity grave, but we might adjust later the severity if not appropriate. CVE-2017-10672[0]: | Use-after-free in the XML-LibXML module through 2.0129 for Perl allows | remote attackers to execute arbitrary code by controlling the arguments | to a replaceChild call. There is no upstream fix yet. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-10672 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10672 [1] https://rt.cpan.org/Ticket/Display.html?id=122246 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libxml-libxml-perl Source-Version: 2.0128+dfsg-1+deb9u1 We believe that the bug you reported is fixed in the latest version of libxml-libxml-perl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 866...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libxml-libxml-perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 18 Nov 2017 09:16:17 +0100 Source: libxml-libxml-perl Binary: libxml-libxml-perl Architecture: source Version: 2.0128+dfsg-1+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 866676 Description: libxml-libxml-perl - Perl interface to the libxml2 library Changes: libxml-libxml-perl (2.0128+dfsg-1+deb9u1) stretch-security; urgency=high . * Team upload. * CVE-2017-10672: Use-after-free by controlling the arguments to a replaceChild call (Closes: #866676) Checksums-Sha1: 0a4403d0df991228b4adbb756514044dcdbb4b71 2500 libxml-libxml-perl_2.0128+dfsg-1+deb9u1.dsc ef0a0c31f71e50109cf9e459edf9db79ba587a01 402453 libxml-libxml-perl_2.0128+dfsg.orig.tar.gz 82e3c055c743dfc886871285dbc6b9d8f1f738e2 12152 libxml-libxml-perl_2.0128+dfsg-1+deb9u1.debian.tar.xz Checksums-Sha256: 85e95fe670faeae8193e0d2490b637280488aa7caa82ed61707117fde73edce1 2500 libxml-libxml-perl_2.0128+dfsg-1+deb9u1.dsc 6c2aaeb77669f2de7a167d320233f9626002e4c6de06145edbe76d5e280e5e5a 402453 libxml-libxml-perl_2.0128+dfsg.orig.tar.gz 03aee0b82f700595e2b05e36ce4ebe55542e23e21c2ee23225d1728ec7fb0964 12152 libxml-libxml-perl_2.0128+dfsg-1+deb9u1.debian.tar.xz Files: 03b661a7d12134ede3100cb1378ca254 2500 perl optional libxml-libxml-perl_2.0128+dfsg-1+deb9u1.dsc c0887cdb42acb06324e01e71704b521f 402453 perl optional libxml-libxml-perl_2.0128+dfsg.orig.tar.gz 2b8205203be1ad2535dd176e42b80316 12152 perl optional libxml-libxml-perl_2.0128+dfsg-1+deb9u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAloP7O1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EqFMP/R9VrZTOmKI8txvYxySywPUIvePCQXN/ DJD9iDrvP19KWCuCBcqj0/WzQbFh4ioVl6iDrEuU1o5FAw2X8lkHWm6Mes9+dwZj IUOakJifVYG0n4g/CYVdfbSJPc4N7T7BZ8A+aUYoYWYID9qsM6ckwLp1jhgthxMR D9bSnktgtdZ+nGYDIXHUkm9OYb0NAH4ps5aUS2pZDEvzixCuZvDUgs4E3nyucLx6 LnowU4U1M63+umvcQJAZgkkkLHfKeLPkAEfcIcJPDFpRs7YIa9awkIvB7A/EKpT/ /HSkmXizCG/UmcCKCNsvimB5IM81tffayLXlwT+hjAyBh6p/VI3Jcf+10uuI4Wmp TYUjq7R3/KyOPGqGDeKXf8jQGC0OM1rS3xN1+2Z2iMsnrgD2Fo8jEt5j3RsHy18A HS0MT9pAPERJQ94RBUSROanYYQFvdWuVFgUyan+60e1qifF5c8CbYGRWk4dcLRqr K0HxtIvAm3TXoD4vBqrH+A0nIYlLWez2QhKus2W3LAghThMpY7K1et2DEpWjXlPX VThL8Uou5tTFNCHyUj2IylunQqCth45uNR/D2ZyZdWVTEyNRge/gIIsS67ZmCxD/ QaK/J6vKW3lIl/cmM1o5T9BTwwuGgzpOgpEKsxXc3OeEDKb77Ho1uHtvu3qHGRLk buXhXPupxov5 =NH/n -----END PGP SIGNATURE-----
--- End Message ---
