Your message dated Mon, 31 Oct 2022 16:04:53 +0000 with message-id <e1opxhr-009bu5...@fasolo.debian.org> and subject line Bug#1022224: fixed in libxml2 2.9.14+dfsg-1.1 has caused the Debian Bug report #1022224, regarding libxml2: CVE-2022-40303: Integer overflows with XML_PARSE_HUGE to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1022224: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022224 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libxml2 Version: 2.9.14+dfsg-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for libxml2. CVE-2022-40303[0]: | Integer overflows with XML_PARSE_HUGE If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-40303 https://www.cve.org/CVERecord?id=CVE-2022-40303 [1] https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libxml2 Source-Version: 2.9.14+dfsg-1.1 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of libxml2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1022...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libxml2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 30 Oct 2022 11:18:06 +0100 Source: libxml2 Architecture: source Version: 2.9.14+dfsg-1.1 Distribution: unstable Urgency: medium Maintainer: Debian XML/SGML Group <debian-xml-sgml-p...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 1022224 1022225 Changes: libxml2 (2.9.14+dfsg-1.1) unstable; urgency=medium . * Non-maintainer upload. * Fix integer overflows with XML_PARSE_HUGE (CVE-2022-40303) (Closes: #1022224) * Fix dict corruption caused by entity reference cycles (CVE-2022-40304) (Closes: #1022225) Checksums-Sha1: e57c6121b412173f773d960f5f51e0c174c1c633 3078 libxml2_2.9.14+dfsg-1.1.dsc 7b8dab3e0e6a3176ab83be9cb69db76e2e8f3121 32820 libxml2_2.9.14+dfsg-1.1.debian.tar.xz Checksums-Sha256: ed31c56a4ecec3acbed5012fa5f1a2e23059d89eab938d5c66e809d9ae9bbf8d 3078 libxml2_2.9.14+dfsg-1.1.dsc 9a6d8cfcd1cab9ef2130c6e28e2d63c9eb789c3f6e8d25e2e702694f3049ef9a 32820 libxml2_2.9.14+dfsg-1.1.debian.tar.xz Files: 50a41ce15477818c75e16a5b6972a9d4 3078 libs optional libxml2_2.9.14+dfsg-1.1.dsc ce64ba9c8243518c40acd49d75736713 32820 libs optional libxml2_2.9.14+dfsg-1.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmNeUBRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E3N4P/iWKWh72yCXaOPvR0N+zNgrK68+F4U9I G4o1i7IDTOIh4E08pgsxF5iSPCTirf9XfeEvLl39R/+JjCdkn8OmYEhFqzOiqxaV G15nqFowHuhOsoi97Js0UXyj+PoMOODCG5tc5Kst019UOJA6hq/8qQGcof8G8t/l 1uluQyVNEU8o5GQTKIp46LEJO20jVC6sDCRRnaevVsPYq45kddoUcAfHhZ8YgQ8t yZXvfCPVJhwIfdoTarFWL5VJZjQ2rBxsAVOP6PdUtiahz/QBZaM9pZyBx6QyoNuu SWI7qft9kBVkoDAp8Cm4+/jng+DGVh01NHA6WdFyevaOWNFhJZIJOoYMKD3joLjI 8gXQhr5dulHp0ln0HLeOJanqY922Xwh0BVISTRZaW651MewIBC8/zOOHYaXgOgDP 1FeWvF/HOVxtX0oUB2pdU4siLHugBChKHL3ZojDN4o0I7VAXvclw3UOgdIC7bGy6 ZePgHIE0wyyHxr4Jj+omqTmG08zcTCpZZtHGONnCMsvxilTZKtX/1nDQumfzDz9K ykT83wDNExRFjgIrxuFFKN7C1X2WnM0kTMoriDOa6SzkXs2U402kAluezaZqPy0j MujIR0vDc6dfbnFGYaEKfj+dZokSBAnLI8eVL/uIcH065fTkQh9fZDP+9PhIcRj3 XZdtC8LYg+EM =8gEE -----END PGP SIGNATURE-----
--- End Message ---
