[Bug 1186860] Re: Hash collision vulnerability in xml-light

2013-06-06 Thread Launchpad Bug Tracker
This bug was fixed in the package xml-light - 2.2-12ubuntu0.12.04.1 --- xml-light (2.2-12ubuntu0.12.04.1) precise-security; urgency=low * SECURITY-UPDATE: Fix to prevent hash collision attack (LP: #1186860) - debian/patches/05_CVE_2012_3514.dpatch: dtd.ml: Use Map(String) instea

[Bug 1186860] Re: Hash collision vulnerability in xml-light

2013-06-06 Thread Launchpad Bug Tracker
This bug was fixed in the package xml-light - 2.2-12ubuntu0.10.04.1 --- xml-light (2.2-12ubuntu0.10.04.1) lucid-security; urgency=low * SECURITY-UPDATE: Fix to prevent hash collision attack (LP: #1186860) - debian/patches/05_CVE_2012_3514.dpatch: dtd.ml: Use Map(String) instead

[Bug 1186860] Re: Hash collision vulnerability in xml-light

2013-06-06 Thread Marc Deslauriers
Looks good, ACK. Thanks for the debdiffs, they will be published today. ** Changed in: xml-light (Ubuntu Lucid) Status: New => Fix Committed ** Changed in: xml-light (Ubuntu Precise) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubu

[Bug 1186860] Re: Hash collision vulnerability in xml-light

2013-06-06 Thread Dmitry Shachnev
** Also affects: xml-light (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: xml-light (Ubuntu Precise) Importance: Undecided Status: New ** Changed in: xml-light (Ubuntu) Status: New => Fix Released -- You received this bug notification because you ar

[Bug 1186860] Re: Hash collision vulnerability in xml-light

2013-06-05 Thread Christian Kuersteiner
Lucid debdiff with right version. Tests done on both debdiffs: Builds with pbuilder. Can install and upgrade cleanly. Parses simple xml files (tests done with included test.ml) ** Patch added: "lp1186860-lucid-1.debdiff" https://bugs.launchpad.net/ubuntu/+source/xml-light/+bug/1186860/+attach

[Bug 1186860] Re: Hash collision vulnerability in xml-light

2013-06-05 Thread Christian Kuersteiner
Precise debdiff with right version. ** Patch added: "lp1186860-precise-1.debdiff" https://bugs.launchpad.net/ubuntu/+source/xml-light/+bug/1186860/+attachment/3695033/+files/lp1186860-precise-1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is su

[Bug 1186860] Re: Hash collision vulnerability in xml-light

2013-06-04 Thread Marc Deslauriers
Thanks for the debdiffs. For precise, use 2.2-12ubuntu0.12.04.1, and for lucid, use 2.2-12ubuntu0.10.04.1. Please describe the testing you performed to ensure xml-light still worked after applying the patch. -- You received this bug notification because you are a member of Ubuntu Bugs, which is

[Bug 1186860] Re: Hash collision vulnerability in xml-light

2013-06-03 Thread Christian Kuersteiner
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-3514 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1186860 Title: Hash collision vulnerability in xml-light To manage notificat

[Bug 1186860] Re: Hash collision vulnerability in xml-light

2013-06-03 Thread Christian Kuersteiner
Lucid patch. I'm not sure if the versioning is right, since now precise and lucid have the same version? ** Patch added: "lp1186860-lucid.debdiff" https://bugs.launchpad.net/ubuntu/+source/xml-light/+bug/1186860/+attachment/3693335/+files/lp1186860-lucid.debdiff -- You received this bug noti

[Bug 1186860] Re: Hash collision vulnerability in xml-light

2013-06-02 Thread Christian Kuersteiner
Precise patch ** Patch added: "lp1186860-precise.debdiff" https://bugs.launchpad.net/ubuntu/+source/xml-light/+bug/1186860/+attachment/3693254/+files/lp1186860-precise.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https: