Your message dated Fri, 29 Jan 2010 11:04:07 +0000
with message-id <e1naodz-00045z...@ries.debian.org>
and subject line Bug#548358: fixed in libxerces2-java 2.9.1-4.1
has caused the Debian Bug report #548358,
regarding libxerces2-java: CVE-2009-2625 infinite loop denial of service in
libxerces2-java
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
548358: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548358
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libxerces2-java
Version: 2.9.1-2
Severity: normal
Discussed here:
http://mail-archives.apache.org/mod_mbox/xerces-j-users/200908.mbox/thread
Michael Glavassevich claims this is fixed in Xerces Java subversion here:
http://marc.info/?l=xerces-cvs&m=124569778024398&w=2
-- System Information:
Debian Release: 5.0.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libxerces2-java depends on:
ii libjaxp1.3-java 1.3.04-3 Java XML parser and transformer AP
ii sun-java5-jre [java2-runtim 1.5.0-17-0.1 Sun Java(TM) Runtime Environment (
ii sun-java6-jre [java2-runtim 6-12-1 Sun Java(TM) Runtime Environment (
Versions of packages libxerces2-java recommends:
ii libxerces2-java-gcj 2.9.1-2 Validating XML parser for Java wit
Versions of packages libxerces2-java suggests:
pn libxerces2-java-doc <none> (no description available)
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: libxerces2-java
Source-Version: 2.9.1-4.1
We believe that the bug you reported is fixed in the latest version of
libxerces2-java, which is due to be installed in the Debian FTP archive:
libxerces2-java-doc_2.9.1-4.1_all.deb
to main/libx/libxerces2-java/libxerces2-java-doc_2.9.1-4.1_all.deb
libxerces2-java-gcj_2.9.1-4.1_i386.deb
to main/libx/libxerces2-java/libxerces2-java-gcj_2.9.1-4.1_i386.deb
libxerces2-java_2.9.1-4.1.diff.gz
to main/libx/libxerces2-java/libxerces2-java_2.9.1-4.1.diff.gz
libxerces2-java_2.9.1-4.1.dsc
to main/libx/libxerces2-java/libxerces2-java_2.9.1-4.1.dsc
libxerces2-java_2.9.1-4.1_all.deb
to main/libx/libxerces2-java/libxerces2-java_2.9.1-4.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 548...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <iucul...@debian.org> (supplier of updated libxerces2-java
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 29 Jan 2010 11:19:09 +0100
Source: libxerces2-java
Binary: libxerces2-java libxerces2-java-gcj libxerces2-java-doc
Architecture: source all i386
Version: 2.9.1-4.1
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Giuseppe Iuculano <iucul...@debian.org>
Description:
libxerces2-java - Validating XML parser for Java with DOM level 3 support
libxerces2-java-doc - Validating XML parser for Java -- Documentation and
examples
libxerces2-java-gcj - Validating XML parser for Java with DOM level 3 support
(native c
Closes: 548358
Changes:
libxerces2-java (2.9.1-4.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixed CVE-2009-2625: denial of service (infinite loop and application hang)
via malformed XML input (Closes: #548358)
Checksums-Sha1:
250b8d442b4acc2a72056eb3fa51e49bdc21ec95 1556 libxerces2-java_2.9.1-4.1.dsc
e4f312072dc0d374bd55c49a89d248ceea3d8660 8316 libxerces2-java_2.9.1-4.1.diff.gz
d576a99b17b65a6600d97a247404cdd85c7de6d7 1112874
libxerces2-java_2.9.1-4.1_all.deb
6bd09068cf5b06d3bbb3426bd363ac889a81081d 2139488
libxerces2-java-doc_2.9.1-4.1_all.deb
9bd24b7d1cf88bac3e9bdb3f6c8d40292a3ba1ca 1569126
libxerces2-java-gcj_2.9.1-4.1_i386.deb
Checksums-Sha256:
12456fb89599a7ecc367e4ae43ff23a9eff99cfd4a7b38deecd01eefcf6007d6 1556
libxerces2-java_2.9.1-4.1.dsc
6c6f64ceee4ca2ee833dd7dc49bb4ac047fec7dcf08269414dc03d2cf749d398 8316
libxerces2-java_2.9.1-4.1.diff.gz
f5440a23880cba5cac24d325e60387fe74043312127e2bb35260ce5ccb39ad09 1112874
libxerces2-java_2.9.1-4.1_all.deb
e7fa6fc0ec46a23ee2927e41ef30cb4654fc9555644cc9e4bf26542a016194f7 2139488
libxerces2-java-doc_2.9.1-4.1_all.deb
59310d317d7fe41fbe906bf8271e444ca31d37cc9b56eda13280ba92155ab4dd 1569126
libxerces2-java-gcj_2.9.1-4.1_i386.deb
Files:
246cfe3afb6caba7e620bd254b210eff 1556 java optional
libxerces2-java_2.9.1-4.1.dsc
4180692a0b3eac4c68d858c5e0fc85a9 8316 java optional
libxerces2-java_2.9.1-4.1.diff.gz
0f391ed85174f7ccf73d0e68d1074a50 1112874 java optional
libxerces2-java_2.9.1-4.1_all.deb
1cbb75d98f6648727c9c670656e4e874 2139488 doc optional
libxerces2-java-doc_2.9.1-4.1_all.deb
c92a9c80f384d108e4813b6246f3417e 1569126 java optional
libxerces2-java-gcj_2.9.1-4.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAktivfUACgkQNxpp46476ao2CwCdExpOHH+/hFaJG7aD7AdgJ2PX
ApAAoJdUXa3FRus+KE4ynV4GldyPZnMM
=vQqf
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
pkg-java-maintainers mailing list
pkg-java-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
