Your message dated Sun, 03 May 2015 13:05:45 +0000
with message-id <[email protected]>
and subject line Bug#783443: fixed in libxml-libxml-perl 2.0116+dfsg-1+deb8u1
has caused the Debian Bug report #783443,
regarding libxml-libxml-perl: XEE vulnerability; expand_entities set to 0 is
not preserved after a _clone() call (CVE-2015-3451)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
783443: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783443
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libxml-libxml-perl
Version: 2.0116+dfsg-1
Severity: important
Tags: security upstream fixed-upstream
Hi
See http://www.openwall.com/lists/oss-security/2015/04/25/2 and
https://bitbucket.org/shlomif/perl-xml-libxml/commits/5962fd067580767777e94640b129ae8930a68a30/raw/
After a _clone() call unset options are not preserved, e.g.
expand_entities and external entities are processed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libxml-libxml-perl
Source-Version: 2.0116+dfsg-1+deb8u1
We believe that the bug you reported is fixed in the latest version of
libxml-libxml-perl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated
libxml-libxml-perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 01 May 2015 12:57:49 +0200
Source: libxml-libxml-perl
Binary: libxml-libxml-perl
Architecture: source
Version: 2.0116+dfsg-1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Perl Group <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description:
libxml-libxml-perl - Perl interface to the libxml2 library
Closes: 783443
Changes:
libxml-libxml-perl (2.0116+dfsg-1+deb8u1) jessie-security; urgency=high
.
* Team upload.
* Add CVE-2015-3451.patch patch.
CVE-2015-3451: expand_entities set to 0 is not preserved after a
_clone() call. (Closes: #783443)
Checksums-Sha1:
0e4e3f1e8d7bc82e754e128dd22f8ee31f98e9af 2283
libxml-libxml-perl_2.0116+dfsg-1+deb8u1.dsc
2d5568004614739f5637e1678e7f7b6a02886515 392366
libxml-libxml-perl_2.0116+dfsg.orig.tar.gz
31280d659729e8f004d9bfd45427489f2f307007 10412
libxml-libxml-perl_2.0116+dfsg-1+deb8u1.debian.tar.xz
Checksums-Sha256:
b2b00eb82191b2afb55e37d5e8f3eebc3942efa73e5b73fdebecd822756dc1e9 2283
libxml-libxml-perl_2.0116+dfsg-1+deb8u1.dsc
2dc02a0367e7cb820f9a0be6d3d7b6b28bc9dab6b828d7a5a520d7afcf8d224a 392366
libxml-libxml-perl_2.0116+dfsg.orig.tar.gz
e3ccc557779b5311d8263615a33393f913606cd3467ef2680e1fb885da6a28e8 10412
libxml-libxml-perl_2.0116+dfsg-1+deb8u1.debian.tar.xz
Files:
791e7efa22f7f71781137d0fb1b66514 2283 perl optional
libxml-libxml-perl_2.0116+dfsg-1+deb8u1.dsc
6c9fc6e9054ff3b9ee139b38354f8f0f 392366 perl optional
libxml-libxml-perl_2.0116+dfsg.orig.tar.gz
f430d2ad3e3e8f86390beb578619716c 10412 perl optional
libxml-libxml-perl_2.0116+dfsg-1+deb8u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVQ2MwAAoJEAVMuPMTQ89EI/QP/0ZnnNsVIfrUMkwSbf9CM8HF
h0qc0ps6rHo5ZUhTshMpZ417beHCzw/YJgB2aoNseHYxtDl8xRIpysMrIgPzphHb
0hRt8T2SFTDto7sy6Q3vGTQ+wg8G23gHVZVsX/MtTlgUZo4q9Oa5qcfegCSKOC93
bRnWgO0WsL2RurybIvnaI8eGdmxWvLoIrzZkGGuWUCYXffrmVoO0sWpQ7X/gTgCS
+amkyC+l3pHGRb6vmuct4ALTRnx1/N89EHEtzIsdmzHSn5fkiu/tDgMbwCTipRL1
ScdPRnDFIVPO5IT0iKw7xBXtUIjOE046SWnZnerKeV8Q7Tv5KH65rWFI1iX9PG+A
IUhO2PrbWGd5uxWPY4S3cqkbzctc48hmotwjgjITb6Zb9bvbrGZNikCpT3nWAafs
BVvF8J4Hz024XJbjDzcTd6XIcmbO2DB5gRu2kXRavdgZhdQxFrzXSTp+whN12zsv
l8Q3YKShMusjj4402BwBYaoTnZk50HwhOJhDtbKoLYCVppkekIfekzbboIy0kWgS
h11kjn15MOvGkUroY0M/gJPHPo/ZIb08bNpzgTiUoraNmKgtiXu33sQrqT5iqVI/
NLqsDR9pACLHHCL71deA/rpZLTDrRvSEpoE474WJbHBPckv7XDZJge/HbGhkWyox
KKSZ7eTm/jG90LIZbMlM
=wHs7
-----END PGP SIGNATURE-----
--- End Message ---
