Bug#783443: marked as done (libxml-libxml-perl: XEE vulnerability; expand_entities set to 0 is not preserved after a _clone() call (CVE-2015-3451))

Tue, 05 May 2015 12:51:54 -0700 

Your message dated Tue, 05 May 2015 19:47:32 +0000
with message-id <[email protected]>
and subject line Bug#783443: fixed in libxml-libxml-perl 2.0001+dfsg-1+deb7u1
has caused the Debian Bug report #783443,
regarding libxml-libxml-perl: XEE vulnerability; expand_entities set to 0 is 
not preserved after a _clone() call (CVE-2015-3451)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
783443: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783443
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: libxml-libxml-perl
Version: 2.0116+dfsg-1
Severity: important
Tags: security upstream fixed-upstream

Hi

See http://www.openwall.com/lists/oss-security/2015/04/25/2 and
https://bitbucket.org/shlomif/perl-xml-libxml/commits/5962fd067580767777e94640b129ae8930a68a30/raw/

After a _clone() call unset options are not preserved, e.g.
expand_entities and external entities are processed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: libxml-libxml-perl
Source-Version: 2.0001+dfsg-1+deb7u1

We believe that the bug you reported is fixed in the latest version of
libxml-libxml-perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated 
libxml-libxml-perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 01 May 2015 13:48:42 +0200
Source: libxml-libxml-perl
Binary: libxml-libxml-perl
Architecture: source amd64
Version: 2.0001+dfsg-1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Perl Group <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description: 
 libxml-libxml-perl - Perl interface to the libxml2 library
Closes: 783443
Changes: 
 libxml-libxml-perl (2.0001+dfsg-1+deb7u1) wheezy-security; urgency=high
 .
   * Team upload.
   * Add CVE-2015-3451.patch patch.
     CVE-2015-3451: expand_entities set to 0 is not preserved after a
     _clone() call. (Closes: #783443)
Checksums-Sha1: 
 1e4851a94d60d4f634c7da81b1b2c35dcbb64d28 2324 
libxml-libxml-perl_2.0001+dfsg-1+deb7u1.dsc
 4b1f54f9998b78354548d0b9fb68ebfdc9cbb3a3 374428 
libxml-libxml-perl_2.0001+dfsg.orig.tar.gz
 18d2d64dd73f2fd142750714fc2ddb311d6b5869 12049 
libxml-libxml-perl_2.0001+dfsg-1+deb7u1.debian.tar.gz
 23d12633599ff0a713364a38367d7c7188c23b81 412830 
libxml-libxml-perl_2.0001+dfsg-1+deb7u1_amd64.deb
Checksums-Sha256: 
 d006f54ebd45e3a396d317420f91ad1ee1dc04be6c056586e5a96d3f5fe11264 2324 
libxml-libxml-perl_2.0001+dfsg-1+deb7u1.dsc
 cc6d7f54400ec945f8b3985d17ffa682a32402b808a0f9f7a2c75b6463a05cd5 374428 
libxml-libxml-perl_2.0001+dfsg.orig.tar.gz
 dc0741cefec9351ba5c447a5860a9dd898ec83a65cf829bee93f382ee190ca8c 12049 
libxml-libxml-perl_2.0001+dfsg-1+deb7u1.debian.tar.gz
 931baaa1fa77ee6af8d5b55014d958e3b216d2fc4838a879b89053eb4ac171a3 412830 
libxml-libxml-perl_2.0001+dfsg-1+deb7u1_amd64.deb
Files: 
 147ccacaea18d73bb8dea8ee91339568 2324 perl optional 
libxml-libxml-perl_2.0001+dfsg-1+deb7u1.dsc
 5f8ae31cd0c09c014d9029adf055fe4a 374428 perl optional 
libxml-libxml-perl_2.0001+dfsg.orig.tar.gz
 ac778ada894bcbd225b07d973cca66c7 12049 perl optional 
libxml-libxml-perl_2.0001+dfsg-1+deb7u1.debian.tar.gz
 2911ccd1739f5ba7f51ab1276a72528a 412830 perl optional 
libxml-libxml-perl_2.0001+dfsg-1+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVQ3U2AAoJEAVMuPMTQ89E+t4P/2r8MH+WCrmXG6uDq55eFkg1
a3fXytIJonENdsJxVEtZ3lXzo0YyFkEAXg0bcaDXPYBEiEhutilof03uLyOCFZ2p
qK/r39urLVZ4aMms8OUX58yCbNpNWiJCgeXq9dxlld4AmSmkpLwRlPyC0DRABNsI
5QRrts29pEXw/pz0E3+a55aG2KZlshQxyykns0gnUClTC0QvUtiIE0wsj7JrVqGB
dLa6hBuUx2Suhebxobyqxb4YNYa4n0YkXTKKqOhZ7fa3piGaFH3GnYEsnxevzjxZ
7shQ3sa4ct/JRWRIg2M6N6NtM/O4K4UyJCjvFdB4/C/GO03h7MtZQbniG9vx5+mm
3mQjxzBbFxGjLUAi4midhF8dY8VKxJdG5ioYRZUhpbzPCWkG7QzYScmF70kO4pbk
FZOFg47pYiPbDR1u0trAq2eMi5vBVIIgKc08RxXNEP50cWicyVzC+90V64l1NarP
xQZfnEf7dLaMYVsvbNe3in1j3CDCOSHHSl7TuiYvI0xyIJB4p98gbkIcsrvKg8Aw
F7NOdwiudhyx8E+BJCaEkw6R60PuTAc0+G5WahdZqbLQuZwqNA7FLZngB/+ZVVnb
sxYb5p9JqrS5V58Hv0KD3cwojXKiSZQ2Qp7psqDX0DOhECx6qkfaEt0nZlgGtSqb
f6x4WYFyuvsskJpb1nLf
=36+H
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to