Your message dated Tue, 28 Jun 2016 05:17:10 +0000
with message-id <[email protected]>
and subject line Bug#802971: fixed in libxslt 1.1.28-2+deb8u1
has caused the Debian Bug report #802971,
regarding libxslt: CVE-2015-7995: Type confusion may cause DoS
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
802971: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802971
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libxslt
Version: 1.1.26-1
Severity: important
Tags: security upstream
Hi
See https://bugzilla.redhat.com/show_bug.cgi?id=1257962 for more
details and a PoC.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libxslt
Source-Version: 1.1.28-2+deb8u1
We believe that the bug you reported is fixed in the latest version of
libxslt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated libxslt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 18 Jun 2016 19:27:31 +0200
Source: libxslt
Binary: libxslt1.1 libxslt1-dev libxslt1-dbg xsltproc python-libxslt1
python-libxslt1-dbg
Architecture: source
Version: 1.1.28-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian XML/SGML Group <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 802971
Description:
libxslt1-dbg - XSLT 1.0 processing library - debugging symbols
libxslt1-dev - XSLT 1.0 processing library - development kit
libxslt1.1 - XSLT 1.0 processing library - runtime library
python-libxslt1 - Python bindings for libxslt1
python-libxslt1-dbg - Python bindings for libxslt1 (debug extension)
xsltproc - XSLT 1.0 command line processor
Changes:
libxslt (1.1.28-2+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix for type confusion in preprocessing attributes (CVE-2015-7995)
(Closes: #802971)
* Always initialize EXSLT month and day to 1
* Fix use-after-free in xsltDocumentFunctionLoadDocument
* Fix xsltNumberFormatGetMultipleLevel (CVE-2016-1683)
* Round xsl:number values to nearest integer
* Handle negative xsl:number values
* Lower bound for format token "a"
* Lower and upper bound for format token "i" (CVE-2016-1684)
* Fix double free in libexslt hash functions
* Fix buffer overflow in exsltDateFormat
* Fix OOB heap read in xsltExtModuleRegisterDynamic
Checksums-Sha1:
3d1739f99b19b9b50d0f47cf929a33cc18e08e4e 2389 libxslt_1.1.28-2+deb8u1.dsc
4df177de629b2653db322bfb891afa3c0d1fa221 3435907 libxslt_1.1.28.orig.tar.gz
b0a2c6b9b6e9873609a18205fbdc970252ef5f1d 37208
libxslt_1.1.28-2+deb8u1.debian.tar.xz
Checksums-Sha256:
d084d58d3f25cea908acf99a26bf79a6aa4d03ebd94ec3cccb3d427175ed0c80 2389
libxslt_1.1.28-2+deb8u1.dsc
5fc7151a57b89c03d7b825df5a0fae0a8d5f05674c0e7cf2937ecec4d54a028c 3435907
libxslt_1.1.28.orig.tar.gz
11a8ec5df714a2ac1a55776b1baede5d0612a29b7c5ab6cbbda22d1d49801655 37208
libxslt_1.1.28-2+deb8u1.debian.tar.xz
Files:
99de136e9b5c09c32a01a92acee05b44 2389 text optional libxslt_1.1.28-2+deb8u1.dsc
9667bf6f9310b957254fdcf6596600b7 3435907 text optional
libxslt_1.1.28.orig.tar.gz
88f9b562443b447fa3f386f5348917fc 37208 text optional
libxslt_1.1.28-2+deb8u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJXZYYxAAoJEAVMuPMTQ89E8ogP+wfZu0WOpdzKN+FRbxfaYNcB
wHmo2PliIm0ctbr1aL6pgS3Ei20II7gwGOeA7OzWiJllRZb5KtDP4QuGzaV/L95v
W6P4R7KFrUw5m9Z60b6VL8USQLNe0CTfgbJu9ZJHJBWaEiGfJoiaai4bg4jwF1VB
bGJdXydNpyzyC6L6TahyNgXI5plOMBy9Lai/dBqva78lrN236e+IWEi+tHRSwuCu
6JvCdxY/llvVg+bcGErmBk4h6xN/jyd4CxTh7M4SuYhj+yvNxNbc98dEUOey5fuU
Gfy1NeYYQfggV6tILVUzY9476PZOOS6dcg9622XVshp/ZquYX3MrtUQHHdMJzEv+
srwS1PPsTGh+xcnDodsrPEJkmvCIf6Ks5y+vgJ/wVtNA8XfrpYmXmcnSX5mlM09m
VCcWPPhXsDHzixaL/iGG31O1W6KjHYnQcQDc2afrML5DdS8aIJC+iPSHA+sHtSo6
dS8k9cI/l/fJQ7Tw7H5CLZhd9jq89x9EkHp6JbQ0yXsjdHBMNNSo7wqlQSLIHKLq
4lRO1YdVtQIOi5A51gcApPn7jiElVDjk1MHtW7jvnuBYvh/m1rrHAd4R9ieAzSuZ
Sgw8rPFRCoJvS347l+5pmI08Tj1JdTS4y5ouu0/fQxXVNxZhFBuK4t7xBgIGzvV4
Qk3sN4gKjqO+SPmHHKlg
=au3v
-----END PGP SIGNATURE-----
--- End Message ---
