Your message dated Fri, 21 Apr 2023 14:07:14 +0000
with message-id <[email protected]>
and subject line Bug#1034436: fixed in libxml2 2.9.10+dfsg-6.7+deb11u4
has caused the Debian Bug report #1034436,
regarding libxml2: CVE-2023-28484
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1034436: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034436
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libxml2
Version: 2.9.14+dfsg-1.1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for libxml2.
CVE-2023-28484[0]:
| NULL dereference in xmlSchemaFixupComplexType
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-28484
https://www.cve.org/CVERecord?id=CVE-2023-28484
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libxml2
Source-Version: 2.9.10+dfsg-6.7+deb11u4
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated libxml2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 15 Apr 2023 20:52:15 +0200
Source: libxml2
Architecture: source
Version: 2.9.10+dfsg-6.7+deb11u4
Distribution: bullseye-security
Urgency: high
Maintainer: Debian XML/SGML Group <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 1034436 1034437
Changes:
libxml2 (2.9.10+dfsg-6.7+deb11u4) bullseye-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK
* Fix null deref in xmlSchemaFixupComplexType (CVE-2023-28484)
(Closes: #1034436)
* Hashing of empty dict strings isn't deterministic (CVE-2023-29469)
(Closes: #1034437)
Checksums-Sha1:
c4f079a5d2fec51dd4940764f45471a58cecd1e0 2859
libxml2_2.9.10+dfsg-6.7+deb11u4.dsc
c81ab44e7161a6eea076731546170f3597b9f7fe 41904
libxml2_2.9.10+dfsg-6.7+deb11u4.debian.tar.xz
Checksums-Sha256:
db8806a35ae170159cf267bb83296f1fd6310dedab53450e4d3f5e8af2937c4a 2859
libxml2_2.9.10+dfsg-6.7+deb11u4.dsc
62037376765cc8e5961771d758b8efa9fddce3cce6fd67c31bc111ddff656654 41904
libxml2_2.9.10+dfsg-6.7+deb11u4.debian.tar.xz
Files:
9b4e96bb31f42607a0c3bb4bcdc794b4 2859 libs optional
libxml2_2.9.10+dfsg-6.7+deb11u4.dsc
d14f4789d2783a8a502a53409381f3a1 41904 libs optional
libxml2_2.9.10+dfsg-6.7+deb11u4.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmQ689tfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E57cQAKImvi6RHkhwClDitqTL3n7TJfND1uhd
Na4Sa9QoRZI2wqwJveA32gmHV/QhZG9KQMGgIVZNE4E241NL4nTicivNytWc/rPo
QGNy6VfSL5NM414H2RiiHn2iJd6x9vQqKiLXsO0QvT6zlOEwjBtMP4FqGTiHzx5E
aAoQrL6oBFGwR1aPpl5VEsT+R5427cmxyn4PIhf2V/vIOlEpu11qcv+s0LBFtNWj
HpKcM3jXH7niXVfufFha/8x4ABRHYPQAUV5IJz14XHS1HYZ9Cmdap7SahXb1ofJ6
mLjhwfq7m0m9FflJLtEfFWKCR9ByGTtbxEyNuJmVRLg6ZnW5aBP5TRvtjzs+oguo
azE1D1GmzzbgRUDTsvfniP+WPJRyuj2N4UZ6k1ioUhhbJMvJ0ot8KCivH0Tv9Wg0
OQvXQQksx7Ssq3fanG6+JTopfExHH1tGerxw281sLLis0WybQmIJjrhtNCTqmCX5
+IpOz+b8Zm2bKOxiKul/TSw0f4nX4KxDQCQjWmEG8jdqA+RDlKysaDtzJDq+GFjZ
OniJFEk01wF3nVHSBKKfZZ4h47UwOJ3vK+/cni6keXZETeJvd2WDLCyasA8+N0fb
sjNDwQN0rzvM7gZC1smKVUt88qC4gltKSV90MuOqlBL0HQ31mPcLxq17xprMHuma
cLsskx89MzJq
=x3XX
-----END PGP SIGNATURE-----
--- End Message ---
