Your message dated Wed, 16 Dec 2009 23:47:55 +0000
with message-id <[email protected]>
and subject line Bug#551936: fixed in expat 2.0.1-4+lenny1
has caused the Debian Bug report #551936,
regarding expat: CVE-2009-2625
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
551936: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551936
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
package: expat
version: 1.95.8-3
severity: serious
tags: security
hello, a security issue has been disclosed for expat. see [0],[1].
this affects all supported debian releases, so please coordinate with
the security team to prepare DSAs.
mike
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625
[1] https://bugs.gentoo.org/show_bug.cgi?id=280615
--- End Message ---
--- Begin Message ---
Source: expat
Source-Version: 2.0.1-4+lenny1
We believe that the bug you reported is fixed in the latest version of
expat, which is due to be installed in the Debian FTP archive:
expat_2.0.1-4+lenny1.diff.gz
to main/e/expat/expat_2.0.1-4+lenny1.diff.gz
expat_2.0.1-4+lenny1.dsc
to main/e/expat/expat_2.0.1-4+lenny1.dsc
expat_2.0.1-4+lenny1_i386.deb
to main/e/expat/expat_2.0.1-4+lenny1_i386.deb
lib64expat1-dev_2.0.1-4+lenny1_i386.deb
to main/e/expat/lib64expat1-dev_2.0.1-4+lenny1_i386.deb
lib64expat1_2.0.1-4+lenny1_i386.deb
to main/e/expat/lib64expat1_2.0.1-4+lenny1_i386.deb
libexpat1-dev_2.0.1-4+lenny1_i386.deb
to main/e/expat/libexpat1-dev_2.0.1-4+lenny1_i386.deb
libexpat1-udeb_2.0.1-4+lenny1_i386.udeb
to main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_i386.udeb
libexpat1_2.0.1-4+lenny1_i386.deb
to main/e/expat/libexpat1_2.0.1-4+lenny1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Leidert (dale) <[email protected]> (supplier of updated expat
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 26 Oct 2009 15:13:25 +0100
Source: expat
Binary: lib64expat1-dev lib64expat1 libexpat1-dev libexpat1 libexpat1-udeb expat
Architecture: source i386
Version: 2.0.1-4+lenny1
Distribution: stable-security
Urgency: medium
Maintainer: Debian XML/SGML Group <[email protected]>
Changed-By: Daniel Leidert (dale) <[email protected]>
Description:
expat - XML parsing C library - example application
lib64expat1 - XML parsing C library - runtime library (64bit)
lib64expat1-dev - XML parsing C library - development kit (64bit)
libexpat1 - XML parsing C library - runtime library
libexpat1-dev - XML parsing C library - development kit
libexpat1-udeb - XML parsing C library - runtime library (udeb)
Closes: 551936
Changes:
expat (2.0.1-4+lenny1) stable-security; urgency=medium
.
* Upload to stable to fix security issues.
* debian/patches/551936_CVE_2009_2625.dpatch: Added.
- lib/xmltok_impl.c (updatePosition): Fix DoS vulnerability CVE-2009-2625
(closes: #551936).
* debian/patches/00list: Adjusted.
Checksums-Sha1:
13dd9c4d5903e7fcdfd8c3a16cae40bcb8c2bfb1 1446 expat_2.0.1-4+lenny1.dsc
663548c37b996082db1f2f2c32af060d7aa15c2d 446456 expat_2.0.1.orig.tar.gz
bbdd73146df0bc0bd02a41383e0734192c3f86b2 133411 expat_2.0.1-4+lenny1.diff.gz
3f7402940b0c7d7ab168e00ca2851810f5780075 166714
lib64expat1-dev_2.0.1-4+lenny1_i386.deb
821148577ef16f440f4041046e606499dc2bb264 136372
lib64expat1_2.0.1-4+lenny1_i386.deb
468c0435e2d0d4c2ac4e55b0329c45ea469bcb98 210960
libexpat1-dev_2.0.1-4+lenny1_i386.deb
de813081d3f2640456d93d0d73c2089fda00be8f 131890
libexpat1_2.0.1-4+lenny1_i386.deb
3d50f3dab8ff5679b86e23cf77e1d6f6c72651ab 60860
libexpat1-udeb_2.0.1-4+lenny1_i386.udeb
66f496d7c3cb57e57fcc9e69af8b16983972fd80 23152 expat_2.0.1-4+lenny1_i386.deb
Checksums-Sha256:
5d2b26037eccf07725ec6c5b2d9afc8a8b1a86f95047229f6a73ede7252890fe 1446
expat_2.0.1-4+lenny1.dsc
847660b4df86e707c9150e33cd8c25bc5cd828f708c7418e765e3e983a2e5e93 446456
expat_2.0.1.orig.tar.gz
80811e6b17b91ad3e139f140e688188afde83c56cd21eff6ee010d5246131109 133411
expat_2.0.1-4+lenny1.diff.gz
06217c4239489c4f039e857e4ffbb030e530a0b7e15df45b2f511857eec360e9 166714
lib64expat1-dev_2.0.1-4+lenny1_i386.deb
3c6e37d7f1a850f40f3fda780f69c46db958d93d8ab639e2a65c0d6674cea3d3 136372
lib64expat1_2.0.1-4+lenny1_i386.deb
32844e2c4f64c5be1bd29669e796e84bb9c2142ac7f18ccea053b3cc342aff09 210960
libexpat1-dev_2.0.1-4+lenny1_i386.deb
82a026a02277c14dd152a43f3c22b3533c4bf6416132e2632aedd3b6ae2c35a1 131890
libexpat1_2.0.1-4+lenny1_i386.deb
78b27865c944472485bbcd84e1592d443f957b0f1f4af361e810487c7164a0cb 60860
libexpat1-udeb_2.0.1-4+lenny1_i386.udeb
b7d3f3fc6ff6ea66390a817d8c259cf43a153bdf02249321d5702fde1ac47627 23152
expat_2.0.1-4+lenny1_i386.deb
Files:
4f069e17ff00f0b1fb810560bce5db05 1446 text optional expat_2.0.1-4+lenny1.dsc
ee8b492592568805593f81f8cdf2a04c 446456 text optional expat_2.0.1.orig.tar.gz
b5dc224140f8bcdfeab899c9a2aeaf4f 133411 text optional
expat_2.0.1-4+lenny1.diff.gz
6371c41f37ac8c15f9c311d6466a263c 166714 libdevel optional
lib64expat1-dev_2.0.1-4+lenny1_i386.deb
910e7dc6c260cb7061b100738d8a1637 136372 libs optional
lib64expat1_2.0.1-4+lenny1_i386.deb
d45ab14f22aedda35b035e608cba7709 210960 libdevel optional
libexpat1-dev_2.0.1-4+lenny1_i386.deb
5091b56525caf7de535b6d5ca76c8f8d 131890 libs optional
libexpat1_2.0.1-4+lenny1_i386.deb
73e491d5110ed35e4c005d244669e766 60860 debian-installer extra
libexpat1-udeb_2.0.1-4+lenny1_i386.udeb
d1e24f461306e329e74b0314a549dad6 23152 text optional
expat_2.0.1-4+lenny1_i386.deb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkrm5QgACgkQNxpp46476arqHQCeKR/0nA2e3VKKxWwiaLPnIUc1
eGUAniwc3YYRUsnM89fY+0yYoJoAH+0N
=Ido5
-----END PGP SIGNATURE-----
--- End Message ---
