Bug#607922: marked as done (CVE-2010-4494: memory corruption (double-free) in XPath processing code)

Sun, 26 Dec 2010 11:57:22 -0800 

Your message dated Sun, 26 Dec 2010 19:54:49 +0000
with message-id <e1pwwg5-0002qk...@franck.debian.org>
and subject line Bug#607922: fixed in libxml2 2.6.32.dfsg-5+lenny3
has caused the Debian Bug report #607922,
regarding CVE-2010-4494: memory corruption (double-free) in XPath processing 
code
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
607922: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607922
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: libxml2
Severity: serious
Tags: security patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libxml2.

CVE-2010-4494[0]:
| Double free vulnerability in Google Chrome before 8.0.552.215 allows
| remote attackers to cause a denial of service or possibly have
| unspecified other impact via vectors related to XPath handling.


Patch: 
http://git.gnome.org/browse/libxml2/commit/?id=df83c17e5a2646bd923f75e5e507bc80d73c9722
       
http://git.gnome.org/browse/libxml2/commit/?id=fec31bcd452e77c10579467ca87a785b41115de6

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4494
    http://security-tracker.debian.org/tracker/CVE-2010-4494
    http://code.google.com/p/chromium/issues/detail?id=63444

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk0Ujz4ACgkQNxpp46476aolzACfaHIcOhuivzJBkMyY7RJnx2eF
lsEAnRb/JFF6MetVtL68wbKMWpZAMWP1
=cbLo
-----END PGP SIGNATURE-----

--- End Message ---
--- Begin Message --- 
Source: libxml2
Source-Version: 2.6.32.dfsg-5+lenny3

We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive:

libxml2-dbg_2.6.32.dfsg-5+lenny3_amd64.deb
  to main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny3_amd64.deb
libxml2-dev_2.6.32.dfsg-5+lenny3_amd64.deb
  to main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny3_amd64.deb
libxml2-doc_2.6.32.dfsg-5+lenny3_all.deb
  to main/libx/libxml2/libxml2-doc_2.6.32.dfsg-5+lenny3_all.deb
libxml2-utils_2.6.32.dfsg-5+lenny3_amd64.deb
  to main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny3_amd64.deb
libxml2_2.6.32.dfsg-5+lenny3.diff.gz
  to main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny3.diff.gz
libxml2_2.6.32.dfsg-5+lenny3.dsc
  to main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny3.dsc
libxml2_2.6.32.dfsg-5+lenny3_amd64.deb
  to main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny3_amd64.deb
python-libxml2_2.6.32.dfsg-5+lenny3_amd64.deb
  to main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny3_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 607...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Hommey <gland...@debian.org> (supplier of updated libxml2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 25 Dec 2010 10:48:27 +0100
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc python-libxml2
Architecture: source all amd64
Version: 2.6.32.dfsg-5+lenny3
Distribution: stable-security
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-p...@lists.alioth.debian.org>
Changed-By: Mike Hommey <gland...@debian.org>
Description: 
 libxml2    - GNOME XML library
 libxml2-dbg - Debugging symbols for the GNOME XML library
 libxml2-dev - Development files for the GNOME XML library
 libxml2-doc - Documentation for the GNOME XML library
 libxml2-utils - XML utilities
 python-libxml2 - Python bindings for the GNOME XML library
Closes: 607922
Changes: 
 libxml2 (2.6.32.dfsg-5+lenny3) stable-security; urgency=high
 .
   * xpath.c: Fix a double-freeing error in XPath processing code.
     (CVE-2010-4494). Closes: #607922.
Checksums-Sha1: 
 d62bf78e632021a0fb83c27500c42d08a95fc8d7 1985 libxml2_2.6.32.dfsg-5+lenny3.dsc
 3263b429e037eabd511ce0c92f43fe5c6f2dfb0f 83834 
libxml2_2.6.32.dfsg-5+lenny3.diff.gz
 d5460ebffb943f01dd99c0426a463ac8a03a3642 1307018 
libxml2-doc_2.6.32.dfsg-5+lenny3_all.deb
 abb233d73bd073e762a268509181c4ab1bde8588 860420 
libxml2_2.6.32.dfsg-5+lenny3_amd64.deb
 1214a6923ed8f497ee39e557498ee441d3a1a652 37400 
libxml2-utils_2.6.32.dfsg-5+lenny3_amd64.deb
 8ee7e3b5bf5d699ae560ded80cefdf70364e40af 774226 
libxml2-dev_2.6.32.dfsg-5+lenny3_amd64.deb
 db26a069fbd8b9cad50c2630c06a9ade613ea6e6 987446 
libxml2-dbg_2.6.32.dfsg-5+lenny3_amd64.deb
 6945bbd5ac694a8f6d5931ef812732a2a7dc701a 294578 
python-libxml2_2.6.32.dfsg-5+lenny3_amd64.deb
Checksums-Sha256: 
 912d025d7f6355a1fac3cf202b146e2798314cd899d744f68e65699bca3e32e5 1985 
libxml2_2.6.32.dfsg-5+lenny3.dsc
 d4b88a29c1df368490da8cd288df02cef2f5ba17422164113d8c961bef7f58f9 83834 
libxml2_2.6.32.dfsg-5+lenny3.diff.gz
 257f4f34c66a3b3319cd6e34a1d76c1ed0ed3df53fff44920a77239efcb8eb7b 1307018 
libxml2-doc_2.6.32.dfsg-5+lenny3_all.deb
 4a364e5ccfcecd515eacaa444a56aa5479d9ba19f997882ecff42c3cce6f31c8 860420 
libxml2_2.6.32.dfsg-5+lenny3_amd64.deb
 52018aea17bfd95c519f2b5bd19067c3ad234258fe21e4de8bb1366e67b9f32e 37400 
libxml2-utils_2.6.32.dfsg-5+lenny3_amd64.deb
 0464ea44e3da7dc313a6eda506452d237e0f4b1347ab47d4ef1afc4208c4d9d5 774226 
libxml2-dev_2.6.32.dfsg-5+lenny3_amd64.deb
 f48d8c6db591db19d5b093c0e5926d3de25c0bc9da64b4cb575a5824aed62b11 987446 
libxml2-dbg_2.6.32.dfsg-5+lenny3_amd64.deb
 fcd6512b83ce39e6454fdca3ef14b83329461607573a1d6e356f5ac4d5b71da9 294578 
python-libxml2_2.6.32.dfsg-5+lenny3_amd64.deb
Files: 
 f42227ce90e7d0e5fb787168a8a7007d 1985 libs optional 
libxml2_2.6.32.dfsg-5+lenny3.dsc
 70ba3e766175e52be697f9675a1a6320 83834 libs optional 
libxml2_2.6.32.dfsg-5+lenny3.diff.gz
 120cc49364903ed2908bdb677d0da494 1307018 doc optional 
libxml2-doc_2.6.32.dfsg-5+lenny3_all.deb
 5a0eebeca3865141c94c4dfc6edf7a94 860420 libs optional 
libxml2_2.6.32.dfsg-5+lenny3_amd64.deb
 753b813b3136b497013d014e9a2e8884 37400 text optional 
libxml2-utils_2.6.32.dfsg-5+lenny3_amd64.deb
 819f5afccd765abf9951a8f7efa85daf 774226 libdevel optional 
libxml2-dev_2.6.32.dfsg-5+lenny3_amd64.deb
 c39577c66f78d54835d63ac84bef1311 987446 libdevel extra 
libxml2-dbg_2.6.32.dfsg-5+lenny3_amd64.deb
 e3499b10d3044ffdf33fe31480c51ee3 294578 python optional 
python-libxml2_2.6.32.dfsg-5+lenny3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIVAwUBTRXBNuQqoE+mqoxyAQim0w/+MIUxxtckPcKTKoGGYfZZJCie6a1CT0tB
N14KPFUSCggpuW1q/+1DebzjimsTYecTPqOpazrABgWjtm+JN9cbt93k2wFhU//A
V6VKZN1IV1ZLpXg/1a2wds4BPqeHG/8XtRWI0HIk1AkVgNvFq/RNoCjzZM1GaYNd
IDi69rYftXliDSo9Nn75L2CyNH5x0CbloZy8kK+cXSpqSHtgEM2FiW+54y2/KZvF
MiM8ztf3pYVZTB1pCXz/Yi8SXdZ1nv8i+dJ61AqkJ4Go4rsrPLygSLBlOy1oZpcB
DyGt0SSyiIPGWqRn8PdjXOfdvU/nQ4hyeMYNrdah209zL3pNvnhNLqALa7BZhHpa
CN7KNHvswMMwehCou+LJ8IDQKJ4iej51OlygF+1sTvt+7Pvv6dk3vh8bhNA48AHU
zNcT+baUv59KCLJkJ3BpSgwV91NyuHOeyCE30aif+AUi/rVlwQr0zwteoIO360PG
fIskCVL6z5iCcg9XtXX0X+SP84M39bP2LRFF4ANy/+nvbdAhKDAdhpWSPsvrSmP8
G1xnG2mEcWhiAwJV1GqwVWcLKAf62mMstcAhgWI8B/Gp0tm2diG/oSxDR+u/VskA
ZHCXVDIGbZvtDWleRgqgdIdqg9IRHU0SuU1H67GnujJSBbSh0D+6jWoLAi0vxBLj
9zOLuGt7Cig=
=2RkR
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to