Your message dated Fri, 07 Oct 2011 07:47:26 +0000
with message-id <e1rc59s-0001wx...@franck.debian.org>
and subject line Bug#643648: fixed in libxml2 2.7.8.dfsg-5
has caused the Debian Bug report #643648,
regarding CVE-2011-2834 and CVE-2011-2821
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
643648: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=643648
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libxml2
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
two libxml2 issues were fixed in the latest chrome updates:
CVE-2011-2821
Double free vulnerability in libxml2, as used in Google Chrome before
13.0.782.215, allows remote attackers to cause a denial of service or
possibly have unspecified other impact via a crafted XPath expression.
Patch:
http://git.gnome.org/browse/libxml2/commit/?id=fec31bcd452e77c10579467ca87a785b41115de6
CVE-2011-2834
Double free vulnerability in libxml2, as used in Google Chrome before
14.0.835.163, allows remote attackers to cause a denial of service or
possibly have unspecified other impact via vectors related to XPath
handling.
Patch: http://src.chromium.org/viewvc/chrome?view=rev&revision=98359
Cheers,
Giuseppe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk6C/OYACgkQNxpp46476apt2ACdHKTvWjo4WoxEWsVD6Z7a9elU
AFgAn2ml9iJvUDCXczdrJcVH1PIknJFT
=EMJW
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: libxml2
Source-Version: 2.7.8.dfsg-5
We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive:
libxml2-dbg_2.7.8.dfsg-5_amd64.deb
to main/libx/libxml2/libxml2-dbg_2.7.8.dfsg-5_amd64.deb
libxml2-dev_2.7.8.dfsg-5_amd64.deb
to main/libx/libxml2/libxml2-dev_2.7.8.dfsg-5_amd64.deb
libxml2-doc_2.7.8.dfsg-5_all.deb
to main/libx/libxml2/libxml2-doc_2.7.8.dfsg-5_all.deb
libxml2-utils_2.7.8.dfsg-5_amd64.deb
to main/libx/libxml2/libxml2-utils_2.7.8.dfsg-5_amd64.deb
libxml2_2.7.8.dfsg-5.diff.gz
to main/libx/libxml2/libxml2_2.7.8.dfsg-5.diff.gz
libxml2_2.7.8.dfsg-5.dsc
to main/libx/libxml2/libxml2_2.7.8.dfsg-5.dsc
libxml2_2.7.8.dfsg-5_amd64.deb
to main/libx/libxml2/libxml2_2.7.8.dfsg-5_amd64.deb
python-libxml2-dbg_2.7.8.dfsg-5_amd64.deb
to main/libx/libxml2/python-libxml2-dbg_2.7.8.dfsg-5_amd64.deb
python-libxml2_2.7.8.dfsg-5_amd64.deb
to main/libx/libxml2/python-libxml2_2.7.8.dfsg-5_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 643...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mike Hommey <gland...@debian.org> (supplier of updated libxml2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 07 Oct 2011 09:31:14 +0200
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc
python-libxml2 python-libxml2-dbg
Architecture: source amd64 all
Version: 2.7.8.dfsg-5
Distribution: unstable
Urgency: low
Maintainer: Debian XML/SGML Group <debian-xml-sgml-p...@lists.alioth.debian.org>
Changed-By: Mike Hommey <gland...@debian.org>
Description:
libxml2 - GNOME XML library
libxml2-dbg - Debugging symbols for the GNOME XML library
libxml2-dev - Development files for the GNOME XML library
libxml2-doc - Documentation for the GNOME XML library
libxml2-utils - XML utilities
python-libxml2 - Python bindings for the GNOME XML library
python-libxml2-dbg - Python bindings for the GNOME XML library (debug
extension)
Closes: 643648
Changes:
libxml2 (2.7.8.dfsg-5) unstable; urgency=low
.
* xpath.c, xpointer.c, include/libxml/xpath.h: Hardening of XPath evaluation.
CVE-2011-2821.
* xpath.c: Fix for undefined namespaces. CVE-2011-2834.
* Both closes: #643648.
Checksums-Sha1:
5f196d9e6bae1def9f7e2ea08e45bbe12245d09f 2370 libxml2_2.7.8.dfsg-5.dsc
81cf9777f6339d771ea9335c325d9cc289f79b70 117912 libxml2_2.7.8.dfsg-5.diff.gz
c89b1f557605095094eed7522bde6e15d2cfd78d 891938 libxml2_2.7.8.dfsg-5_amd64.deb
678105173f175c18b5c6fee453c8aa909af9065b 92564
libxml2-utils_2.7.8.dfsg-5_amd64.deb
83ea6720cc08390ed63b51140f7876d5367c9096 854392
libxml2-dev_2.7.8.dfsg-5_amd64.deb
bf4cad70e9451a4cfee9124eb786a17717b2cfa0 1118050
libxml2-dbg_2.7.8.dfsg-5_amd64.deb
40321fb296dba8af0aba852395bc8cebc69d8a2d 1377374
libxml2-doc_2.7.8.dfsg-5_all.deb
51466633578ebab5a830be5837d762e4b644a268 339494
python-libxml2_2.7.8.dfsg-5_amd64.deb
6efb0c1385d038ee725eac2b81d0305e5bbc02d8 855508
python-libxml2-dbg_2.7.8.dfsg-5_amd64.deb
Checksums-Sha256:
47335864adb55c9111a06e966df333c0f848e377606ef4688c122886c530635c 2370
libxml2_2.7.8.dfsg-5.dsc
2f96c0ae319c9a518db05b342a967eeb4113e6fb93e3723ad3e668b588a87fd3 117912
libxml2_2.7.8.dfsg-5.diff.gz
fee426571bccbd9838584261be2063063e6cf9aca13f5aded51878df28950f75 891938
libxml2_2.7.8.dfsg-5_amd64.deb
365d5034f841527118855e56d273f94d95343d1920775157e32841e54dfad903 92564
libxml2-utils_2.7.8.dfsg-5_amd64.deb
65448c7386ad2e6c59327e6add82b5911d53e79825f31bba3a63c9ea2bf9ebf9 854392
libxml2-dev_2.7.8.dfsg-5_amd64.deb
5e6f698d4281091c8f5fb8630050eda89dd9d616bbd067bb414fb0219afe5ba4 1118050
libxml2-dbg_2.7.8.dfsg-5_amd64.deb
bd1d0dfd774da14132b5cd83c0724b34dc46f9053fc417d910bd4f97f7efe9b9 1377374
libxml2-doc_2.7.8.dfsg-5_all.deb
67218d7cb3d83d0df2d00be4bce77e588e6c8ec4de24fb2dcd221d85f8ea0e8d 339494
python-libxml2_2.7.8.dfsg-5_amd64.deb
4a9ef7fb5433bc071a6fd9e2525d03d64bfd85db570ddef028968cdc632f67e0 855508
python-libxml2-dbg_2.7.8.dfsg-5_amd64.deb
Files:
b50b1eefb84c9cdc759bbf503cb998a5 2370 libs optional libxml2_2.7.8.dfsg-5.dsc
f94d9e94e2b04c0b5f0646d82f339c09 117912 libs optional
libxml2_2.7.8.dfsg-5.diff.gz
0082ff7ec655477678174db912129884 891938 libs standard
libxml2_2.7.8.dfsg-5_amd64.deb
d7d1c423991ae187f377655eda5e954a 92564 text optional
libxml2-utils_2.7.8.dfsg-5_amd64.deb
176d2b30c570564e7ab5f2be7c9ae2be 854392 libdevel optional
libxml2-dev_2.7.8.dfsg-5_amd64.deb
9bb16ebc850599eb5811510ae31002cd 1118050 debug extra
libxml2-dbg_2.7.8.dfsg-5_amd64.deb
a509f1a2a2b2f48fd8eaadc6799b6b27 1377374 doc optional
libxml2-doc_2.7.8.dfsg-5_all.deb
5dfe849c3286faa0086d8a4a85692b9e 339494 python optional
python-libxml2_2.7.8.dfsg-5_amd64.deb
6bcab857662a8c2b8d5898f1b7f0bb5b 855508 debug extra
python-libxml2-dbg_2.7.8.dfsg-5_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIVAwUBTo6tIuQqoE+mqoxyAQjAEg//U1+CIE+2EVv+09Kw32VfKqexTT642uau
72hlYTQYKzbegQDWTAwSa/k1xBb5mkXriySX+NI3ZGd5fWSyoSJEDF5qfZRU3NzS
vbVehMmrsfyO78vVyTV74ULcdLGFalzBYry+AKPs8wryOSTpGm6rZhh2TDlx1Uqu
RCnFHL/CEZxuF06uH6q3g4n2BtsMR66nB+LTMWbfei6/ZMdqqvm43RnIGst1H1cD
5vFhnGFnLDoeksvcFXLb8RGFHQJl8Js2KtNHzdwBqEmxEuiOhL0Z3aK2M8OP+05h
maRKGxWYCTjqDVC639F+yByOxLzELWzzsH0n9wL3Bds5rqxB7HNFolxdEp6bqtBK
bG326M77aqnMD0xj0qqOw2slbHkHJr6zR/LjYGOngyFGRWcweZr6+tyZljgi5D4i
sjKhkv/ZEdQvR39mXDeuDt0SobVFWJSNwGGPKE24ysd8Wvhx8jaiFGY9EJirpqLO
XCTtJJwL7N0shrfKX4cmaPI+iAz2jAoTL7K/Hd3tK2U1slX+8RzQNAYeLLZ3VytS
drzgjcaHvpL8AvXShElez1jEwVPpMZ0bui+ov6XemRixQ44wEF5reSfq+NsmF06n
1FesfYxPlz5J8Sh3+sOT/Q596gQlmIAtUEJYEXnPT+kfeQPfwSRaQWi1rQEuy+DH
ddNd22/SxLs=
=zJXR
-----END PGP SIGNATURE-----
--- End Message ---
