Your message dated Thu, 05 Jul 2012 09:47:39 +0000
with message-id <e1smiex-0002eh...@franck.debian.org>
and subject line Bug#679283: fixed in libxslt 1.1.26-13
has caused the Debian Bug report #679283,
regarding CVE-2012-2825
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
679283: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679283
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libxslt
Severity: grave
Tags: security
The Chrome developers found a denial of service issue in the embedded copy of
libxslt, which has been assigned CVE-2012-2825:
http://googlechromereleases.blogspot.de/2012/06/stable-channel-update_26.html:
[$500] [127417] Medium CVE-2012-2825: Wild read in XSL handling. Credit to
Nicholas Gregoire.
This is fixed by the following commit:
http://git.chromium.org/gitweb/?p=chromium/src.git;a=patch;h=bb7bfb81c158268fb242292b7e0fbd2d3b933d09
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: libxslt
Source-Version: 1.1.26-13
We believe that the bug you reported is fixed in the latest version of
libxslt, which is due to be installed in the Debian FTP archive:
libxslt1-dbg_1.1.26-13_amd64.deb
to main/libx/libxslt/libxslt1-dbg_1.1.26-13_amd64.deb
libxslt1-dev_1.1.26-13_amd64.deb
to main/libx/libxslt/libxslt1-dev_1.1.26-13_amd64.deb
libxslt1.1_1.1.26-13_amd64.deb
to main/libx/libxslt/libxslt1.1_1.1.26-13_amd64.deb
libxslt_1.1.26-13.debian.tar.gz
to main/libx/libxslt/libxslt_1.1.26-13.debian.tar.gz
libxslt_1.1.26-13.dsc
to main/libx/libxslt/libxslt_1.1.26-13.dsc
python-libxslt1-dbg_1.1.26-13_amd64.deb
to main/libx/libxslt/python-libxslt1-dbg_1.1.26-13_amd64.deb
python-libxslt1_1.1.26-13_amd64.deb
to main/libx/libxslt/python-libxslt1_1.1.26-13_amd64.deb
xsltproc_1.1.26-13_amd64.deb
to main/libx/libxslt/xsltproc_1.1.26-13_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 679...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aron Xu <a...@debian.org> (supplier of updated libxslt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 05 Jul 2012 11:09:19 +0800
Source: libxslt
Binary: libxslt1.1 libxslt1-dev libxslt1-dbg xsltproc python-libxslt1
python-libxslt1-dbg
Architecture: source amd64
Version: 1.1.26-13
Distribution: unstable
Urgency: low
Maintainer: Debian XML/SGML Group <debian-xml-sgml-p...@lists.alioth.debian.org>
Changed-By: Aron Xu <a...@debian.org>
Description:
libxslt1-dbg - XSLT 1.0 processing library - debugging symbols
libxslt1-dev - XSLT 1.0 processing library - development kit
libxslt1.1 - XSLT 1.0 processing library - runtime library
python-libxslt1 - Python bindings for libxslt1
python-libxslt1-dbg - Python bindings for libxslt1 (debug extension)
xsltproc - XSLT 1.0 command line processor
Closes: 679283
Changes:
libxslt (1.1.26-13) unstable; urgency=low
.
* Patch to fix CVE-2012-2825 (Closes: #679283).
Checksums-Sha1:
4f8b009f451f5c3d0590c1d4ad49c6d3452b63a4 1970 libxslt_1.1.26-13.dsc
9bb1fbcaf3f9d55c304f964f3e8158c1c66dd459 30490 libxslt_1.1.26-13.debian.tar.gz
09a617d1273432f096ba91824a309f50edfd7ea3 251796 libxslt1.1_1.1.26-13_amd64.deb
da9938042ac3e12e10237308a4031b19d8df7734 649602
libxslt1-dev_1.1.26-13_amd64.deb
ac17da9f2e293f2c10453f6fd91f22a5b04b5afc 501882
libxslt1-dbg_1.1.26-13_amd64.deb
d98d4882b9a4ca07b32e5c51b7b314d427955b8a 115842 xsltproc_1.1.26-13_amd64.deb
90d99b38d61d243b1994c496e4fbd893561f0861 170512
python-libxslt1_1.1.26-13_amd64.deb
589b2e390270e37f0a3ceec1bd826dc8e79fc1fd 409606
python-libxslt1-dbg_1.1.26-13_amd64.deb
Checksums-Sha256:
367b7ab79158e09103cc6bc2f01de5206481be5e64f0f4dd605c2de76f5243e5 1970
libxslt_1.1.26-13.dsc
11272bd2ab7273cb17e073f5916e8fc1084a0ddb8b84a68bdb3f5f0bca0f7cc4 30490
libxslt_1.1.26-13.debian.tar.gz
137d94f0e914a69de909da759bff1a39c8941cbceb4c5e3fc96b024393f7be1b 251796
libxslt1.1_1.1.26-13_amd64.deb
897b1b88f2773ed5e127ab6bec0dd206be0bde07f573afb0edadb9a832f24fee 649602
libxslt1-dev_1.1.26-13_amd64.deb
b3c97d05fcee537b49d786348f5e683e51b8456f87f55f7181dbe765fefb6b69 501882
libxslt1-dbg_1.1.26-13_amd64.deb
94056f97f3d8abc154969d309c9529c7dd43c6dc5d37ce81558f91be59c7877b 115842
xsltproc_1.1.26-13_amd64.deb
ef0d07bf0f1f97f0b7d578a52dcb0adab4a5753d406acecadd465dc1422935c3 170512
python-libxslt1_1.1.26-13_amd64.deb
f05f4b595fc35fa9d24484e92e9fb5e009bea0651b36601055eafd913ed02c53 409606
python-libxslt1-dbg_1.1.26-13_amd64.deb
Files:
fd64a5218a7aaba272e41cc85ae8a140 1970 text optional libxslt_1.1.26-13.dsc
51955cfd62dc63465c57363370fee606 30490 text optional
libxslt_1.1.26-13.debian.tar.gz
a8b85613a162480597e8cba6cc54ce99 251796 libs optional
libxslt1.1_1.1.26-13_amd64.deb
d29e8cf76a7fc9ecf637d17855ee6a40 649602 libdevel optional
libxslt1-dev_1.1.26-13_amd64.deb
a5897a9a9a218a59085bc4b5c2353fc7 501882 debug extra
libxslt1-dbg_1.1.26-13_amd64.deb
7143901755701e5d7ab5464419f9349e 115842 text optional
xsltproc_1.1.26-13_amd64.deb
c8b38b830a976c803fedf31373d8806e 170512 python optional
python-libxslt1_1.1.26-13_amd64.deb
a58edb0b8e4f01517593d267ab3c37da 409606 debug extra
python-libxslt1-dbg_1.1.26-13_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAEBAgAGBQJP9WFfAAoJEIAhAkTu07wNJSgIANJJfPkbGysLYckTqQwekxRw
z/nuDjfiQs3PWDxR9PxrgQZD7kHKNEC6StrmAfX5ybf8/Mvw2aTtu0+nEyvrUDWe
3iKWDO2B7An9SlGYx4WkrOYZrVG5VHHeVXUtpghuypiYyrDZHYvf9V66CHx/s0Uy
dleEOw6aeG0vlHFbdFPHtk2dR6U+9rlwyfeF4fGzVDclJL2Zc6f33qnIZdqfQlQ7
pq5OnKx8+ihdALGKh3o64oVpvPZy15n37UcYMqALs0bX1XORtI16yPvePsva6XeH
Q4eGjsvR+jCLamQNCUjkBSBjwBfAviQxyo1Cffu+E06mZLv6o1aow7siOUQ1LZE=
=3ezc
-----END PGP SIGNATURE-----
--- End Message ---