Bug#679283: marked as done (CVE-2012-2825)

Thu, 05 Jul 2012 02:52:04 -0700 

Your message dated Thu, 05 Jul 2012 09:47:39 +0000
with message-id <e1smiex-0002eh...@franck.debian.org>
and subject line Bug#679283: fixed in libxslt 1.1.26-13
has caused the Debian Bug report #679283,
regarding CVE-2012-2825
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
679283: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679283
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: libxslt
Severity: grave
Tags: security

The Chrome developers found a denial of service issue in the embedded copy of
libxslt, which has been assigned CVE-2012-2825:

http://googlechromereleases.blogspot.de/2012/06/stable-channel-update_26.html:

[$500] [127417] Medium CVE-2012-2825: Wild read in XSL handling. Credit to 
Nicholas Gregoire.

This is fixed by the following commit:
http://git.chromium.org/gitweb/?p=chromium/src.git;a=patch;h=bb7bfb81c158268fb242292b7e0fbd2d3b933d09

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: libxslt
Source-Version: 1.1.26-13

We believe that the bug you reported is fixed in the latest version of
libxslt, which is due to be installed in the Debian FTP archive:

libxslt1-dbg_1.1.26-13_amd64.deb
  to main/libx/libxslt/libxslt1-dbg_1.1.26-13_amd64.deb
libxslt1-dev_1.1.26-13_amd64.deb
  to main/libx/libxslt/libxslt1-dev_1.1.26-13_amd64.deb
libxslt1.1_1.1.26-13_amd64.deb
  to main/libx/libxslt/libxslt1.1_1.1.26-13_amd64.deb
libxslt_1.1.26-13.debian.tar.gz
  to main/libx/libxslt/libxslt_1.1.26-13.debian.tar.gz
libxslt_1.1.26-13.dsc
  to main/libx/libxslt/libxslt_1.1.26-13.dsc
python-libxslt1-dbg_1.1.26-13_amd64.deb
  to main/libx/libxslt/python-libxslt1-dbg_1.1.26-13_amd64.deb
python-libxslt1_1.1.26-13_amd64.deb
  to main/libx/libxslt/python-libxslt1_1.1.26-13_amd64.deb
xsltproc_1.1.26-13_amd64.deb
  to main/libx/libxslt/xsltproc_1.1.26-13_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 679...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aron Xu <a...@debian.org> (supplier of updated libxslt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 05 Jul 2012 11:09:19 +0800
Source: libxslt
Binary: libxslt1.1 libxslt1-dev libxslt1-dbg xsltproc python-libxslt1 
python-libxslt1-dbg
Architecture: source amd64
Version: 1.1.26-13
Distribution: unstable
Urgency: low
Maintainer: Debian XML/SGML Group <debian-xml-sgml-p...@lists.alioth.debian.org>
Changed-By: Aron Xu <a...@debian.org>
Description: 
 libxslt1-dbg - XSLT 1.0 processing library - debugging symbols
 libxslt1-dev - XSLT 1.0 processing library - development kit
 libxslt1.1 - XSLT 1.0 processing library - runtime library
 python-libxslt1 - Python bindings for libxslt1
 python-libxslt1-dbg - Python bindings for libxslt1 (debug extension)
 xsltproc   - XSLT 1.0 command line processor
Closes: 679283
Changes: 
 libxslt (1.1.26-13) unstable; urgency=low
 .
   * Patch to fix CVE-2012-2825 (Closes: #679283).
Checksums-Sha1: 
 4f8b009f451f5c3d0590c1d4ad49c6d3452b63a4 1970 libxslt_1.1.26-13.dsc
 9bb1fbcaf3f9d55c304f964f3e8158c1c66dd459 30490 libxslt_1.1.26-13.debian.tar.gz
 09a617d1273432f096ba91824a309f50edfd7ea3 251796 libxslt1.1_1.1.26-13_amd64.deb
 da9938042ac3e12e10237308a4031b19d8df7734 649602 
libxslt1-dev_1.1.26-13_amd64.deb
 ac17da9f2e293f2c10453f6fd91f22a5b04b5afc 501882 
libxslt1-dbg_1.1.26-13_amd64.deb
 d98d4882b9a4ca07b32e5c51b7b314d427955b8a 115842 xsltproc_1.1.26-13_amd64.deb
 90d99b38d61d243b1994c496e4fbd893561f0861 170512 
python-libxslt1_1.1.26-13_amd64.deb
 589b2e390270e37f0a3ceec1bd826dc8e79fc1fd 409606 
python-libxslt1-dbg_1.1.26-13_amd64.deb
Checksums-Sha256: 
 367b7ab79158e09103cc6bc2f01de5206481be5e64f0f4dd605c2de76f5243e5 1970 
libxslt_1.1.26-13.dsc
 11272bd2ab7273cb17e073f5916e8fc1084a0ddb8b84a68bdb3f5f0bca0f7cc4 30490 
libxslt_1.1.26-13.debian.tar.gz
 137d94f0e914a69de909da759bff1a39c8941cbceb4c5e3fc96b024393f7be1b 251796 
libxslt1.1_1.1.26-13_amd64.deb
 897b1b88f2773ed5e127ab6bec0dd206be0bde07f573afb0edadb9a832f24fee 649602 
libxslt1-dev_1.1.26-13_amd64.deb
 b3c97d05fcee537b49d786348f5e683e51b8456f87f55f7181dbe765fefb6b69 501882 
libxslt1-dbg_1.1.26-13_amd64.deb
 94056f97f3d8abc154969d309c9529c7dd43c6dc5d37ce81558f91be59c7877b 115842 
xsltproc_1.1.26-13_amd64.deb
 ef0d07bf0f1f97f0b7d578a52dcb0adab4a5753d406acecadd465dc1422935c3 170512 
python-libxslt1_1.1.26-13_amd64.deb
 f05f4b595fc35fa9d24484e92e9fb5e009bea0651b36601055eafd913ed02c53 409606 
python-libxslt1-dbg_1.1.26-13_amd64.deb
Files: 
 fd64a5218a7aaba272e41cc85ae8a140 1970 text optional libxslt_1.1.26-13.dsc
 51955cfd62dc63465c57363370fee606 30490 text optional 
libxslt_1.1.26-13.debian.tar.gz
 a8b85613a162480597e8cba6cc54ce99 251796 libs optional 
libxslt1.1_1.1.26-13_amd64.deb
 d29e8cf76a7fc9ecf637d17855ee6a40 649602 libdevel optional 
libxslt1-dev_1.1.26-13_amd64.deb
 a5897a9a9a218a59085bc4b5c2353fc7 501882 debug extra 
libxslt1-dbg_1.1.26-13_amd64.deb
 7143901755701e5d7ab5464419f9349e 115842 text optional 
xsltproc_1.1.26-13_amd64.deb
 c8b38b830a976c803fedf31373d8806e 170512 python optional 
python-libxslt1_1.1.26-13_amd64.deb
 a58edb0b8e4f01517593d267ab3c37da 409606 debug extra 
python-libxslt1-dbg_1.1.26-13_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAEBAgAGBQJP9WFfAAoJEIAhAkTu07wNJSgIANJJfPkbGysLYckTqQwekxRw
z/nuDjfiQs3PWDxR9PxrgQZD7kHKNEC6StrmAfX5ybf8/Mvw2aTtu0+nEyvrUDWe
3iKWDO2B7An9SlGYx4WkrOYZrVG5VHHeVXUtpghuypiYyrDZHYvf9V66CHx/s0Uy
dleEOw6aeG0vlHFbdFPHtk2dR6U+9rlwyfeF4fGzVDclJL2Zc6f33qnIZdqfQlQ7
pq5OnKx8+ihdALGKh3o64oVpvPZy15n37UcYMqALs0bX1XORtI16yPvePsva6XeH
Q4eGjsvR+jCLamQNCUjkBSBjwBfAviQxyo1Cffu+E06mZLv6o1aow7siOUQ1LZE=
=3ezc
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to