Bug#702260: marked as done (libxml2: CVE-2013-0338 CVE-2013-0339)

[Debian Bug Tracking System]

Your message dated Wed, 27 Mar 2013 06:32:05 +0000
with message-id <e1ukju1-0006m9...@franck.debian.org>
and subject line Bug#702260: fixed in libxml2 2.7.8.dfsg-2+squeeze7
has caused the Debian Bug report #702260,
regarding libxml2: CVE-2013-0338 CVE-2013-0339
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
702260: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702260
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libxml2
Severity: grave
Tags: security
Justification: user security hole

Please see the Red Hat Bugzilla entries for more details:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0338
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0339

Patch:
http://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: libxml2
Source-Version: 2.7.8.dfsg-2+squeeze7

We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 702...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <mgilb...@debian.org> (supplier of updated libxml2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 25 Mar 2013 23:52:58 +0000
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc 
python-libxml2 python-libxml2-dbg
Architecture: source amd64 all
Version: 2.7.8.dfsg-2+squeeze7
Distribution: stable-security
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-p...@lists.alioth.debian.org>
Changed-By: Michael Gilbert <mgilb...@debian.org>
Description: 
 libxml2    - GNOME XML library
 libxml2-dbg - Debugging symbols for the GNOME XML library
 libxml2-dev - Development files for the GNOME XML library
 libxml2-doc - Documentation for the GNOME XML library
 libxml2-utils - XML utilities
 python-libxml2 - Python bindings for the GNOME XML library
 python-libxml2-dbg - Python bindings for the GNOME XML library (debug 
extension)
Closes: 702260
Changes: 
 libxml2 (2.7.8.dfsg-2+squeeze7) stable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix cve-2013-0338 and cve-2013-0339: large memory consuption issues when
     performing string substition during entity expansion (closes: #702260).
Checksums-Sha1: 
 d5ea490fbd5d6b9bcd8a1c7ce014b9fe17ab59df 2888 libxml2_2.7.8.dfsg-2+squeeze7.dsc
 dc017c3621a681d6872f4ea8bb1a23939d8839e9 119263 
libxml2_2.7.8.dfsg-2+squeeze7.diff.gz
 e66ae1c5cff7258a792c10aa6ea44a3b97b65b3f 874206 
libxml2_2.7.8.dfsg-2+squeeze7_amd64.deb
 114ab135376cdcd59784808aee3a295984f14abb 94050 
libxml2-utils_2.7.8.dfsg-2+squeeze7_amd64.deb
 9038504b9f072eae6aeec9bbebd3da12198a17f4 831920 
libxml2-dev_2.7.8.dfsg-2+squeeze7_amd64.deb
 11d46643e1d890e47334889b3a3406434dd953f2 988858 
libxml2-dbg_2.7.8.dfsg-2+squeeze7_amd64.deb
 2d35b7f809cb5e0ae900517d0770e898876a0d81 1373016 
libxml2-doc_2.7.8.dfsg-2+squeeze7_all.deb
 06a12590126c21d83faa90a50c1580d06d649682 339894 
python-libxml2_2.7.8.dfsg-2+squeeze7_amd64.deb
 5696aa5aa901f9b4b497d346618ad499f0198836 870040 
python-libxml2-dbg_2.7.8.dfsg-2+squeeze7_amd64.deb
Checksums-Sha256: 
 2f546ef13b636a87d5643c308cc4df8f3bba3752437ef46eee0b1a6de8644095 2888 
libxml2_2.7.8.dfsg-2+squeeze7.dsc
 fc6572b2482f5ab08dbd12c0458d59c3deca98965575dd1f615f2112402a14dc 119263 
libxml2_2.7.8.dfsg-2+squeeze7.diff.gz
 61a1c91a87cbf559c5f7b479f5a51741802d5823d145f5da836f2de9ce7676a1 874206 
libxml2_2.7.8.dfsg-2+squeeze7_amd64.deb
 53c6fee546feec9cf76e8cd12e4dba95aeefc34f6e24c753b44fc32646f37c24 94050 
libxml2-utils_2.7.8.dfsg-2+squeeze7_amd64.deb
 c19ecf32ff09beebf95564897ee947f4d4cda35a768629b77758967b1cf9dad7 831920 
libxml2-dev_2.7.8.dfsg-2+squeeze7_amd64.deb
 b7e31ee9cb51ea02151207f6d599b89760bc3782e0176f9b5959f99e65977a6b 988858 
libxml2-dbg_2.7.8.dfsg-2+squeeze7_amd64.deb
 96072a933869c80e99facb39a7f38e4e9c390fd605dcd1aaa3db23be35233a60 1373016 
libxml2-doc_2.7.8.dfsg-2+squeeze7_all.deb
 32b22ddbd9f9f6ed16e2bf5dea45a6f389d8f4a8f3a9e9538ab1074f06244a4a 339894 
python-libxml2_2.7.8.dfsg-2+squeeze7_amd64.deb
 497021e00e09333c573d10881f292e8c0a7618a73cff739d8b47c32d75aa5f18 870040 
python-libxml2-dbg_2.7.8.dfsg-2+squeeze7_amd64.deb
Files: 
 595067fbabf7626fd9ee9aebd8155949 2888 libs optional 
libxml2_2.7.8.dfsg-2+squeeze7.dsc
 a6c87ea23856e58ff5ab168cc599d4ba 119263 libs optional 
libxml2_2.7.8.dfsg-2+squeeze7.diff.gz
 364e0ae82394aa0276c2030488a991d7 874206 libs standard 
libxml2_2.7.8.dfsg-2+squeeze7_amd64.deb
 e7a5506f849522716c4d863e40c95772 94050 text optional 
libxml2-utils_2.7.8.dfsg-2+squeeze7_amd64.deb
 7f2b45da2f53a9fc32606d9125a42183 831920 libdevel optional 
libxml2-dev_2.7.8.dfsg-2+squeeze7_amd64.deb
 9805c73242bb5775c9b9aaeb9e200a26 988858 debug extra 
libxml2-dbg_2.7.8.dfsg-2+squeeze7_amd64.deb
 059e526c43a67ab58d452858bb3320a1 1373016 doc optional 
libxml2-doc_2.7.8.dfsg-2+squeeze7_all.deb
 9917c0ea043e7a6ab215278769604c52 339894 python optional 
python-libxml2_2.7.8.dfsg-2+squeeze7_amd64.deb
 4e0f4e65df47d8943ae9be3c4a57c36d 870040 debug extra 
python-libxml2-dbg_2.7.8.dfsg-2+squeeze7_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQQcBAEBCAAGBQJRUOWcAAoJELjWss0C1vRzbnIgALDlX4N+Ayu6IwM3DHykVwdu
GA8IRF5simG3fHFb7CEw2BZY021PuiHAvyvu8L+uOBlMczYX7v+5bRqKfCsatFbb
6nHDCkX7dKOZL3AIpMy48XuG4ACtctAL4F3skATcTi6okyyAssXnYMdjaKgc8G/Z
K/BfTizIOXl6qEaoI020mBG/wRJjb2Z8RLaym1t6AMq4LjVne63fK35HyFPtQbfL
5Z6VG5d8SXW5DmkvElWQYmpqNV5/V30z1zwsZBsvVPlJszxgK6V20pj+eJ6aiLDL
Gqjh30Gy5rr0sq9F1wGlN52Dd1wFo+NzSuO8JUvdekdaow+4h7h+FD8g4op7eHlf
ZWB5Pe05FRh/Qk7j/mns2DHZqeAIbx5zBW87zKw/u+JwiJfr+6oNWDPanZH/5Z6B
XoF4Cu23CHio+LQo57IChc8Cr5XBTTS6fAv6NzwNe53crh5CO0r6sYsb1oROFxe/
EgyFzE0k3sRi0HOdIsJ39LO+XvDadzehfCs+46YD6Ltni601XdIJLqvCnCPWWXj7
CXoVF/WNP8sLjSzUSbvBiY0Sz7oKIebNq+GYMsZUgFIpYAVpMv05HYFEtvIOpDhX
4bPxjYHZkKehHnstwoax2iKJ0n0AU+jZ7DrLPeCNCp04Nc9G+ctYW0daw/rkqI+f
6J7rfJfK21eMl8l01pLEgG7Hm9afEPkPZdoS6P/I3RPs3GPSsch+9WFJhSAMJcL4
/PRLRmgNNmXK3Cbm7/Fxr9AUywKwOFSZp8jPpObi5N/azRHJ/J6QHr1JmJYaHCfm
5B6s94LpMabiuD8Q7GhuqWfi9lSoYr7Bg5ov2AkfnaoZAViEQib+2g7V4tMOWxFl
6OSkBkqjjFo6+Xjy6IVt8MsFqbXokFl/vqLhN7Er/traFlXIBRCN4dEYmC3uDqbH
26uvct8BASAkJ7plTDC0/rO+czVEfNfyDD0Bqc4+A0M13OdAtrB/eth9pyvIgtZ1
a89ymiDqB/mYTWn/4sB0lflsTMd8H8VG9Y+VUhXPCCxL3Lmqsnr1LFAjUsHyJ7RF
vnak4ZilgxdD2Fv88OjTLEtYAHFvh0M0l+goVWlQoPSKFR2D/8aocU5oOuIo2Aon
UYIffR5gagOADgLQVpolVxd6PZA7EapC0Q6MxM5e+gM6+Rs1UvL7OFTakxhHZTri
oyXgcQBFA55NAigKxgDt0I8pnG/0QmjiKIHDMKq3Yrr3cVk7g8FNR5QijkRyAb7s
iiVC0H7KvnDcKL5N0jVzCGqeOsSDVFegejHDLHiHlVthZ3WGVdI1eRNMoNmBklK2
LNkm5c0k/yund5qLM76T1MCxtQ012YSR7liJqv5f9LIYyFiF8MNwD9qhGi/k1dU=
=JgZ9
-----END PGP SIGNATURE-----

--- End Message ---