Your message dated Sun, 26 Oct 2014 01:04:16 +0000
with message-id <e1xicfk-00027q...@franck.debian.org>
and subject line Bug#765722: fixed in libxml2 2.9.2+dfsg1-1
has caused the Debian Bug report #765722,
regarding CVE-2014-3660 libxml2 billion laugh variant
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
765722: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765722
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libxml2
Severity: serious
Tags: security patch
Hi,
The Netherlands Cyber Security Center announced an issue in libxml2.
https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html
It seems to be a variant of the classic 'billion laughs' vulnerability.
Upstream has fixed this in 2.9.2:
https://git.gnome.org/browse/libxml2/commit/?id=be2a7edaf289c5da74a4f9ed3a0b6c733e775230
Cheers,
Thijs
--- End Message ---
--- Begin Message ---
Source: libxml2
Source-Version: 2.9.2+dfsg1-1
We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 765...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aron Xu <a...@debian.org> (supplier of updated libxml2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 26 Oct 2014 07:04:50 +0800
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg
libxml2-doc python-libxml2 python-libxml2-dbg
Architecture: source amd64 all
Version: 2.9.2+dfsg1-1
Distribution: unstable
Urgency: low
Maintainer: Debian XML/SGML Group <debian-xml-sgml-p...@lists.alioth.debian.org>
Changed-By: Aron Xu <a...@debian.org>
Description:
libxml2 - GNOME XML library
libxml2-dbg - Debugging symbols for the GNOME XML library
libxml2-dev - Development files for the GNOME XML library
libxml2-doc - Documentation for the GNOME XML library
libxml2-utils - XML utilities
libxml2-utils-dbg - XML utilities (debug extension)
python-libxml2 - Python bindings for the GNOME XML library
python-libxml2-dbg - Python bindings for the GNOME XML library (debug
extension)
Closes: 765722
Changes:
libxml2 (2.9.2+dfsg1-1) unstable; urgency=low
.
* New upstream release (Closes: #765722, CVE-2014-3660)
* Remove no-longer-needed upstream patches
* Update distro patch
* Std-ver: 3.9.5 -> 3.9.6, no change.
Checksums-Sha1:
b33bc6c1a2453df7450f6f03fabadee08421e16f 2578 libxml2_2.9.2+dfsg1-1.dsc
6dc1815cd83ecda87988d7528fc918f2aca91cfc 2473592
libxml2_2.9.2+dfsg1.orig.tar.xz
07d798e1920f0372b7f1c166e4109a0c35c8906a 22916
libxml2_2.9.2+dfsg1-1.debian.tar.xz
2dbaa2a73560955e36c757d4cabdedb99fef5f7e 932966 libxml2_2.9.2+dfsg1-1_amd64.deb
45a7d6a962bfbe7a5279033d6ce64859ea80efa3 101570
libxml2-utils_2.9.2+dfsg1-1_amd64.deb
9aadccfc3a64a41277a9b7f7c8ee4d78a5c6c402 132428
libxml2-utils-dbg_2.9.2+dfsg1-1_amd64.deb
c322d80f1233d4a61f2368c57bf59e620e28d746 826726
libxml2-dev_2.9.2+dfsg1-1_amd64.deb
d2d12c77a88b424fab9eb28e7934d6d522cee10c 1599626
libxml2-dbg_2.9.2+dfsg1-1_amd64.deb
eab48d71b806999062043f907c5be4564b41abab 823914
libxml2-doc_2.9.2+dfsg1-1_all.deb
7481a03de5d78597d6b7dce146b2fd7e28ec718d 203788
python-libxml2_2.9.2+dfsg1-1_amd64.deb
11696f3e37825f5af648c91a2ba23d64a59ee383 331994
python-libxml2-dbg_2.9.2+dfsg1-1_amd64.deb
Checksums-Sha256:
edbdfc52935b14210c7cacd84e625350d29c913f5d9043e5336ed30488c77097 2578
libxml2_2.9.2+dfsg1-1.dsc
0e2ba8bcdb181343f78acfacd342f211f70894b904747367c52011ab9a096776 2473592
libxml2_2.9.2+dfsg1.orig.tar.xz
ff2ab07c7b6220572dc4a513d0ac037095c24ed51ee42452fff3bd64ae465a99 22916
libxml2_2.9.2+dfsg1-1.debian.tar.xz
5d2348eb0cc17623251362dc0a56dbe27bf765e1b7a8daa7dd8ca09da9c45192 932966
libxml2_2.9.2+dfsg1-1_amd64.deb
41e651a4499aebf4719d7e1e0368100dcfef548a11ef28e3af5a7ff862c35c1b 101570
libxml2-utils_2.9.2+dfsg1-1_amd64.deb
188ef6f0a693a16f67a8835e5cecad68b4fd4ce6e5fb6e48c88d37be94ee5225 132428
libxml2-utils-dbg_2.9.2+dfsg1-1_amd64.deb
51ffe88790f73c796ef5c583ad3418d4911eb0899ba6db85a593ef452569be41 826726
libxml2-dev_2.9.2+dfsg1-1_amd64.deb
57b377a49a684b2e258675d20bd1ed263cdbc671b3cb4c1b56ed232fc3335ecc 1599626
libxml2-dbg_2.9.2+dfsg1-1_amd64.deb
8375353efc8a1606d28333003e748f490c99b01ed7612d63d1893b1f770cff07 823914
libxml2-doc_2.9.2+dfsg1-1_all.deb
03fe267273dfe09b24e8c750f52aa25ef92f91a1879ea651e79fdaa69f9af6c1 203788
python-libxml2_2.9.2+dfsg1-1_amd64.deb
c91ae76ae789c509e0160628d4a6c772080948ba656d8832b3bfb70bebd2c869 331994
python-libxml2-dbg_2.9.2+dfsg1-1_amd64.deb
Files:
b5c2fca4d36d55d2719bf252a998c0c4 2578 libs optional libxml2_2.9.2+dfsg1-1.dsc
459ddafff94a763976bbdccfcc6394f7 2473592 libs optional
libxml2_2.9.2+dfsg1.orig.tar.xz
2a5a00844e47101822f0d1bcc0be443f 22916 libs optional
libxml2_2.9.2+dfsg1-1.debian.tar.xz
cc72d1abbd029405fcb677b32a765f82 932966 libs standard
libxml2_2.9.2+dfsg1-1_amd64.deb
755f9e85b1211241aae69d599f06130c 101570 text optional
libxml2-utils_2.9.2+dfsg1-1_amd64.deb
bfc9d0f74ba736f60d9d86d4bd5d06fc 132428 debug extra
libxml2-utils-dbg_2.9.2+dfsg1-1_amd64.deb
1613df1eb2110f62d33cb93cd1107a61 826726 libdevel optional
libxml2-dev_2.9.2+dfsg1-1_amd64.deb
8c8356cab60a7ddcd5c6aedaae55dd23 1599626 debug extra
libxml2-dbg_2.9.2+dfsg1-1_amd64.deb
8f482b293a72cbccfe0252b26c018ce4 823914 doc optional
libxml2-doc_2.9.2+dfsg1-1_all.deb
daa5e3648621aadf93f7855d4b9d5562 203788 python optional
python-libxml2_2.9.2+dfsg1-1_amd64.deb
dc1fdc170f0653af6eceb12589e0c624 331994 debug extra
python-libxml2-dbg_2.9.2+dfsg1-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJUTEa8AAoJEMOOgWCheEH+YpoP/jkME4CHjeZPDPCdkOUDkOfQ
dAOcbaDrZwO7InzPNGehM+VB8bdlE1XLqEHDvI/wxX2PpnAq+QUJiO92Tl9qrHVD
aaezLB2ghTrMQrRW5Xid+4THBe7CEnXUpjOcb6qZA/440L8MaQCBu7dQ+gNkGJn+
Nl1OHtEfDKkBj1+o64cuT/O5lk125A+Wb1xyj4Mr5DrYsVhynyn+g5RgW0oO8/FI
Y3cnS++RToOrpm6BU7tUmEkg6FLBtJx/XDR7fk2Y26OdP5HiW04Hm5AE4HrRXmmW
fRnGLQ9kr84b51ayjB5DDHxbRj8Z7MtwptutitfN9CY5YRKrJokYzxsZtu1Iptnj
3eeULO/Et8H89NAMHp302Ov5hEbCG7p4LhoIB1Vdx/rskUi4aslxnKWvjuRagdLg
Qx3bIpzAH6MpIz8hJMxhopMZBN7Ub8uXNSNDNGQbfvL7X9YPUh+EnVNvVmZUk6Ip
y7A4eBmvToB1YLx4lN8kxiw4QZE2gct6GrIGHjn8KA3gwOtj2Hx1WVYI8yr8qStc
b0866Mxf6WWQ6OxE90NQV03VCf1chwrDjKYt7xvM++MX/NAVl0FFS7sybU4z0mv0
1pxV8D12o/Oxg2rnvWfeL3koYDC/LLJ2A2X89ya3DNAQ0ldWAl6OlfxcRRCzIwdO
Ce89bAIEfc+FzhU4m52U
=BjRY
-----END PGP SIGNATURE-----
--- End Message ---