Your message dated Wed, 29 Oct 2014 19:34:50 +0000
with message-id <e1xjz18-0003nl...@franck.debian.org>
and subject line Bug#765722: fixed in libxml2 2.7.8.dfsg-2+squeeze10
has caused the Debian Bug report #765722,
regarding CVE-2014-3660 libxml2 billion laugh variant
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
765722: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765722
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libxml2
Severity: serious
Tags: security patch
Hi,
The Netherlands Cyber Security Center announced an issue in libxml2.
https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html
It seems to be a variant of the classic 'billion laughs' vulnerability.
Upstream has fixed this in 2.9.2:
https://git.gnome.org/browse/libxml2/commit/?id=be2a7edaf289c5da74a4f9ed3a0b6c733e775230
Cheers,
Thijs
--- End Message ---
--- Begin Message ---
Source: libxml2
Source-Version: 2.7.8.dfsg-2+squeeze10
We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 765...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thorsten Alteholz <deb...@alteholz.de> (supplier of updated libxml2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 28 Oct 2014 18:00:28 +0100
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc
python-libxml2 python-libxml2-dbg
Architecture: source i386 all
Version: 2.7.8.dfsg-2+squeeze10
Distribution: squeeze-lts
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-p...@lists.alioth.debian.org>
Changed-By: Thorsten Alteholz <deb...@alteholz.de>
Description:
libxml2 - GNOME XML library
libxml2-dbg - Debugging symbols for the GNOME XML library
libxml2-dev - Development files for the GNOME XML library
libxml2-doc - Documentation for the GNOME XML library
libxml2-utils - XML utilities
python-libxml2 - Python bindings for the GNOME XML library
python-libxml2-dbg - Python bindings for the GNOME XML library (debug
extension)
Closes: 762864 765722
Changes:
libxml2 (2.7.8.dfsg-2+squeeze10) squeeze-lts; urgency=high
.
* Non-maintainer upload by the Squeeze LTS Team.
* Fix wrongly applied patch for CVE-2014-0191 (Closes: #762864)
* Add patch for CVE-2014-3660 (Closes: #765722)
Checksums-Sha1:
a3e519ddeb9fdbe342cc4a5db1fa20edb84b0521 2311
libxml2_2.7.8.dfsg-2+squeeze10.dsc
bf481743478da6899a65507a34b67731466960dd 3509930 libxml2_2.7.8.dfsg.orig.tar.gz
e57d4ca4635f7d652f241332cc5e51e3eef79eff 124159
libxml2_2.7.8.dfsg-2+squeeze10.diff.gz
7936822eafd70dbb3d5ca244e695d5fa0ca2121d 829480
libxml2_2.7.8.dfsg-2+squeeze10_i386.deb
1be0736c4d5f3c08ff70beccb65635a5cd91cedb 90910
libxml2-utils_2.7.8.dfsg-2+squeeze10_i386.deb
107133b4ebf8bfca5c4a0d5a6b33feca47183042 753492
libxml2-dev_2.7.8.dfsg-2+squeeze10_i386.deb
be561dddffa0afb47516c08ce6b22f8f954bb9e1 991394
libxml2-dbg_2.7.8.dfsg-2+squeeze10_i386.deb
29527627f5b593a47dc0060722c85b50c04adbcd 1382264
libxml2-doc_2.7.8.dfsg-2+squeeze10_all.deb
f69baf3d4f5e1abb55224238d3b04f40f171d0cd 310586
python-libxml2_2.7.8.dfsg-2+squeeze10_i386.deb
f2f3f70fb7be9dd8b4dacaeea7f6b1fe42d38470 823254
python-libxml2-dbg_2.7.8.dfsg-2+squeeze10_i386.deb
Checksums-Sha256:
a7eac158f88480083b15cb05c5879ec4c2346d8beebb694cf256dfc489cf42a4 2311
libxml2_2.7.8.dfsg-2+squeeze10.dsc
9f5262963fda356708903b42ff862a816c714582d0cf41477a8b3839945f0e43 3509930
libxml2_2.7.8.dfsg.orig.tar.gz
9579fe3a12d3ed3f90e62fe304bad6813cc1462ad4cdaa7e15f7dd23b4f33eb6 124159
libxml2_2.7.8.dfsg-2+squeeze10.diff.gz
0450ea20ef210affd223d55418906cb1efb31874040730de5f96bfeebba5ef51 829480
libxml2_2.7.8.dfsg-2+squeeze10_i386.deb
d3c35c1ecc4d6f3ef7030ce0821aa218678980a380684afa1292b70d75b3d29d 90910
libxml2-utils_2.7.8.dfsg-2+squeeze10_i386.deb
175833cf5cf4f27804ec6e5bb556f22580ad03ef108c56d3052f792eace7fb8f 753492
libxml2-dev_2.7.8.dfsg-2+squeeze10_i386.deb
31b9f3e087c5d202a6de5012371a70f6e485b92bf72b388aef90afa20c64f1e4 991394
libxml2-dbg_2.7.8.dfsg-2+squeeze10_i386.deb
cba40d11d807c73916062e7e4cc929f36b7eb938e1412d8fe1facab92f5e5527 1382264
libxml2-doc_2.7.8.dfsg-2+squeeze10_all.deb
c189d03eac971c2c1193bc6c7092a542498d5a68b2181f222f22304e643801f1 310586
python-libxml2_2.7.8.dfsg-2+squeeze10_i386.deb
00266eba79e4462dd2463c4e1765c929c442c873bbf6841c5adfaa69464ce5df 823254
python-libxml2-dbg_2.7.8.dfsg-2+squeeze10_i386.deb
Files:
d2c8572c6ef2d33d1822f50b67a90bab 2311 libs optional
libxml2_2.7.8.dfsg-2+squeeze10.dsc
116fd86aa1b392dfe38d6b17613deebb 3509930 libs optional
libxml2_2.7.8.dfsg.orig.tar.gz
c0947d08db8e293a0c7434fd213d3eb8 124159 libs optional
libxml2_2.7.8.dfsg-2+squeeze10.diff.gz
e95375e728e5e7b3530db39cc0917d33 829480 libs standard
libxml2_2.7.8.dfsg-2+squeeze10_i386.deb
8ce8da27e6c9ae4189f21ddfc0b4e1b6 90910 text optional
libxml2-utils_2.7.8.dfsg-2+squeeze10_i386.deb
b2a87a4ee5ba84f69775e69a36ece736 753492 libdevel optional
libxml2-dev_2.7.8.dfsg-2+squeeze10_i386.deb
ab2b1eea99b9d6acc8041130964eb999 991394 debug extra
libxml2-dbg_2.7.8.dfsg-2+squeeze10_i386.deb
e0b8dd8dd54d69e254fb25a741f356df 1382264 doc optional
libxml2-doc_2.7.8.dfsg-2+squeeze10_all.deb
53f5a1f198312d550ba45313e9ad6f9e 310586 python optional
python-libxml2_2.7.8.dfsg-2+squeeze10_i386.deb
6ddd57ca7e9a7d4409916da580b0ec64 823254 debug extra
python-libxml2-dbg_2.7.8.dfsg-2+squeeze10_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJUUT1BXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH56AP/3ykJiuFWkc2G9ESju+8c7on
6SyZnqIK264bZ3ZWrj0noNpC4S3HdsRnX4SQkck6KyaBSOZ6W9KmxRNeCppvmtSn
adtnug1F7dk4u8p+We2BAkE7wINmRpYqloezPjcOH36C9jGxJeK1+UdVCGOhvGzP
be2VNk6cmZbl9HB+qsijdV+wBx3A1Wu4OwfKQFz5f2vibwpI5Uve+RIIcYliHChm
BOuq2/npRfKsZ7Vss/tomPHVeCwY8x9qHfM5HLa742QG4E2bGFGlyjIkDy1XUbEf
tuW8sFw6DXMKaT2CUd1g1+Ch6wMznjWS39VHSyW4dwQmqpMMp3k+2JERYGf7iEZK
6/VBJJGK6gPfCAidIsHsEf2KDO/LuBAjAmQKCptF1nQsnF6Oor0TeVArm3c4be3T
PmWw9aeguDHYPyOpsVbZE5L8BBb9Ayj6zjUO8fJ7Su9LSmXTHNQNwPNsoQ51XvAB
iJkoI+7y9xDuCG4CrtXjZ+RLwBab+yVAHfBhD3jYWmqQoMlTE1ScmEyfaKL/Oas3
A1BZ70zVnNzW8Tbm/z7p0lbvjaz7cPVVP/iaP49aMzr9EUIIE5D/G1+sEELcz/Qs
0rdm2fHkosJWb/qELtlsjD5WgUmTPEXIhgL89rYVL2NRtNdg9h3bAnShZPTahbxv
TFK9vLxtRs2DcQGJ7s2O
=LFGW
-----END PGP SIGNATURE-----
--- End Message ---