Your message dated Fri, 24 Jul 2015 15:35:12 +0000 with message-id <e1zif0c-00025w...@franck.debian.org> and subject line Bug#793484: fixed in expat 2.1.0-7 has caused the Debian Bug report #793484, regarding expat: CVE-2015-1283: Multiple integer overflows in the XML_GetBuffer function to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 793484: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793484 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: expat Severity: grave Tags: security patch Hi, the following vulnerability was published for expat. CVE-2015-1283[0]: | Multiple integer overflows in the XML_GetBuffer function in Expat | through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other | products, allow remote attackers to cause a denial of service | (heap-based buffer overflow) or possibly have unspecified other impact | via crafted XML data, a related issue to CVE-2015-2716. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-1283 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283 Please adjust the affected versions in the BTS as needed. It looks like that Mozilla wrote a patch here: https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c And chromium reused that patch too. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/
--- End Message ---
--- Begin Message ---Source: expat Source-Version: 2.1.0-7 We believe that the bug you reported is fixed in the latest version of expat, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 793...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Laszlo Boszormenyi (GCS) <g...@debian.org> (supplier of updated expat package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 24 Jul 2015 14:48:45 +0000 Source: expat Binary: lib64expat1-dev lib64expat1 libexpat1-dev libexpat1 libexpat1-udeb expat Architecture: source amd64 Version: 2.1.0-7 Distribution: unstable Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <g...@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <g...@debian.org> Description: expat - XML parsing C library - example application lib64expat1 - XML parsing C library - runtime library (64bit) lib64expat1-dev - XML parsing C library - development kit (64bit) libexpat1 - XML parsing C library - runtime library libexpat1-dev - XML parsing C library - development kit libexpat1-udeb - XML parsing C library - runtime library (udeb) Closes: 793484 Changes: expat (2.1.0-7) unstable; urgency=high . * Fix CVE-2015-1283, multiple integer overflows in the XML_GetBuffer function (closes: #793484). * Update Standards-Version to 3.9.6 . Checksums-Sha1: f14201ad9f9ae57bf82bdfcdc183c9ece093505d 2250 expat_2.1.0-7.dsc 35729c51d4677e39828e83d388ea165239d94463 15232 expat_2.1.0-7.debian.tar.xz b602d78312bf3e517adbdb2bff228ae7a36411e4 23886 expat_2.1.0-7_amd64.deb 5aa8b17bb41f6e46e30fac47683530f886a53497 126000 libexpat1-dev_2.1.0-7_amd64.deb 02988e296a7dbc857a93ae391dbd982f8d7d2b66 52204 libexpat1-udeb_2.1.0-7_amd64.udeb 9431efc092d953e51303d4805b949b32df9486c2 79982 libexpat1_2.1.0-7_amd64.deb Checksums-Sha256: ea61494d57d7c5f3b0dcd7cf08692cdc7535ed1755ded2fc9e34f5d26483f948 2250 expat_2.1.0-7.dsc e45e1f1404c49e5d5942c74881c64c32aad5a7b37761aca094d456f26fec4256 15232 expat_2.1.0-7.debian.tar.xz f9e466d71e66a03094d6b9c373fcc4e5229ead3fe559775d48a5147ea74b6664 23886 expat_2.1.0-7_amd64.deb ed819a73c524e07f9ed2e1f1bdf7f45f8df9cbfa966f4c5bf52d61223c9424a7 126000 libexpat1-dev_2.1.0-7_amd64.deb f6d3d47e46c0eb40f8295bff8b86d0637c79e7f0e916455fcd94c0163da2a08f 52204 libexpat1-udeb_2.1.0-7_amd64.udeb 5d5803bcf3bcf73e9b348ab069023ca41240184a56c803c587e65e316c1d3f73 79982 libexpat1_2.1.0-7_amd64.deb Files: 64b99f522404d81475b529b6ba2ced53 2250 text optional expat_2.1.0-7.dsc 8402b9763a40714e138ada6e6a054be5 15232 text optional expat_2.1.0-7.debian.tar.xz 817834c0bfbef940d3914b8472c95240 23886 text optional expat_2.1.0-7_amd64.deb fba0b19486dc4a5f3fe9b8f6e729d4e0 126000 libdevel optional libexpat1-dev_2.1.0-7_amd64.deb e19b918db2ddde3e0ccec1851fa366cf 52204 debian-installer extra libexpat1-udeb_2.1.0-7_amd64.udeb 456faf4a54a2b854ce26c4dd2a155bbc 79982 libs optional libexpat1_2.1.0-7_amd64.deb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJVslcZAAoJENzjEOeGTMi/pFIP/37J5IEEEJ/yeFs0W0Wdqw+q 7RDUBhjQu6hQsjbGMOwoy/aTV+CAtlE+vFfVpUKF+0SmT380NqkX0xAV7y5r2DgL 5bnk2FVw944AQdieVvHstebt8GQ55IIstV2mLBK9oDj3v1ABukq476QUvdBl+aC0 jkJhIzOosU5x6WQ3qyCJevnq0+OmNECh1S5QZR7tiCLgoTFxarROo/7eLWFBl6ty nvSuBTA71M9msOIku03mh+D2wEmixF7xkNO2/DClaBCKjoLj7f8Jb+zkn05bazB5 m+ZyznkWvetyV4kNrDGL/BeF6yvlfU5urzkg4POHONKbzsTtAs4ANbuhMh/wRj5Z SXGSbaQWuj59Pf9XePMBMUm6dGiTxfrp1uy9YRUiG5KayrkIjaZ6FeNesC1VFqZm PrF/YsIBGFJ8+I2xEX0KHzdgZptmiDbTaFzebbQz3bI8Z3v2MIQeUQ8xsV0dNXzE pktTa1ysM6KUYjY/TGaiR/xqTaUq8WwhYhwSAx7/228d6uXKPwt2FNP9veIW8CgE +T9kKi6AOpVAwHWBMDb3daAsCNKpbpYNoBEJdQPNj8awWLmpTTnbz2lXcunrR0Di amVcT49SA5/euvBb3AfsNHSgNyeWyobSmbbCvLV0BwEaubc3RpWpU51X9XvkrFiZ IkqPrDIHdgNKFAZfKrJB =LGv5 -----END PGP SIGNATURE-----
--- End Message ---
