Your message dated Tue, 25 Apr 2017 19:47:14 +0000 with message-id <e1d36qc-0009de...@fasolo.debian.org> and subject line Bug#858546: fixed in libxslt 1.1.28-2+deb8u3 has caused the Debian Bug report #858546, regarding CVE-2017-5029: Integer overflow in xsltAddTextString to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 858546: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858546 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libxslt Severity: important Tags: security patch Hi, the following vulnerability was published for libxslt. The issue can be exploited to trigger an out of bounds write on 64-bit systems. CVE-2017-5029[0]: Integer overflow in xsltAddTextString If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. Upstream has committed a patch here: https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5 For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-5029 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5029 Please adjust the affected versions in the BTS as needed. -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/
--- End Message ---
--- Begin Message ---Source: libxslt Source-Version: 1.1.28-2+deb8u3 We believe that the bug you reported is fixed in the latest version of libxslt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 858...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libxslt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 14 Apr 2017 08:28:09 +0200 Source: libxslt Binary: libxslt1.1 libxslt1-dev libxslt1-dbg xsltproc python-libxslt1 python-libxslt1-dbg Architecture: source Version: 1.1.28-2+deb8u3 Distribution: jessie Urgency: medium Maintainer: Debian XML/SGML Group <debian-xml-sgml-p...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 858546 Description: libxslt1-dbg - XSLT 1.0 processing library - debugging symbols libxslt1-dev - XSLT 1.0 processing library - development kit libxslt1.1 - XSLT 1.0 processing library - runtime library python-libxslt1 - Python bindings for libxslt1 python-libxslt1-dbg - Python bindings for libxslt1 (debug extension) xsltproc - XSLT 1.0 command line processor Changes: libxslt (1.1.28-2+deb8u3) jessie; urgency=medium . * Non-maintainer upload. * Check for integer overflow in xsltAddTextString (CVE-2017-5029) (Closes: #858546) Checksums-Sha1: 109d85f493c890b4f678beed3a1eed2112482ca6 2558 libxslt_1.1.28-2+deb8u3.dsc f1970082becafde3a887caefb1052f2e4592aaa7 38232 libxslt_1.1.28-2+deb8u3.debian.tar.xz Checksums-Sha256: 3f6ef4e304e36b1cc6d07747bca5d3ae960829a816afaf33612b9e49ec4aa32a 2558 libxslt_1.1.28-2+deb8u3.dsc cd29e58484bae65a6bbd755db32fe5201d5ed9ddbbc39c6068b6264f9c3d9545 38232 libxslt_1.1.28-2+deb8u3.debian.tar.xz Files: f65e05803ce50dff13576bbb7da03b69 2558 text optional libxslt_1.1.28-2+deb8u3.dsc 13f99638f7814df18409b7928e0e9351 38232 text optional libxslt_1.1.28-2+deb8u3.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAljwbTFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EdzIQAJDaDtE3LYu0/5IFtfvm3sVfTai9qnrS eL8xk/ujA64DVHq/nRVjTY8BTk13KAASYsGk9msQ59sOTTNNIQIOFuQT145KSyjT iUc7nuaHoGYody8Lq45daNOUV/MNoAFINAdYWpWYQ+c2jbBbYEiq7ZXvYMtn6W8t 6MUegF3BXv9H8IxBOJdC/72FMbQaSGnlvOUD6thMEFGmfjICsMq3KtIEUaIkK+ai GhMQJjp5N0WlSIGFsydfbsZCKUwbGHSCCH2Tb748zr/nneHqElB91TYETtS4RmOe 8BWJkZNRrQJwrPcb5My+mXY8DvEHwhaMFRR0Wb7+tqnXOkvcWDsl5vdrJ1eMNIpu +I1Hn9P/6eGejUJBPnVu7Ri7f09RRKyyMGHaCgcsrOTuYVYCsYY+5LNKRI2joGP5 dqb6Tm55ITBqvnYKM8qCJRpWXXNBFfPU10GlTvYCzf+C7VAJOh9auDHRrdhsdG84 /SIguod52ohTjQbpWRRZmv/S57Rek0au5IbrwioZ7oByB9+kUfBqD2gHHpXoOmk7 +2y4Kq6FNHD37BRLv4v3afsA4t0wd701giU6X6tgRTdSsRpeqnl+uaBFiDxH40xK 2AK2cfjBak7SxkeZSNx7iaKBfHthm2Sw5QnxtW3uZwizz5vN8U4VOL5y0hXjyX9/ bvM2uQmRIAdd =I0uh -----END PGP SIGNATURE-----
--- End Message ---
