Your message dated Sun, 19 Nov 2017 22:47:41 +0000 with message-id <e1egynj-000enl...@fasolo.debian.org> and subject line Bug#866676: fixed in libxml-libxml-perl 2.0116+dfsg-1+deb8u2 has caused the Debian Bug report #866676, regarding libxml-libxml-perl: CVE-2017-10672: Use-after-free in XML::LibXML::Node::replaceChild to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 866676: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866676 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libxml-libxml-perl Version: 2.0116+dfsg-1 Severity: grave Tags: security upstream Forwarded: https://rt.cpan.org/Ticket/Display.html?id=122246 Hi, the following vulnerability was published for libxml-libxml-perl. Filling this one for now as severity grave, but we might adjust later the severity if not appropriate. CVE-2017-10672[0]: | Use-after-free in the XML-LibXML module through 2.0129 for Perl allows | remote attackers to execute arbitrary code by controlling the arguments | to a replaceChild call. There is no upstream fix yet. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-10672 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10672 [1] https://rt.cpan.org/Ticket/Display.html?id=122246 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libxml-libxml-perl Source-Version: 2.0116+dfsg-1+deb8u2 We believe that the bug you reported is fixed in the latest version of libxml-libxml-perl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 866...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libxml-libxml-perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 18 Nov 2017 14:14:08 +0100 Source: libxml-libxml-perl Binary: libxml-libxml-perl Architecture: source Version: 2.0116+dfsg-1+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 866676 Description: libxml-libxml-perl - Perl interface to the libxml2 library Changes: libxml-libxml-perl (2.0116+dfsg-1+deb8u2) jessie-security; urgency=high . * Team upload. * CVE-2017-10672: Use-after-free by controlling the arguments to a replaceChild call (Closes: #866676) Checksums-Sha1: 4fc8c11dd496c49b199d74e1c6456fc3421484a2 2452 libxml-libxml-perl_2.0116+dfsg-1+deb8u2.dsc 9747a0c2bba0dba29d22fa2cecdfdd5f1662040d 12560 libxml-libxml-perl_2.0116+dfsg-1+deb8u2.debian.tar.xz Checksums-Sha256: 372a6f3c98276ab476ff4583bd1f9d6af1c9aece4f3ba7851310178195ce4374 2452 libxml-libxml-perl_2.0116+dfsg-1+deb8u2.dsc 96398255de715e0d767a28d2f92adbff14803cf85c16df0fe04a0e198d6b832f 12560 libxml-libxml-perl_2.0116+dfsg-1+deb8u2.debian.tar.xz Files: 4efd990005b09f5236dfefdcf11c1677 2452 perl optional libxml-libxml-perl_2.0116+dfsg-1+deb8u2.dsc 7ac528ad38c2e15fa3f32d9423f4a459 12560 perl optional libxml-libxml-perl_2.0116+dfsg-1+deb8u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAloQNHFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EP8YP/idtszIfYkOLfTiG2elvS+93dji3rytz uTCUlUzc9FrAf/YOTOnymcqbf5jhJ/2PK8o5IbwUvrB+QUrSKNo2gm1JdFzy2+cX G+NHaH3O0YgKLqSczoZto/fWpLr8cpJ3IvlRCoXrIzmQz2LkuSluqXGeMoIkiurs nTel3PKhE7w00e7koV7xc5IG7unfQoj+R+zYbqeL6MEuSetv4/BADZk0dfkBP6pp 9W88qUPxsVB/QyXJKFSp/v5521CzS9XAQM5FK56jEXRynGf8lH/ow9YKXo7ELeK8 oOgBI15bDZFJPNcX1ka/eJW3KvgfOgtsUGiXdoVuY5ePXTAWS2gHSIdeVkRvpO6M SXT7l4wUvkHyYuNfUybLbdspY9qgEfQ7Xzi1LG4QhNIlqjA/JR6b4A9YwTpSp8yy /N/4kx3pxuw6ZHfh6EAU2Jvtnqdx8PVJRLl1aFr6eNdyd5xqnmjGXl0USp7pVpDM oIDhYBarBZsm/7y8Nn90zezeld1bbwGeNfYPjfauq2hrCGPK5BJAeM9gBs04v3y6 BIcMDKvGs7X01dujVzJqyL36KWsXJTTuX30u+xd+yN27MszFSgSOiNlFwE78eA51 33V78KXinTDBOW0IJfj+dUzpLISezXOr8ysm0OKz4lIwET1FKAb3wunQENMqWfoG 5kTob+pDCtq5 =ZzgN -----END PGP SIGNATURE-----
--- End Message ---
