Your message dated Thu, 19 Sep 2019 22:36:33 +0000
with message-id <e1ib52p-0005do...@fasolo.debian.org>
and subject line Bug#888547: fixed in simple-xml 2.7.1-3
has caused the Debian Bug report #888547,
regarding CVE-2017-1000190: XXE vulnerability resulting in SSRF, information
disclosure, DoS, etc.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
888547: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888547
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: simple-xml
Severity: important
Tags: security
CVE-2017-1000190 has been assigned to this bug in simple-xml:
https://github.com/ngallagher/simplexml/issues/18
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: simple-xml
Source-Version: 2.7.1-3
We believe that the bug you reported is fixed in the latest version of
simple-xml, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 888...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Emmanuel Bourg <ebo...@apache.org> (supplier of updated simple-xml package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 20 Sep 2019 00:12:59 +0200
Source: simple-xml
Architecture: source
Version: 2.7.1-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: Emmanuel Bourg <ebo...@apache.org>
Closes: 888547
Changes:
simple-xml (2.7.1-3) unstable; urgency=medium
.
* Team upload.
* Fixed CVE-2017-1000190: XXE vulnerability (Closes: #888547)
* Enabled the unit tests
* Standards-Version updated to 4.4.0
Checksums-Sha1:
3f9d5f4aaf05297faa25cc70641b8ab7ed9f821b 2111 simple-xml_2.7.1-3.dsc
e08845258a56787bd7e17148bd571513fadd3cf3 5916 simple-xml_2.7.1-3.debian.tar.xz
0ed5d2a718b518181f498b7887e1e7937ac36177 8565
simple-xml_2.7.1-3_source.buildinfo
Checksums-Sha256:
e261346f0594dfbc0b9126d1a96a5368cc7b0279d14e68bf0631dbe923f7cd4e 2111
simple-xml_2.7.1-3.dsc
88737dfb2507b74d1ade090c77c271eddc22853d37e596171eced73f4cce0e0b 5916
simple-xml_2.7.1-3.debian.tar.xz
0c07e048bbae67e353cc5f7c4ee4ad87e98396204be5c45f69ecd7783e3f5290 8565
simple-xml_2.7.1-3_source.buildinfo
Files:
5cf696abd7b86e801842dd85c18d9890 2111 java optional simple-xml_2.7.1-3.dsc
7825a5aa7896ddbfd539ffa8d4c31fcf 5916 java optional
simple-xml_2.7.1-3.debian.tar.xz
62ec76103b0fc53a303dfd17d7c908e8 8565 java optional
simple-xml_2.7.1-3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAl2D/YYSHGVib3VyZ0Bh
cGFjaGUub3JnAAoJEPUTxBnkudCsXkUP/3ENfTToUWjK1/xSvD5/kfTpeMcdq+RX
Q/CHaa1kkBM6IGOkYHmP+44BryS2KzQZunBwTONWJPxlM7pFDPIIG2vlWHgYS8eB
6z0Nx011arJH1egmPd8wK5w7GLFQ8Any0D4neETffl3H8ZQ4hKda6dpevNBsWwN1
zftWpPjcoq5v5Opp2oUv8TuB2rYkaeh8rA0INHM4pw+Kx0UJor51CjLBmMwx6w/H
kRlvAbRLmXdG9GZ+cSbaX2YEbQLM3h4U0DQxT6vrrKDBjwQKzia9NzmG9c9bVV3n
kOVsPYUfwm7bypqo/ubMqii/XalJmnFKQR7SwvtRxJnWrNp4M26yZkEaXOMLHA4S
Rxcr8TMJj986R451nRXOS0t3P5cnsb7Grsaj39qXO8Stah22KVcEL7RkFVhQDQtM
ThOF+Srsf/f1OS9KahOfp2psidoeo78Rphwbpi9CsCZyR+DGvDjIP3N1kyYZDMq+
TL/61JAZ22rDCqWsZSWxjoj3/uVDaqlMnbffNu54YqfT4XjfRleiMIHz+FFA+TQB
3Gs4TEFPMhmWeplG/eRWh9MlZBd21/gEHnNUm+eezoCBI8rEq/wsS1fQTfi0BkSO
qMPZFvFx1l3SXfscRA8z2stgHzxsh95arMazaK6/eDW6TII3nRL1MtrpGVWN4GHX
JNrOPWdoG9y9
=QNmo
-----END PGP SIGNATURE-----
--- End Message ---
