Your message dated Sat, 05 Nov 2022 22:47:07 +0000 with message-id <e1orrwr-00exv6...@fasolo.debian.org> and subject line Bug#1022225: fixed in libxml2 2.9.10+dfsg-6.7+deb11u3 has caused the Debian Bug report #1022225, regarding libxml2: CVE-2022-40304: dict corruption caused by entity reference cycles to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1022225: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022225 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libxml2 Version: 2.9.14+dfsg-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for libxml2. CVE-2022-40304[0]: | dict corruption caused by entity reference cycles If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-40304 https://www.cve.org/CVERecord?id=CVE-2022-40304 [1] https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libxml2 Source-Version: 2.9.10+dfsg-6.7+deb11u3 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of libxml2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1022...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libxml2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 30 Oct 2022 13:03:35 +0100 Source: libxml2 Architecture: source Version: 2.9.10+dfsg-6.7+deb11u3 Distribution: bullseye-security Urgency: high Maintainer: Debian XML/SGML Group <debian-xml-sgml-p...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 1022224 1022225 Changes: libxml2 (2.9.10+dfsg-6.7+deb11u3) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix integer overflows with XML_PARSE_HUGE (CVE-2022-40303) (Closes: #1022224) * Fix dict corruption caused by entity reference cycles (CVE-2022-40304) (Closes: #1022225) Checksums-Sha1: 57e29833098fbfa23acf20260986c0e5b9334537 2859 libxml2_2.9.10+dfsg-6.7+deb11u3.dsc 1dae8cb164f4e913ee8dfd95b1424c6ae7363b25 40092 libxml2_2.9.10+dfsg-6.7+deb11u3.debian.tar.xz Checksums-Sha256: 92c6d3646f72080370da38a84ee1b4a8c49f99d0254f81ea4e344a25c349915a 2859 libxml2_2.9.10+dfsg-6.7+deb11u3.dsc af3a4b06a555f9a39d7f7487c330787795d0878c0e28313fcff44904f99a291c 40092 libxml2_2.9.10+dfsg-6.7+deb11u3.debian.tar.xz Files: b68b1ce83ae37ad279e2c00a5c7e5724 2859 libs optional libxml2_2.9.10+dfsg-6.7+deb11u3.dsc 74fb0c6cb975afdb91a0973c7cb6627b 40092 libs optional libxml2_2.9.10+dfsg-6.7+deb11u3.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmNeaTBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EAngQAIrSmQnoUbPgiRgeKrtxrBHvLl3o09FO LivoDQTFFMVjtc9mVJQZBzjh4OWeyjG5nHrdf8AeOnXmJVX+I5XltCZiZJkMNh7Y cwvj18HJ0Pg/q3aFvoGgzDXRjo6oqs1ah9yi6yfNCgLGPi6gpqHR79v9KOc/kpIk b1WPZwBC4gsnAZZci9U/Di6PLojwOQ7yOXwHYBmgb7MB24AltP3+bMmz+0W+rsLx yl7pVJ+BZD7L2tCJx0zaiaSTVegqafT3owGw+fO0tzwO6Tb+DBi9WzvEoV7LtBIo rSeKBOrgYQK5SW8193tJBIC8MmTjFgutklDKJNRH+ZzsWKCRs3ijDhwpFzSuRm2A Cnjr0bcFQtbvOdRXshiwLqbW5josju7f3wweCWDzupYs2N+65Pp/F5QOUrv3ms49 xDvYakIrelACvhRaPSstp431g16oho9w8ub3qRycNRr07Omoc+xyOy47EV0z/FQ9 aT4YCzmEBBxgmpOumcK2TiN4KaSZcybAd+6IZxSNr38HjwQU5VbKFGsikeFn59eV wm1F9NyfA1MWaMt2b0nXSnrFSCH7eUKUeZO5VWvS5qkERH+sFV0iq+pN3ICGsgMP 3wzqp8NLXGSX8Y1O1njN4pP0fPi7vC7gIKulitajkz7L2Fn79sF7fvGyCq4wy8Wq MGslSwLUWDQi =qvNu -----END PGP SIGNATURE-----
--- End Message ---
