Bug#656377: marked as done (libxml2: [PATCH] fix for CVE-2011-3919)
Your message dated Mon, 30 Jan 2012 21:50:43 + with message-id e1rrz7b-a4...@franck.debian.org and subject line Bug#656377: fixed in libxml2 2.6.32.dfsg-5+lenny5 has caused the Debian Bug report #656377, regarding libxml2: [PATCH] fix for CVE-2011-3919 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 656377: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656377 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libxml2 Version: 2.7.8.dfsg-5.1 Severity: grave Tags: patch security Justification: user security hole User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu precise ubuntu-patch Dear Maintainer, In Ubuntu, the attached patch was applied to achieve the following: * SECURITY UPDATE: denial of service via buffer overflow - parser.c: fix an allocation error when copying entities - 5bd3c061823a8499b27422aee04ea20aae24f03e - CVE-2011-3919 Thanks for considering the patch. References: http://git.gnome.org/browse/libxml2/commit/?id=5bd3c061823a8499b27422aee04ea20aae24f03e http://src.chromium.org/svn/trunk/src/third_party/libxml/README.chromium https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3919 http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html -- System Information: Debian Release: wheezy/sid APT prefers precise-updates APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500, 'precise') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-8-generic (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -u libxml2-2.7.8.dfsg/parser.c libxml2-2.7.8.dfsg/parser.c --- libxml2-2.7.8.dfsg/parser.c +++ libxml2-2.7.8.dfsg/parser.c @@ -2709,7 +2709,7 @@ buffer[nbchars++] = ''; if (nbchars buffer_size - i - XML_PARSER_BUFFER_SIZE) { - growBuffer(buffer, XML_PARSER_BUFFER_SIZE); + growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE); } for (;i 0;i--) buffer[nbchars++] = *cur++; diff -u libxml2-2.7.8.dfsg/debian/changelog libxml2-2.7.8.dfsg/debian/changelog ---End Message--- ---BeginMessage--- Source: libxml2 Source-Version: 2.6.32.dfsg-5+lenny5 We believe that the bug you reported is fixed in the latest version of libxml2, which is due to be installed in the Debian FTP archive: libxml2-dbg_2.6.32.dfsg-5+lenny5_amd64.deb to main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny5_amd64.deb libxml2-dev_2.6.32.dfsg-5+lenny5_amd64.deb to main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny5_amd64.deb libxml2-doc_2.6.32.dfsg-5+lenny5_all.deb to main/libx/libxml2/libxml2-doc_2.6.32.dfsg-5+lenny5_all.deb libxml2-utils_2.6.32.dfsg-5+lenny5_amd64.deb to main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny5_amd64.deb libxml2_2.6.32.dfsg-5+lenny5.diff.gz to main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny5.diff.gz libxml2_2.6.32.dfsg-5+lenny5.dsc to main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny5.dsc libxml2_2.6.32.dfsg-5+lenny5_amd64.deb to main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny5_amd64.deb python-libxml2_2.6.32.dfsg-5+lenny5_amd64.deb to main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny5_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 656...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aron Xu a...@debian.org (supplier of updated libxml2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 24 Jan 2012 06:04:56 +0800 Source: libxml2 Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc python-libxml2 Architecture: source all amd64 Version: 2.6.32.dfsg-5+lenny5 Distribution: oldstable-security Urgency: high Maintainer: Debian XML/SGML Group debian-xml-sgml-p...@lists.alioth.debian.org Changed-By: Aron Xu a...@debian.org Description: libxml2- GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-utils - XML utilities python-libxml2 - Python bindings for the GNOME XML library Closes: 643648 652352 656377 Changes: libxml2 (2.6.32.dfsg-5+lenny5) oldstable-security; urgency=high . * Security update. *
Bug#656377: marked as done (libxml2: [PATCH] fix for CVE-2011-3919)
Your message dated Sat, 28 Jan 2012 19:32:14 + with message-id e1rre0u-00037t...@franck.debian.org and subject line Bug#656377: fixed in libxml2 2.7.8.dfsg-2+squeeze2 has caused the Debian Bug report #656377, regarding libxml2: [PATCH] fix for CVE-2011-3919 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 656377: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656377 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libxml2 Version: 2.7.8.dfsg-5.1 Severity: grave Tags: patch security Justification: user security hole User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu precise ubuntu-patch Dear Maintainer, In Ubuntu, the attached patch was applied to achieve the following: * SECURITY UPDATE: denial of service via buffer overflow - parser.c: fix an allocation error when copying entities - 5bd3c061823a8499b27422aee04ea20aae24f03e - CVE-2011-3919 Thanks for considering the patch. References: http://git.gnome.org/browse/libxml2/commit/?id=5bd3c061823a8499b27422aee04ea20aae24f03e http://src.chromium.org/svn/trunk/src/third_party/libxml/README.chromium https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3919 http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html -- System Information: Debian Release: wheezy/sid APT prefers precise-updates APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500, 'precise') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-8-generic (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -u libxml2-2.7.8.dfsg/parser.c libxml2-2.7.8.dfsg/parser.c --- libxml2-2.7.8.dfsg/parser.c +++ libxml2-2.7.8.dfsg/parser.c @@ -2709,7 +2709,7 @@ buffer[nbchars++] = ''; if (nbchars buffer_size - i - XML_PARSER_BUFFER_SIZE) { - growBuffer(buffer, XML_PARSER_BUFFER_SIZE); + growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE); } for (;i 0;i--) buffer[nbchars++] = *cur++; diff -u libxml2-2.7.8.dfsg/debian/changelog libxml2-2.7.8.dfsg/debian/changelog ---End Message--- ---BeginMessage--- Source: libxml2 Source-Version: 2.7.8.dfsg-2+squeeze2 We believe that the bug you reported is fixed in the latest version of libxml2, which is due to be installed in the Debian FTP archive: libxml2-dbg_2.7.8.dfsg-2+squeeze2_amd64.deb to main/libx/libxml2/libxml2-dbg_2.7.8.dfsg-2+squeeze2_amd64.deb libxml2-dev_2.7.8.dfsg-2+squeeze2_amd64.deb to main/libx/libxml2/libxml2-dev_2.7.8.dfsg-2+squeeze2_amd64.deb libxml2-doc_2.7.8.dfsg-2+squeeze2_all.deb to main/libx/libxml2/libxml2-doc_2.7.8.dfsg-2+squeeze2_all.deb libxml2-utils_2.7.8.dfsg-2+squeeze2_amd64.deb to main/libx/libxml2/libxml2-utils_2.7.8.dfsg-2+squeeze2_amd64.deb libxml2_2.7.8.dfsg-2+squeeze2.diff.gz to main/libx/libxml2/libxml2_2.7.8.dfsg-2+squeeze2.diff.gz libxml2_2.7.8.dfsg-2+squeeze2.dsc to main/libx/libxml2/libxml2_2.7.8.dfsg-2+squeeze2.dsc libxml2_2.7.8.dfsg-2+squeeze2_amd64.deb to main/libx/libxml2/libxml2_2.7.8.dfsg-2+squeeze2_amd64.deb python-libxml2-dbg_2.7.8.dfsg-2+squeeze2_amd64.deb to main/libx/libxml2/python-libxml2-dbg_2.7.8.dfsg-2+squeeze2_amd64.deb python-libxml2_2.7.8.dfsg-2+squeeze2_amd64.deb to main/libx/libxml2/python-libxml2_2.7.8.dfsg-2+squeeze2_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 656...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aron Xu a...@debian.org (supplier of updated libxml2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 24 Jan 2012 03:25:23 +0800 Source: libxml2 Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg Architecture: source amd64 all Version: 2.7.8.dfsg-2+squeeze2 Distribution: stable-security Urgency: high Maintainer: Debian XML/SGML Group debian-xml-sgml-p...@lists.alioth.debian.org Changed-By: Aron Xu a...@debian.org Description: libxml2- GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-utils - XML utilities python-libxml2 - Python bindings for
Bug#656377: marked as done (libxml2: [PATCH] fix for CVE-2011-3919)
Your message dated Mon, 23 Jan 2012 06:47:43 + with message-id e1rpdgt-00046k...@franck.debian.org and subject line Bug#656377: fixed in libxml2 2.7.8.dfsg-7 has caused the Debian Bug report #656377, regarding libxml2: [PATCH] fix for CVE-2011-3919 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 656377: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656377 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libxml2 Version: 2.7.8.dfsg-5.1 Severity: grave Tags: patch security Justification: user security hole User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu precise ubuntu-patch Dear Maintainer, In Ubuntu, the attached patch was applied to achieve the following: * SECURITY UPDATE: denial of service via buffer overflow - parser.c: fix an allocation error when copying entities - 5bd3c061823a8499b27422aee04ea20aae24f03e - CVE-2011-3919 Thanks for considering the patch. References: http://git.gnome.org/browse/libxml2/commit/?id=5bd3c061823a8499b27422aee04ea20aae24f03e http://src.chromium.org/svn/trunk/src/third_party/libxml/README.chromium https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3919 http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html -- System Information: Debian Release: wheezy/sid APT prefers precise-updates APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500, 'precise') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-8-generic (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -u libxml2-2.7.8.dfsg/parser.c libxml2-2.7.8.dfsg/parser.c --- libxml2-2.7.8.dfsg/parser.c +++ libxml2-2.7.8.dfsg/parser.c @@ -2709,7 +2709,7 @@ buffer[nbchars++] = ''; if (nbchars buffer_size - i - XML_PARSER_BUFFER_SIZE) { - growBuffer(buffer, XML_PARSER_BUFFER_SIZE); + growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE); } for (;i 0;i--) buffer[nbchars++] = *cur++; diff -u libxml2-2.7.8.dfsg/debian/changelog libxml2-2.7.8.dfsg/debian/changelog ---End Message--- ---BeginMessage--- Source: libxml2 Source-Version: 2.7.8.dfsg-7 We believe that the bug you reported is fixed in the latest version of libxml2, which is due to be installed in the Debian FTP archive: libxml2-dbg_2.7.8.dfsg-7_i386.deb to main/libx/libxml2/libxml2-dbg_2.7.8.dfsg-7_i386.deb libxml2-dev_2.7.8.dfsg-7_i386.deb to main/libx/libxml2/libxml2-dev_2.7.8.dfsg-7_i386.deb libxml2-doc_2.7.8.dfsg-7_all.deb to main/libx/libxml2/libxml2-doc_2.7.8.dfsg-7_all.deb libxml2-utils_2.7.8.dfsg-7_i386.deb to main/libx/libxml2/libxml2-utils_2.7.8.dfsg-7_i386.deb libxml2_2.7.8.dfsg-7.diff.gz to main/libx/libxml2/libxml2_2.7.8.dfsg-7.diff.gz libxml2_2.7.8.dfsg-7.dsc to main/libx/libxml2/libxml2_2.7.8.dfsg-7.dsc libxml2_2.7.8.dfsg-7_i386.deb to main/libx/libxml2/libxml2_2.7.8.dfsg-7_i386.deb python-libxml2-dbg_2.7.8.dfsg-7_i386.deb to main/libx/libxml2/python-libxml2-dbg_2.7.8.dfsg-7_i386.deb python-libxml2_2.7.8.dfsg-7_i386.deb to main/libx/libxml2/python-libxml2_2.7.8.dfsg-7_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 656...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andrew O. Shadura bugzi...@tut.by (supplier of updated libxml2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Fri, 20 Jan 2012 12:54:41 +0300 Source: libxml2 Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg Architecture: source i386 all Version: 2.7.8.dfsg-7 Distribution: unstable Urgency: low Maintainer: Debian XML/SGML Group debian-xml-sgml-p...@lists.alioth.debian.org Changed-By: Andrew O. Shadura bugzi...@tut.by Description: libxml2- GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-utils - XML utilities python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) Closes: 656377 Changes: libxml2 (2.7.8.dfsg-7) unstable; urgency=high . * Team