Bug#656377: marked as done (libxml2: [PATCH] fix for CVE-2011-3919)
Your message dated Mon, 30 Jan 2012 21:50:43 +
with message-id e1rrz7b-a4...@franck.debian.org
and subject line Bug#656377: fixed in libxml2 2.6.32.dfsg-5+lenny5
has caused the Debian Bug report #656377,
regarding libxml2: [PATCH] fix for CVE-2011-3919
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
656377: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656377
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: libxml2
Version: 2.7.8.dfsg-5.1
Severity: grave
Tags: patch security
Justification: user security hole
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu precise ubuntu-patch
Dear Maintainer,
In Ubuntu, the attached patch was applied to achieve the following:
* SECURITY UPDATE: denial of service via buffer overflow
- parser.c: fix an allocation error when copying entities
- 5bd3c061823a8499b27422aee04ea20aae24f03e
- CVE-2011-3919
Thanks for considering the patch.
References:
http://git.gnome.org/browse/libxml2/commit/?id=5bd3c061823a8499b27422aee04ea20aae24f03e
http://src.chromium.org/svn/trunk/src/third_party/libxml/README.chromium
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3919
http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html
-- System Information:
Debian Release: wheezy/sid
APT prefers precise-updates
APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500,
'precise')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-8-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -u libxml2-2.7.8.dfsg/parser.c libxml2-2.7.8.dfsg/parser.c
--- libxml2-2.7.8.dfsg/parser.c
+++ libxml2-2.7.8.dfsg/parser.c
@@ -2709,7 +2709,7 @@
buffer[nbchars++] = '';
if (nbchars buffer_size - i - XML_PARSER_BUFFER_SIZE) {
- growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
+ growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE);
}
for (;i 0;i--)
buffer[nbchars++] = *cur++;
diff -u libxml2-2.7.8.dfsg/debian/changelog libxml2-2.7.8.dfsg/debian/changelog
---End Message---
---BeginMessage---
Source: libxml2
Source-Version: 2.6.32.dfsg-5+lenny5
We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive:
libxml2-dbg_2.6.32.dfsg-5+lenny5_amd64.deb
to main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny5_amd64.deb
libxml2-dev_2.6.32.dfsg-5+lenny5_amd64.deb
to main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny5_amd64.deb
libxml2-doc_2.6.32.dfsg-5+lenny5_all.deb
to main/libx/libxml2/libxml2-doc_2.6.32.dfsg-5+lenny5_all.deb
libxml2-utils_2.6.32.dfsg-5+lenny5_amd64.deb
to main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny5_amd64.deb
libxml2_2.6.32.dfsg-5+lenny5.diff.gz
to main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny5.diff.gz
libxml2_2.6.32.dfsg-5+lenny5.dsc
to main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny5.dsc
libxml2_2.6.32.dfsg-5+lenny5_amd64.deb
to main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny5_amd64.deb
python-libxml2_2.6.32.dfsg-5+lenny5_amd64.deb
to main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny5_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 656...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aron Xu a...@debian.org (supplier of updated libxml2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Tue, 24 Jan 2012 06:04:56 +0800
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc python-libxml2
Architecture: source all amd64
Version: 2.6.32.dfsg-5+lenny5
Distribution: oldstable-security
Urgency: high
Maintainer: Debian XML/SGML Group debian-xml-sgml-p...@lists.alioth.debian.org
Changed-By: Aron Xu a...@debian.org
Description:
libxml2- GNOME XML library
libxml2-dbg - Debugging symbols for the GNOME XML library
libxml2-dev - Development files for the GNOME XML library
libxml2-doc - Documentation for the GNOME XML library
libxml2-utils - XML utilities
python-libxml2 - Python bindings for the GNOME XML library
Closes: 643648 652352 656377
Changes:
libxml2 (2.6.32.dfsg-5+lenny5) oldstable-security; urgency=high
.
* Security update.
*
Bug#656377: marked as done (libxml2: [PATCH] fix for CVE-2011-3919)
Your message dated Sat, 28 Jan 2012 19:32:14 +
with message-id e1rre0u-00037t...@franck.debian.org
and subject line Bug#656377: fixed in libxml2 2.7.8.dfsg-2+squeeze2
has caused the Debian Bug report #656377,
regarding libxml2: [PATCH] fix for CVE-2011-3919
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
656377: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656377
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: libxml2
Version: 2.7.8.dfsg-5.1
Severity: grave
Tags: patch security
Justification: user security hole
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu precise ubuntu-patch
Dear Maintainer,
In Ubuntu, the attached patch was applied to achieve the following:
* SECURITY UPDATE: denial of service via buffer overflow
- parser.c: fix an allocation error when copying entities
- 5bd3c061823a8499b27422aee04ea20aae24f03e
- CVE-2011-3919
Thanks for considering the patch.
References:
http://git.gnome.org/browse/libxml2/commit/?id=5bd3c061823a8499b27422aee04ea20aae24f03e
http://src.chromium.org/svn/trunk/src/third_party/libxml/README.chromium
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3919
http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html
-- System Information:
Debian Release: wheezy/sid
APT prefers precise-updates
APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500,
'precise')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-8-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -u libxml2-2.7.8.dfsg/parser.c libxml2-2.7.8.dfsg/parser.c
--- libxml2-2.7.8.dfsg/parser.c
+++ libxml2-2.7.8.dfsg/parser.c
@@ -2709,7 +2709,7 @@
buffer[nbchars++] = '';
if (nbchars buffer_size - i - XML_PARSER_BUFFER_SIZE) {
- growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
+ growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE);
}
for (;i 0;i--)
buffer[nbchars++] = *cur++;
diff -u libxml2-2.7.8.dfsg/debian/changelog libxml2-2.7.8.dfsg/debian/changelog
---End Message---
---BeginMessage---
Source: libxml2
Source-Version: 2.7.8.dfsg-2+squeeze2
We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive:
libxml2-dbg_2.7.8.dfsg-2+squeeze2_amd64.deb
to main/libx/libxml2/libxml2-dbg_2.7.8.dfsg-2+squeeze2_amd64.deb
libxml2-dev_2.7.8.dfsg-2+squeeze2_amd64.deb
to main/libx/libxml2/libxml2-dev_2.7.8.dfsg-2+squeeze2_amd64.deb
libxml2-doc_2.7.8.dfsg-2+squeeze2_all.deb
to main/libx/libxml2/libxml2-doc_2.7.8.dfsg-2+squeeze2_all.deb
libxml2-utils_2.7.8.dfsg-2+squeeze2_amd64.deb
to main/libx/libxml2/libxml2-utils_2.7.8.dfsg-2+squeeze2_amd64.deb
libxml2_2.7.8.dfsg-2+squeeze2.diff.gz
to main/libx/libxml2/libxml2_2.7.8.dfsg-2+squeeze2.diff.gz
libxml2_2.7.8.dfsg-2+squeeze2.dsc
to main/libx/libxml2/libxml2_2.7.8.dfsg-2+squeeze2.dsc
libxml2_2.7.8.dfsg-2+squeeze2_amd64.deb
to main/libx/libxml2/libxml2_2.7.8.dfsg-2+squeeze2_amd64.deb
python-libxml2-dbg_2.7.8.dfsg-2+squeeze2_amd64.deb
to main/libx/libxml2/python-libxml2-dbg_2.7.8.dfsg-2+squeeze2_amd64.deb
python-libxml2_2.7.8.dfsg-2+squeeze2_amd64.deb
to main/libx/libxml2/python-libxml2_2.7.8.dfsg-2+squeeze2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 656...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aron Xu a...@debian.org (supplier of updated libxml2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Tue, 24 Jan 2012 03:25:23 +0800
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc
python-libxml2 python-libxml2-dbg
Architecture: source amd64 all
Version: 2.7.8.dfsg-2+squeeze2
Distribution: stable-security
Urgency: high
Maintainer: Debian XML/SGML Group debian-xml-sgml-p...@lists.alioth.debian.org
Changed-By: Aron Xu a...@debian.org
Description:
libxml2- GNOME XML library
libxml2-dbg - Debugging symbols for the GNOME XML library
libxml2-dev - Development files for the GNOME XML library
libxml2-doc - Documentation for the GNOME XML library
libxml2-utils - XML utilities
python-libxml2 - Python bindings for
Bug#656377: marked as done (libxml2: [PATCH] fix for CVE-2011-3919)
Your message dated Mon, 23 Jan 2012 06:47:43 +
with message-id e1rpdgt-00046k...@franck.debian.org
and subject line Bug#656377: fixed in libxml2 2.7.8.dfsg-7
has caused the Debian Bug report #656377,
regarding libxml2: [PATCH] fix for CVE-2011-3919
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
656377: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656377
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: libxml2
Version: 2.7.8.dfsg-5.1
Severity: grave
Tags: patch security
Justification: user security hole
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu precise ubuntu-patch
Dear Maintainer,
In Ubuntu, the attached patch was applied to achieve the following:
* SECURITY UPDATE: denial of service via buffer overflow
- parser.c: fix an allocation error when copying entities
- 5bd3c061823a8499b27422aee04ea20aae24f03e
- CVE-2011-3919
Thanks for considering the patch.
References:
http://git.gnome.org/browse/libxml2/commit/?id=5bd3c061823a8499b27422aee04ea20aae24f03e
http://src.chromium.org/svn/trunk/src/third_party/libxml/README.chromium
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3919
http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html
-- System Information:
Debian Release: wheezy/sid
APT prefers precise-updates
APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500,
'precise')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-8-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -u libxml2-2.7.8.dfsg/parser.c libxml2-2.7.8.dfsg/parser.c
--- libxml2-2.7.8.dfsg/parser.c
+++ libxml2-2.7.8.dfsg/parser.c
@@ -2709,7 +2709,7 @@
buffer[nbchars++] = '';
if (nbchars buffer_size - i - XML_PARSER_BUFFER_SIZE) {
- growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
+ growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE);
}
for (;i 0;i--)
buffer[nbchars++] = *cur++;
diff -u libxml2-2.7.8.dfsg/debian/changelog libxml2-2.7.8.dfsg/debian/changelog
---End Message---
---BeginMessage---
Source: libxml2
Source-Version: 2.7.8.dfsg-7
We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive:
libxml2-dbg_2.7.8.dfsg-7_i386.deb
to main/libx/libxml2/libxml2-dbg_2.7.8.dfsg-7_i386.deb
libxml2-dev_2.7.8.dfsg-7_i386.deb
to main/libx/libxml2/libxml2-dev_2.7.8.dfsg-7_i386.deb
libxml2-doc_2.7.8.dfsg-7_all.deb
to main/libx/libxml2/libxml2-doc_2.7.8.dfsg-7_all.deb
libxml2-utils_2.7.8.dfsg-7_i386.deb
to main/libx/libxml2/libxml2-utils_2.7.8.dfsg-7_i386.deb
libxml2_2.7.8.dfsg-7.diff.gz
to main/libx/libxml2/libxml2_2.7.8.dfsg-7.diff.gz
libxml2_2.7.8.dfsg-7.dsc
to main/libx/libxml2/libxml2_2.7.8.dfsg-7.dsc
libxml2_2.7.8.dfsg-7_i386.deb
to main/libx/libxml2/libxml2_2.7.8.dfsg-7_i386.deb
python-libxml2-dbg_2.7.8.dfsg-7_i386.deb
to main/libx/libxml2/python-libxml2-dbg_2.7.8.dfsg-7_i386.deb
python-libxml2_2.7.8.dfsg-7_i386.deb
to main/libx/libxml2/python-libxml2_2.7.8.dfsg-7_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 656...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andrew O. Shadura bugzi...@tut.by (supplier of updated libxml2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Format: 1.8
Date: Fri, 20 Jan 2012 12:54:41 +0300
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc
python-libxml2 python-libxml2-dbg
Architecture: source i386 all
Version: 2.7.8.dfsg-7
Distribution: unstable
Urgency: low
Maintainer: Debian XML/SGML Group debian-xml-sgml-p...@lists.alioth.debian.org
Changed-By: Andrew O. Shadura bugzi...@tut.by
Description:
libxml2- GNOME XML library
libxml2-dbg - Debugging symbols for the GNOME XML library
libxml2-dev - Development files for the GNOME XML library
libxml2-doc - Documentation for the GNOME XML library
libxml2-utils - XML utilities
python-libxml2 - Python bindings for the GNOME XML library
python-libxml2-dbg - Python bindings for the GNOME XML library (debug
extension)
Closes: 656377
Changes:
libxml2 (2.7.8.dfsg-7) unstable; urgency=high
.
* Team
