Your message dated Wed, 16 Dec 2009 23:45:54 +0000
with message-id <[email protected]>
and subject line Bug#560901: fixed in expat 1.95.8-3.4+etch2
has caused the Debian Bug report #560901,
regarding expat: CVE-2009-3560
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
560901: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560901
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
package: expat
version: 1.95.8-3.4
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xpat.
CVE-2009-3560[0]:
| The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1,
| as used in the XML-Twig module for Perl, allows context-dependent
| attackers to cause a denial of service (application crash) via an XML
| document with malformed UTF-8 sequences that trigger a buffer
| over-read, related to the doProlog function in lib/xmlparse.c, a
| different vulnerability than CVE-2009-2625 and CVE-2009-3720.
I've checked etch and lenny. They are both affected by this issue.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560
http://security-tracker.debian.org/tracker/CVE-2009-3560
--- End Message ---
--- Begin Message ---
Source: expat
Source-Version: 1.95.8-3.4+etch2
We believe that the bug you reported is fixed in the latest version of
expat, which is due to be installed in the Debian FTP archive:
expat_1.95.8-3.4+etch2.diff.gz
to main/e/expat/expat_1.95.8-3.4+etch2.diff.gz
expat_1.95.8-3.4+etch2.dsc
to main/e/expat/expat_1.95.8-3.4+etch2.dsc
expat_1.95.8-3.4+etch2_i386.deb
to main/e/expat/expat_1.95.8-3.4+etch2_i386.deb
libexpat1-dev_1.95.8-3.4+etch2_i386.deb
to main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_i386.deb
libexpat1-udeb_1.95.8-3.4+etch2_i386.udeb
to main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_i386.udeb
libexpat1_1.95.8-3.4+etch2_i386.deb
to main/e/expat/libexpat1_1.95.8-3.4+etch2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Leidert (dale) <[email protected]> (supplier of updated expat
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 13 Dec 2009 12:08:13 +0100
Source: expat
Binary: libexpat1 libexpat1-dev expat libexpat1-udeb
Architecture: source i386
Version: 1.95.8-3.4+etch2
Distribution: oldstable-security
Urgency: medium
Maintainer: Debian XML/SGML Group <[email protected]>
Changed-By: Daniel Leidert (dale) <[email protected]>
Description:
expat - XML parsing C library - example application
libexpat1 - XML parsing C library - runtime library
libexpat1-dev - XML parsing C library - development kit
libexpat1-udeb - XML parsing C library - runtime library (udeb)
Closes: 560901
Changes:
expat (1.95.8-3.4+etch2) oldstable-security; urgency=medium
.
* NMU to old stable to fix security issues.
* CVE-2009-3560: Fix DoS vulnerability (closes: #560901).
Files:
50e1e2ab47fe419e89ef671991ddb3f0 703 text optional expat_1.95.8-3.4+etch2.dsc
e6d99f30014fccc0ffb9db1554ba1472 413321 text optional
expat_1.95.8-3.4+etch2.diff.gz
4e06399f0079e7608d25430ded374d97 129822 libdevel optional
libexpat1-dev_1.95.8-3.4+etch2_i386.deb
28f26b307f7cb5b133c7d7b0b7f336dc 63130 libs optional
libexpat1_1.95.8-3.4+etch2_i386.deb
64b2c0654425bd1234f5394efb1e2d69 54984 debian-installer extra
libexpat1-udeb_1.95.8-3.4+etch2_i386.udeb
67a8e21213321cf54be9dc58380ce45f 21090 text optional
expat_1.95.8-3.4+etch2_i386.deb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFLJWXEbxelr8HyTqQRAsU9AKDeN8Jemz1s7v3CqkWwuVXXtHa/cgCdEzUx
jAXUVT1+/QA1nDEElUT6b+c=
=dLgY
-----END PGP SIGNATURE-----
--- End Message ---
