Your message dated Tue, 10 Nov 2015 16:42:35 +0000
with message-id <[email protected]>
and subject line Bug#802971: fixed in libxslt 1.1.28-2.1
has caused the Debian Bug report #802971,
regarding libxslt: CVE-2015-7995: Type confusion may cause DoS
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
802971: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802971
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libxslt
Version: 1.1.26-1
Severity: important
Tags: security upstream
Hi
See https://bugzilla.redhat.com/show_bug.cgi?id=1257962 for more
details and a PoC.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libxslt
Source-Version: 1.1.28-2.1
We believe that the bug you reported is fixed in the latest version of
libxslt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated libxslt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 30 Oct 2015 08:46:43 +0100
Source: libxslt
Binary: libxslt1.1 libxslt1-dev libxslt1-dbg xsltproc python-libxslt1
python-libxslt1-dbg
Architecture: source
Version: 1.1.28-2.1
Distribution: unstable
Urgency: high
Maintainer: Debian XML/SGML Group <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 802971
Description:
libxslt1-dbg - XSLT 1.0 processing library - debugging symbols
libxslt1-dev - XSLT 1.0 processing library - development kit
libxslt1.1 - XSLT 1.0 processing library - runtime library
python-libxslt1 - Python bindings for libxslt1
python-libxslt1-dbg - Python bindings for libxslt1 (debug extension)
xsltproc - XSLT 1.0 command line processor
Changes:
libxslt (1.1.28-2.1) unstable; urgency=high
.
* Non-maintainer upload.
* Add 0009-Fix-for-type-confusion-in-preprocessing-attributes.patch patch.
CVE-2015-7995: Type confusion in preprocessing attributes leading to
denial of service. (Closes: #802971)
Checksums-Sha1:
fcf3c635551b83ebcbfc1c716162888cefa39ef4 2369 libxslt_1.1.28-2.1.dsc
663f8f1595884aa0146dff08749496d40b15bd0a 31632 libxslt_1.1.28-2.1.debian.tar.xz
Checksums-Sha256:
55330a77f4c7d573dc75ca3873b01ee15cc8a5cd4f9a49a9da6d3f168cbfdd1c 2369
libxslt_1.1.28-2.1.dsc
3240a87af4947d497901fb507fb71c9ec9c7ac3249e18528b0580ee9bba99378 31632
libxslt_1.1.28-2.1.debian.tar.xz
Files:
85fca89fd8ae341ea43d526617b6e81d 2369 text optional libxslt_1.1.28-2.1.dsc
67ce688212cf393709f444e5bdaeab4f 31632 text optional
libxslt_1.1.28-2.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWNN1AAAoJEAVMuPMTQ89ERLcQAJA2P0h6QBF52smk37UA7Oqe
VBFfhziackVXJLuo2VUoQZg4p+8nORZGmLbgvwMF3mNi1AUxpTO9QFpUr4y7ePdz
XGSaiV6FcOCXgcj6z9cJ45Sapwg31zW0BhayGlqZfv/BVEKdO9mmZDloF3qlBvzK
2XOG8gUBZQLs5tj+L2K7u3hkEFOAorPPYsUrxyjfupUng/+ERWeLMpqVXLegEWXy
bcwpD9zlMLuNST3Mn/H7xlP3MqhBoaUfYNohnLhjmYvAdH5s22Ml/wJKgUDYIW7O
CvHn//azSUIP88gnupM4lnMIOnZSj0+ZREp4irbEhOUVdPZ4iAHeiRAlKBgbw3vq
sk6YGP/Y1AfHKYHpnwwOexWVrfTja4hX24dOirKAWHErE4KLtVxh0Sl8T+rFoNGp
Tj+LOA0Jrhh7u+n7pU4PGiB0x3sa9WZANgDHOmBHwnEnVoq6+BMFjpb255S40Tdw
APvsqmMiRXbszlL38J6MnQWLGHeJFV6mOo69PgB9F9HAffosrJoenmg/Zbk0DeGE
ooOLo6MnNQdLBqAbP7xmAgZ8nD2IZsvrwVLfuDL6wNcYQhqGTGXBjFNMhN6nbpod
ZLCM+VZg3sVVccAs/lWKm2ObBe9W9mc+vKZXb2r3Chsv/tBEIMqPuFAiDq8dFMGD
j9lj/+Jh0q8Lp3PhIZO/
=HXaZ
-----END PGP SIGNATURE-----
--- End Message ---
