Your message dated Sun, 23 Feb 2020 10:08:34 +0000
with message-id <[email protected]>
and subject line Bug#949583: fixed in libxml2 2.9.10+dfsg-2.1
has caused the Debian Bug report #949583,
regarding libxml2: CVE-2019-20388
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
949583: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949583
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libxml2
Version: 2.9.4+dfsg1-8
Severity: important
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68
Control: found -1 2.9.4+dfsg1-2.2+deb9u2
Control: found -1 2.9.4+dfsg1-2.2
Control: found -1 2.9.4+dfsg1-7
Control: found -1 2.9.10+dfsg-1
Hi,
The following vulnerability was published for libxml2.
CVE-2019-20388[0]:
| xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an
| xmlSchemaValidateStream memory leak.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-20388
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20388
[1] https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libxml2
Source-Version: 2.9.10+dfsg-2.1
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated libxml2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 22 Feb 2020 23:36:57 +0100
Source: libxml2
Architecture: source
Version: 2.9.10+dfsg-2.1
Distribution: unstable
Urgency: medium
Maintainer: Debian XML/SGML Group <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 949582 949583
Changes:
libxml2 (2.9.10+dfsg-2.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix memory leak in xmlSchemaValidateStream (CVE-2019-20388)
(Closes: #949583)
* Fix infinite loop in xmlStringLenDecodeEntities (CVE-2020-7595)
(Closes: #949582)
Checksums-Sha1:
a90bf5da9336531e9434f3f6b88b5ec9c71826fb 2916 libxml2_2.9.10+dfsg-2.1.dsc
2e123b5ff133dbcf9b64d503a82e0181c4a13619 26176
libxml2_2.9.10+dfsg-2.1.debian.tar.xz
820abc5bbffddf16b8087fd092aec3e434eaed74 10602
libxml2_2.9.10+dfsg-2.1_amd64.buildinfo
Checksums-Sha256:
beba192499bf3f45f1e6f4ea030e6b459e07d20af762ea53b07ab2bed7363ddb 2916
libxml2_2.9.10+dfsg-2.1.dsc
1f9ab61d9185f931a5d783dc3b59abc042179353e29d7e6d56ebbbe4bc42119e 26176
libxml2_2.9.10+dfsg-2.1.debian.tar.xz
6edcef07cfdebe67d84f5d04ab9a328dcc671eb4571e3e17cf8f1a15406e2097 10602
libxml2_2.9.10+dfsg-2.1_amd64.buildinfo
Files:
57d79195a526512aaf3f12fc15e813cc 2916 libs optional libxml2_2.9.10+dfsg-2.1.dsc
8e11aff335aef4bd2b299c784612f03a 26176 libs optional
libxml2_2.9.10+dfsg-2.1.debian.tar.xz
854f0866c245edc139b0bd59a6b51086 10602 libs optional
libxml2_2.9.10+dfsg-2.1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAl5SSkkACgkQCBa54Yx2
K62mxw//TFJf5UCjpIcIl4PlkxYJnRRKrg1CNeqASVn/5Zlg5J0lIBoBrPWFvx2b
6CuiNZDNIpnXEs/12xI+O0UOupWAoCN+CGR7wLrpFZ2aQz1PwoE6TlOl/aXBYOwa
pwo8O7A84rh97aYip7STjlbJ1PO/39VplEaVuXZ8L98tPCXafAgfaL80I3ha03A+
0Sg1ReyfDAxQwzCvScCPWi+GPWffsKt7iRJoAloR0GydBXFVHUvkuwJs6aXtbxAB
q6NNLs2efZrEJ40fhaJ3dKnV1MJSwi7SGRr/GH5cgOTrhji/qpZPLxZAwsd0XL61
BpWQBy48FuAhvvQ9RXOS4M1byz2okExIr1EhlfoAQcLO67dxAYEP9579pKksRFxf
W9jU9APNWovXX9niVxsupYM809zfI1x3K1ObohpPmpsUfNhZ2HsFZ568YgC2eITK
g9A52wqJikRfh7UqrzUXX85LAB2oBpPc9TFK7WXGp7LqUaBTy7daa75Rr5AaPvKY
OiWYg8zjgkHXxSUyk8+cll+emLiutlqo82C1dSD2QnoSmCM6S/jO2JnMSzbygHQU
24pxCNM4UOCIRAQeUfKS1bWUKDhOtk0DEVP4bXTJxmwrqZvHYtP3l0sr4JHhDhiV
pI8sq2CXvcPaiqTMXHC1hZSkI5fQzx+m+nfsKqWZTlZLdLC3tYA=
=6Ezl
-----END PGP SIGNATURE-----
--- End Message ---
