Your message dated Sat, 25 May 2024 06:49:26 +0000
with message-id <[email protected]>
and subject line Bug#1071162: fixed in libxml2 2.12.7+dfsg-1
has caused the Debian Bug report #1071162,
regarding libxml2: CVE-2024-34459
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1071162: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071162
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libxml2
Version: 2.9.14+dfsg-1.3
Severity: normal
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for libxml2.
CVE-2024-34459[0]:
| An issue was discovered in xmllint (from libxml2) before 2.11.8 and
| 2.12.x before 2.12.7. Formatting error messages with xmllint
| --htmlout can result in a buffer over-read in
| xmlHTMLPrintFileContext in xmllint.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-34459
https://www.cve.org/CVERecord?id=CVE-2024-34459
[1] https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
[2]
https://gitlab.gnome.org/GNOME/libxml2/-/commit/8ddc7f13337c9fe7c6b6e616f404b0fffb8a5145
(2.11.8)
[3]
https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac5392a4e891b81e40e592c3ac6cb46016ce
(2.12.7)
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libxml2
Source-Version: 2.12.7+dfsg-1
Done: Aron Xu <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aron Xu <[email protected]> (supplier of updated libxml2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 25 May 2024 11:38:42 +0800
Source: libxml2
Architecture: source
Version: 2.12.7+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian XML/SGML Group <[email protected]>
Changed-By: Aron Xu <[email protected]>
Closes: 1071162
Changes:
libxml2 (2.12.7+dfsg-1) unstable; urgency=medium
.
* New upstream version 2.12.7+dfsg
* CVE-2024-34459: buffer over-read in xmlHTMLPrintFileContext
(Closes: 1071162).
Checksums-Sha1:
69a55315772a92f95c9d33bae03cb0ab4d1fa4d6 2600 libxml2_2.12.7+dfsg-1.dsc
1bb75f28a9d71973ea74e13d64eda0d701abed53 1810596
libxml2_2.12.7+dfsg.orig.tar.xz
e6f626dc8a2d7c2485f2ccb3d1d4d67c2618e8fa 27568
libxml2_2.12.7+dfsg-1.debian.tar.xz
17d7942e72fe69da1824055ff8f8799b13d2ff47 5641
libxml2_2.12.7+dfsg-1_source.buildinfo
Checksums-Sha256:
1679802737ed26f0bc430354231337651ff4ad641cb1ff29477b07bc1980173b 2600
libxml2_2.12.7+dfsg-1.dsc
133559b73cc1995c6d5678bca51781e0f68e7a09cf859abad8dea326fca342e4 1810596
libxml2_2.12.7+dfsg.orig.tar.xz
e5739fcaf10a4dbb6cdbea58c3aa014660665d5c33fc67cd412620972a4e94df 27568
libxml2_2.12.7+dfsg-1.debian.tar.xz
f671b2ed5fc09dcc4290276fe8dffb717230bc70005dc5b7cba57b6e1312ca53 5641
libxml2_2.12.7+dfsg-1_source.buildinfo
Files:
e14dbb32a2fd3f1a2f41d21e3df38c38 2600 libs optional libxml2_2.12.7+dfsg-1.dsc
cfbab8d29232c7925f23a91e2a672166 1810596 libs optional
libxml2_2.12.7+dfsg.orig.tar.xz
4c360a6f2522b5b7ade64306c2d30399 27568 libs optional
libxml2_2.12.7+dfsg-1.debian.tar.xz
77feadc1542217c6306e89ae61861fd5 5641 libs optional
libxml2_2.12.7+dfsg-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEBLHAyuu1xqoC2aJ5NP8o68vMTMgFAmZRhX8ACgkQNP8o68vM
TMhVRgf/YaP+o7YH6DufSEah6VybddPyAjHaKrXS793TjpAv/AcN01O7FETu5wGi
W/CtWOBboeRKgyMMTJ6hAdIJm7mucIB3C5p0WWz0EjGRUCoQ3mLPKo02tahDJ5Rq
H0wUAkKnFgphJmUy0K5hujt2peNwa3YyyjzAaDOav+7aUN5vOSomUWvrJ9Qkis++
rr2nFt1J3tQRGzjSp6kftwscnQipL1W/eF3LHfxifxn6nofozGg7aB6Ml6JHytcF
pj5MiNnx1tFZCGpi5BPeJYcqBLSzwe4eyHwKQM/N8pr+US7kBNNo3jEKKIqG6g9u
Cd8BPN9MbJVBhy6HoqMO8saMmivCbg==
=982N
-----END PGP SIGNATURE-----
pgp6s31h1z6J5.pgp
Description: PGP signature
--- End Message ---
