Your message dated Fri, 14 Mar 2025 05:51:32 +0000
with message-id <[email protected]>
and subject line Bug#1088814: fixed in tinyxml2 10.1.0+dfsg-1
has caused the Debian Bug report #1088814,
regarding tinyxml2: CVE-2024-50615
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1088814: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088814
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: tinyxml2
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for tinyxml2.
CVE-2024-50615[0]:
| TinyXML2 through 10.0.0 has a reachable assertion for
| UINT_MAX/digit, that may lead to application exit, in tinyxml2.cpp
| XMLUtil::GetCharacterRef.
https://github.com/leethomason/tinyxml2/issues/997
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-50615
https://www.cve.org/CVERecord?id=CVE-2024-50615
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: tinyxml2
Source-Version: 10.1.0+dfsg-1
Done: Chow Loong Jin <[email protected]>
We believe that the bug you reported is fixed in the latest version of
tinyxml2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chow Loong Jin <[email protected]> (supplier of updated tinyxml2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 14 Mar 2025 12:49:48 +0800
Source: tinyxml2
Built-For-Profiles: noudeb
Architecture: source
Version: 10.1.0+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Chow Loong Jin <[email protected]>
Changed-By: Chow Loong Jin <[email protected]>
Closes: 1088814
Changes:
tinyxml2 (10.1.0+dfsg-1) unstable; urgency=medium
.
* [e3fe268] New upstream version 10.1.0+dfsg
- Fixes CVE-2024-50615 (Closes: #1088814)
* [4b330c9] Refresh patches
* [870daa6] Update watch file to version 4 and use example from uscan manpage
Checksums-Sha1:
93a6d978332ac6ea27bfae858cce5c28a47e7cf2 1997 tinyxml2_10.1.0+dfsg-1.dsc
3537ca63d540d0bfd9e8a99be95573239dfcf97a 336080
tinyxml2_10.1.0+dfsg.orig.tar.xz
5c2d9377ad5dbdafcbe550776085846c0390c133 9128
tinyxml2_10.1.0+dfsg-1.debian.tar.xz
eed5b308479e35d71481b4bca37df8ececa21148 8074
tinyxml2_10.1.0+dfsg-1_source.buildinfo
Checksums-Sha256:
f82815a1a850cc5c31f40ebf71e61a2dc5d9858d4dded75839b70a304cd61de7 1997
tinyxml2_10.1.0+dfsg-1.dsc
b829efba81b309b1e4664308e0cbc30120ba2be9b34c3bad44f3b4b46d2290c4 336080
tinyxml2_10.1.0+dfsg.orig.tar.xz
6dba47e69301b248774e4c36e2818541d1f4d669b82d8ce31e7c815e1fc64c39 9128
tinyxml2_10.1.0+dfsg-1.debian.tar.xz
afce4010b919652e2b3cdbbd238d3994f75fe0a27b599b9a4db376140929c893 8074
tinyxml2_10.1.0+dfsg-1_source.buildinfo
Files:
b4518637bae894fb259173786f72a619 1997 libs optional tinyxml2_10.1.0+dfsg-1.dsc
1821f94f61d6f045c588dbaa27c1fce6 336080 libs optional
tinyxml2_10.1.0+dfsg.orig.tar.xz
2f9babb305e1fa492aae2951d3e60719 9128 libs optional
tinyxml2_10.1.0+dfsg-1.debian.tar.xz
905f36b7edbcf2f2c38b64bfc84959ac 8074 libs optional
tinyxml2_10.1.0+dfsg-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEEuDQnfs/9/dZ027Q+9UiW1iHUqEFAmfTtfcACgkQ+9UiW1iH
UqGFuhAAg5aIMLLoom0GfGlort459jPwZUtpoVEgvQlDb6X5MJsrsZWMTBt4+bCD
1IAeC5WwVBFgVNYIP2xLu+Gqvhtxujn8wzvPkcTTAJwtL+8KQRgvX2Vpm0Es9xaU
lL1s5R0b+eVgOj3BrXtqJRzQa47Vm6i58DfclTVJ7gGskRz8Z4SEiz4uBCeVGj3G
L6r0v9kZtKIKpWFYRU9mIHuJ5AK10PcvupsjxXTO9w5k6vHQYMszvoauEzjns1/l
vXyEcN+cmbKJjU1OmGREQ6HH7zMI1NPR+f9omSgZD84cnIK4yXStjBuvsizvJhqI
cB7VkzJWcUVviUOLnnplBd9BfX0LGcafIOFwMpgYSgG/yA2i56/lIWY3Ze1Cr1vm
SCEURhF+g2c2aucsW7lxJLtO90aFkpq1HhmIdSS96xO6UfHVFENkuc/gnXVzZFN/
1OvZXMHVZUiJfBnCC7jQ/JtRVlqhQqUVfRwLQt2bSitWOBpKijhU9hHHkruKFSiQ
0ngZYDV1YcfvzTpqSitpC1//Of2U9GMy0/QmJQBjS0qWczPiboGfaaPQXO5TP/OZ
/l9ZPuayhY2nbaFrnP4WffU5pn2+G6bKJRFxtp5DL5Q149OoP+NQGbjRWU0lfhcQ
+Xi64mYrD9Jga2VBycychAt9lyNASmOSkg2pb3AOhyxROn6GmbU=
=lcln
-----END PGP SIGNATURE-----
pgpPso4F2KtbJ.pgp
Description: PGP signature
--- End Message ---
