Your message dated Mon, 14 Jan 2008 13:32:05 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#460666: fixed in libxml 1:1.8.17-14.1 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: libxml2 Version: 2.6.30.dfsg-3 Severity: normal A vulnerability has been reported in libxml2, prior to version 2.6.31, from Daniel Veillard: "Two specially crafted broken UTF-8 sequences when occuring at the wrong place lead the parser to go into an infinite loop." The report is available at: http://mail.gnome.org/archives/xml/2008-January/msg00036.html A patch can be found at: http://veillard.com/libxml2.patch The fixed source code can be downloaded from: ftp://xmlsoft.org/libxml/libxml2-2.6.31.tar.gz Regards Pascal -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing'), (50, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.22-3-k7 (SMP w/1 CPU core) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libxml2 depends on: ii libc6 2.7-5 GNU C Library: Shared libraries ii zlib1g 1:1.2.3.3.dfsg-8 compression library - runtime Versions of packages libxml2 recommends: ii xml-core 0.11 XML infrastructure and XML catalog -- no debconf information
--- End Message ---
--- Begin Message ---Source: libxml Source-Version: 1:1.8.17-14.1 We believe that the bug you reported is fixed in the latest version of libxml, which is due to be installed in the Debian FTP archive: libxml-dev_1.8.17-14.1_i386.deb to pool/main/libx/libxml/libxml-dev_1.8.17-14.1_i386.deb libxml1_1.8.17-14.1_i386.deb to pool/main/libx/libxml/libxml1_1.8.17-14.1_i386.deb libxml_1.8.17-14.1.diff.gz to pool/main/libx/libxml/libxml_1.8.17-14.1.diff.gz libxml_1.8.17-14.1.dsc to pool/main/libx/libxml/libxml_1.8.17-14.1.dsc A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nico Golde <[EMAIL PROTECTED]> (supplier of updated libxml package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 14 Jan 2008 13:34:19 +0100 Source: libxml Binary: libxml-dev libxml1 Architecture: source i386 Version: 1:1.8.17-14.1 Distribution: unstable Urgency: high Maintainer: Debian XML/SGML Group <[EMAIL PROTECTED]> Changed-By: Nico Golde <[EMAIL PROTECTED]> Description: libxml-dev - Development files for the GNOME XML library libxml1 - GNOME XML library Closes: 460666 Changes: libxml (1:1.8.17-14.1) unstable; urgency=high . * Non-maintainer upload by security team. * This update addresses the following security issue: - CVE-2007-6284: The xmlCurrentChar function allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences (Closes: #460666). Files: 9ef113492470fd1391a6a2c748454111 700 libs optional libxml_1.8.17-14.1.dsc db637d150f13a1ccb775bb25e11f7713 366355 libs optional libxml_1.8.17-14.1.diff.gz 2de421723e3e9600287f9f2c99c6bbe6 217210 libs optional libxml1_1.8.17-14.1_i386.deb 3d8da3f583a8be3ae1ab8c5154c82382 364304 libdevel optional libxml-dev_1.8.17-14.1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHi2IjHYflSXNkfP8RAqtEAJ9zgXhDqJygcUr4vXK+1883bXCj4wCguBa+ Tb7dILGVL/5klmLxq+wwXoU= =JLsS -----END PGP SIGNATURE-----
--- End Message ---
