Bug#607922: marked as done (CVE-2010-4494: memory corruption (double-free) in XPath processing code)

[Debian Bug Tracking System]

Your message dated Sat, 25 Dec 2010 10:32:13 +0000
with message-id <e1pwrq5-0005g0...@franck.debian.org>
and subject line Bug#607922: fixed in libxml2 2.7.8.dfsg-2
has caused the Debian Bug report #607922,
regarding CVE-2010-4494: memory corruption (double-free) in XPath processing 
code
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
607922: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607922
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libxml2
Severity: serious
Tags: security patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libxml2.

CVE-2010-4494[0]:
| Double free vulnerability in Google Chrome before 8.0.552.215 allows
| remote attackers to cause a denial of service or possibly have
| unspecified other impact via vectors related to XPath handling.


Patch: 
http://git.gnome.org/browse/libxml2/commit/?id=df83c17e5a2646bd923f75e5e507bc80d73c9722
       
http://git.gnome.org/browse/libxml2/commit/?id=fec31bcd452e77c10579467ca87a785b41115de6

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4494
    http://security-tracker.debian.org/tracker/CVE-2010-4494
    http://code.google.com/p/chromium/issues/detail?id=63444

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk0Ujz4ACgkQNxpp46476aolzACfaHIcOhuivzJBkMyY7RJnx2eF
lsEAnRb/JFF6MetVtL68wbKMWpZAMWP1
=cbLo
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

Source: libxml2
Source-Version: 2.7.8.dfsg-2

We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive:

libxml2-dbg_2.7.8.dfsg-2_amd64.deb
  to main/libx/libxml2/libxml2-dbg_2.7.8.dfsg-2_amd64.deb
libxml2-dev_2.7.8.dfsg-2_amd64.deb
  to main/libx/libxml2/libxml2-dev_2.7.8.dfsg-2_amd64.deb
libxml2-doc_2.7.8.dfsg-2_all.deb
  to main/libx/libxml2/libxml2-doc_2.7.8.dfsg-2_all.deb
libxml2-utils_2.7.8.dfsg-2_amd64.deb
  to main/libx/libxml2/libxml2-utils_2.7.8.dfsg-2_amd64.deb
libxml2_2.7.8.dfsg-2.diff.gz
  to main/libx/libxml2/libxml2_2.7.8.dfsg-2.diff.gz
libxml2_2.7.8.dfsg-2.dsc
  to main/libx/libxml2/libxml2_2.7.8.dfsg-2.dsc
libxml2_2.7.8.dfsg-2_amd64.deb
  to main/libx/libxml2/libxml2_2.7.8.dfsg-2_amd64.deb
python-libxml2-dbg_2.7.8.dfsg-2_amd64.deb
  to main/libx/libxml2/python-libxml2-dbg_2.7.8.dfsg-2_amd64.deb
python-libxml2_2.7.8.dfsg-2_amd64.deb
  to main/libx/libxml2/python-libxml2_2.7.8.dfsg-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 607...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Hommey <gland...@debian.org> (supplier of updated libxml2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 25 Dec 2010 10:48:27 +0100
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc 
python-libxml2 python-libxml2-dbg
Architecture: source amd64 all
Version: 2.7.8.dfsg-2
Distribution: unstable
Urgency: low
Maintainer: Debian XML/SGML Group <debian-xml-sgml-p...@lists.alioth.debian.org>
Changed-By: Mike Hommey <gland...@debian.org>
Description: 
 libxml2    - GNOME XML library
 libxml2-dbg - Debugging symbols for the GNOME XML library
 libxml2-dev - Development files for the GNOME XML library
 libxml2-doc - Documentation for the GNOME XML library
 libxml2-utils - XML utilities
 python-libxml2 - Python bindings for the GNOME XML library
 python-libxml2-dbg - Python bindings for the GNOME XML library (debug 
extension)
Closes: 607922
Changes: 
 libxml2 (2.7.8.dfsg-2) unstable; urgency=low
 .
   * xpath.c: Fix a double-freeing error in XPath processing code.
     (CVE-2010-4494). Closes: #607922.
Checksums-Sha1: 
 4b50bf865de835ce9ad07e67f2e805a54ee2527e 2150 libxml2_2.7.8.dfsg-2.dsc
 54e6d9c593ec6d062319e445e9defe513f4e72b6 110946 libxml2_2.7.8.dfsg-2.diff.gz
 745e9b9ed82e7fe7b9bb39bf21df4568012af2ea 872724 libxml2_2.7.8.dfsg-2_amd64.deb
 36eaf121287b88300dc58b4ecae557fdbe460b95 93276 
libxml2-utils_2.7.8.dfsg-2_amd64.deb
 16332af5aed87d79f272e21dea9fbc298d1c6eb0 830156 
libxml2-dev_2.7.8.dfsg-2_amd64.deb
 e3b13ce870b2a58562ebfda94a782d15e5d60cc4 987618 
libxml2-dbg_2.7.8.dfsg-2_amd64.deb
 7c2981b80bd69aa152734faaba6f760737408c30 1346940 
libxml2-doc_2.7.8.dfsg-2_all.deb
 f9167585aaa4951212074b2ba8934b3202027aed 337656 
python-libxml2_2.7.8.dfsg-2_amd64.deb
 4084b7deba4efd9644e41978804bde6c53c050d0 870136 
python-libxml2-dbg_2.7.8.dfsg-2_amd64.deb
Checksums-Sha256: 
 bf2505b563cabd932b6722a006f52cecfec23a1d614c2e46d7c2a7bf6f97ebfa 2150 
libxml2_2.7.8.dfsg-2.dsc
 11311675f86081e7e820c9aa8d9f6bcccc20eed15dfa9696421baf7c284a9383 110946 
libxml2_2.7.8.dfsg-2.diff.gz
 eee4dfc1127d031810de2a2fb7ba8a4db8c49e49be7eaa55f083110aa226b70c 872724 
libxml2_2.7.8.dfsg-2_amd64.deb
 64fc7e8bbc892db82373e8778efdaa9073aefca6a88a092b0cd692a3cdd31286 93276 
libxml2-utils_2.7.8.dfsg-2_amd64.deb
 e0b7c89ca8a51aaf1d4a38c44cfa731bd25949f3e0c50b78d60c545f6d08f74a 830156 
libxml2-dev_2.7.8.dfsg-2_amd64.deb
 fbe09130b350e01a1c3113fd8150b6952326a923c6da867e034df6d1b0e5d69b 987618 
libxml2-dbg_2.7.8.dfsg-2_amd64.deb
 224bfc0384a35779225b76cff30afebda42331a7b8a4b56a62053effead824b9 1346940 
libxml2-doc_2.7.8.dfsg-2_all.deb
 f8d56b1ab442847ad892b9582ea8f78ea3deaca7c5102a9260e122f4f0e091c1 337656 
python-libxml2_2.7.8.dfsg-2_amd64.deb
 87a7bca3ec249dc886c15d61ba4e4230db5da1427fd216972173ad79041bbd56 870136 
python-libxml2-dbg_2.7.8.dfsg-2_amd64.deb
Files: 
 17ad546ec67e277faa012b1ce79151ac 2150 libs optional libxml2_2.7.8.dfsg-2.dsc
 d076fc7807d2b1c5fd6721968834663b 110946 libs optional 
libxml2_2.7.8.dfsg-2.diff.gz
 65ac8e1208f34fb42dbbd211f893f4e1 872724 libs standard 
libxml2_2.7.8.dfsg-2_amd64.deb
 f894db7b0d28baad4eb1c06fa9afeab2 93276 text optional 
libxml2-utils_2.7.8.dfsg-2_amd64.deb
 1070151ad04919c45ab1ab12de5f67ac 830156 libdevel optional 
libxml2-dev_2.7.8.dfsg-2_amd64.deb
 12346f21798bb4fe5c5534b60ecb44f8 987618 debug extra 
libxml2-dbg_2.7.8.dfsg-2_amd64.deb
 14665eae8304816569b179b295b08fce 1346940 doc optional 
libxml2-doc_2.7.8.dfsg-2_all.deb
 51446f5de43ccd6392336554c06410d4 337656 python optional 
python-libxml2_2.7.8.dfsg-2_amd64.deb
 67a602741662179daac003ed4411aead 870136 debug extra 
python-libxml2-dbg_2.7.8.dfsg-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIVAwUBTRXBMuQqoE+mqoxyAQiSCQ/9FDaD8a6hQBp4C9p8ZUkfMDpAV2caCQnW
S8vLQRheqZ7ZgvpEu4sJIq45ua6Uq4E1WNkiTavenUYUd+jjUnITP0ys5bhbfTpB
0BKQ77/DalYciELcSCHVCNeU+a8u1F9PKyp6CFivGVriUBNTNBmOGMS8tCV+x8SG
7BYCTOZXcszch8uc7RslGWc5S/GbqJGP2dmVARQVTfTx9YmPGzvZCTyjGW+egljS
d5eEoB5JI7YEe5D04MKTlpXw4PaYsYfh8dEiKtLy7mvwQERn5tbWXHYmAhdZGXVJ
Eatj9s/J4bMlC6/b5/Skp+VAF607IqWUwU/Gv6iBTYRzZuMg4dVGywR23WkJORdr
nVC0jARdtYSkMr07ZJRKt5QUeGM21GjFpyWDTb0PC7ypj4+xj3QVz48JeJaEKMqS
T1qzHu4GzXMKssV3cVw/gKgfgn/lyAm6M9IzvhOX40rItvtI124Wls7jaghzb8Yp
5hCacJYazoPHdAePRqUgk1Jupi5XahncaL/x18ekB3X42ShyN/VGa1OD1Vwr9T73
roCrkO0POHe9NKWlqm1SMmkwPAC+ljhp+bEztODSJ9Qv2n0oCmhpF/AcggzBde5o
YRsuZnaYSdl48wqEu422FVREBEZdo/56oljjnN4EBacMU22CayLMELGd7zxvWWkR
8ioqQxDG++8=
=rsXG
-----END PGP SIGNATURE-----

--- End Message ---