Your message dated Sun, 17 Jul 2011 01:55:28 +0000
with message-id <[email protected]>
and subject line Bug#632973: fixed in xml-security-c 1.5.1-3+squeeze1
has caused the Debian Bug report #632973,
regarding xml-security-c: CVE-2011-2516: buffer overflows signing or verifying 
with large keys
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
632973: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632973
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: xml-security-c
Version: 1.6.0-2
Severity: grave
Tags: security
Justification: user security hole

Full advisory at
<http://santuario.apache.org/secadv/CVE-2011-2516.txt>
including links to patches in upstream SVN.

Also assumed to affect stable and oldstable.



--- End Message ---
--- Begin Message ---
Source: xml-security-c
Source-Version: 1.5.1-3+squeeze1

We believe that the bug you reported is fixed in the latest version of
xml-security-c, which is due to be installed in the Debian FTP archive:

libxml-security-c-dev_1.5.1-3+squeeze1_i386.deb
  to main/x/xml-security-c/libxml-security-c-dev_1.5.1-3+squeeze1_i386.deb
libxml-security-c15_1.5.1-3+squeeze1_i386.deb
  to main/x/xml-security-c/libxml-security-c15_1.5.1-3+squeeze1_i386.deb
xml-security-c_1.5.1-3+squeeze1.diff.gz
  to main/x/xml-security-c/xml-security-c_1.5.1-3+squeeze1.diff.gz
xml-security-c_1.5.1-3+squeeze1.dsc
  to main/x/xml-security-c/xml-security-c_1.5.1-3+squeeze1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Russ Allbery <[email protected]> (supplier of updated xml-security-c package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 07 Jul 2011 10:45:08 -0700
Source: xml-security-c
Binary: libxml-security-c15 libxml-security-c-dev
Architecture: source i386
Version: 1.5.1-3+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Debian Shib Team <[email protected]>
Changed-By: Russ Allbery <[email protected]>
Description: 
 libxml-security-c-dev - C++ library for XML Digital Signatures (development)
 libxml-security-c15 - C++ library for XML Digital Signatures (runtime)
Closes: 632973
Changes: 
 xml-security-c (1.5.1-3+squeeze1) stable-security; urgency=high
 .
   * Apply upstream patch to fix buffer overflow when signing or verifying
     files with big asymmetric keys.  (Closes: #632973, CVE-2011-2516)
Checksums-Sha1: 
 d501669c624b384bc2947f2ec3dc7b88e132d361 1667 
xml-security-c_1.5.1-3+squeeze1.dsc
 e51d3dca7f32cfcc2090d4d20cf8a1d032d95d79 957928 
xml-security-c_1.5.1.orig.tar.gz
 67b726b85c1c13495c88d9d64041c7b932147fc7 8057 
xml-security-c_1.5.1-3+squeeze1.diff.gz
 1e2e95254b5b6226ce05d98b412d6e47808284eb 352216 
libxml-security-c15_1.5.1-3+squeeze1_i386.deb
 183f2fa2a072a2d95aebf8a79dfc88d3ec775ae6 141456 
libxml-security-c-dev_1.5.1-3+squeeze1_i386.deb
Checksums-Sha256: 
 d4978a2d32c3411717d3108f1df91e760896f2f4849a96a9ad666ce582f66f07 1667 
xml-security-c_1.5.1-3+squeeze1.dsc
 f31d7efbc1a2d708e82fb7237dca29e4e5552d8a4ca510cfe94c9998055b801f 957928 
xml-security-c_1.5.1.orig.tar.gz
 0108726f6aed3b964918d0599e8ab5d395a03689d64a88500a816335f386f32b 8057 
xml-security-c_1.5.1-3+squeeze1.diff.gz
 5caedbcfc4855072c4caab6753a68b5423233ab68c23777f82f4615ecd580f2e 352216 
libxml-security-c15_1.5.1-3+squeeze1_i386.deb
 ce33a0f0223392b6a0ab3eb55d2fdc7d95237c965eaf8982daf9bcae03f96744 141456 
libxml-security-c-dev_1.5.1-3+squeeze1_i386.deb
Files: 
 699dc0c2220df307c0d4d5feba97c5d3 1667 libs extra 
xml-security-c_1.5.1-3+squeeze1.dsc
 2c47c4ec12e8d6abe967aa5e5e99000c 957928 libs extra 
xml-security-c_1.5.1.orig.tar.gz
 abea41b8d230574fecb7639ddf81a26a 8057 libs extra 
xml-security-c_1.5.1-3+squeeze1.diff.gz
 67f53d15c4c582949934e6b7f279feed 352216 libs extra 
libxml-security-c15_1.5.1-3+squeeze1_i386.deb
 4dd1aadabac65f5409869b84f3cd63a9 141456 libdevel extra 
libxml-security-c-dev_1.5.1-3+squeeze1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAEBCAAGBQJOFhb5AAoJEH2AMVxXNt51wisIAIpkkugaQJvhvE+X9FXuLgvO
GY6jaJQYYhxPUsRJ8ZHghGH8mOaYtykj2yHKXN6OL8qzeiwPOCKHJ6cTIC5VourR
TzHam/BuqCiDbg3jtSM/d0VT5VDpmWFzrcuekT+BNvf4Cx7DcCZO9tUDrn+nSSUB
mVYNpAD8Aziht8SgLiF+Ifrj3gBFwG+HYlxXBxwU4ZQREkbUx4Thd8LEM6uvPE0Z
k7rPZp6T2aEYIplCq5xAEifs6pu4YAYtJQeWWv5DMyGnd33zlg6A0LjEgmg/gWQN
UMCHfe4i3xJV464J0gwXqDAqWsUTEqRR2LqP0iFbZVaSWHkpTyr9uQ7L0CZYHY4=
=FQYP
-----END PGP SIGNATURE-----



--- End Message ---

Reply via email to