Your message dated Fri, 22 Jul 2011 01:54:46 +0000
with message-id <[email protected]>
and subject line Bug#632973: fixed in xml-security-c 1.4.0-3+lenny3
has caused the Debian Bug report #632973,
regarding xml-security-c: CVE-2011-2516: buffer overflows signing or verifying
with large keys
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
632973: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632973
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: xml-security-c
Version: 1.6.0-2
Severity: grave
Tags: security
Justification: user security hole
Full advisory at
<http://santuario.apache.org/secadv/CVE-2011-2516.txt>
including links to patches in upstream SVN.
Also assumed to affect stable and oldstable.
--- End Message ---
--- Begin Message ---
Source: xml-security-c
Source-Version: 1.4.0-3+lenny3
We believe that the bug you reported is fixed in the latest version of
xml-security-c, which is due to be installed in the Debian FTP archive:
libxml-security-c-dev_1.4.0-3+lenny3_i386.deb
to main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny3_i386.deb
libxml-security-c14_1.4.0-3+lenny3_i386.deb
to main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny3_i386.deb
xml-security-c_1.4.0-3+lenny3.diff.gz
to main/x/xml-security-c/xml-security-c_1.4.0-3+lenny3.diff.gz
xml-security-c_1.4.0-3+lenny3.dsc
to main/x/xml-security-c/xml-security-c_1.4.0-3+lenny3.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Russ Allbery <[email protected]> (supplier of updated xml-security-c package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 07 Jul 2011 11:43:25 -0700
Source: xml-security-c
Binary: libxml-security-c14 libxml-security-c-dev
Architecture: source i386
Version: 1.4.0-3+lenny3
Distribution: oldstable-security
Urgency: high
Maintainer: Debian Shib Team <[email protected]>
Changed-By: Russ Allbery <[email protected]>
Description:
libxml-security-c-dev - C++ library for XML Digital Signatures (development)
libxml-security-c14 - C++ library for XML Digital Signatures (runtime)
Closes: 632973
Changes:
xml-security-c (1.4.0-3+lenny3) oldstable-security; urgency=high
.
* Apply upstream patch to fix buffer overflow when signing or verifying
files with big asymmetric keys. (Closes: #632973, CVE-2011-2516)
Checksums-Sha1:
e31239a9fddc7849b9e9ee23b8cfd4e5eef1607d 1673 xml-security-c_1.4.0-3+lenny3.dsc
e8e87afbca57492e033da33ffb6410038d44fa44 7886
xml-security-c_1.4.0-3+lenny3.diff.gz
b4c31c6aa8f4cca612bdb0c6ecef2af645625425 370058
libxml-security-c14_1.4.0-3+lenny3_i386.deb
3f031126fcd92eaeb5f65a68ee483eb4c4413d3e 139866
libxml-security-c-dev_1.4.0-3+lenny3_i386.deb
Checksums-Sha256:
ff74e64ef726b51aff113802d05b4196e8a02fb2c7f8621ce708f4f8a7bc9294 1673
xml-security-c_1.4.0-3+lenny3.dsc
3089f0abb69fa7f480805271d9b0dfb54f67f1c5523b88c2d03da85b9a3c6bff 7886
xml-security-c_1.4.0-3+lenny3.diff.gz
5d807b67849dbcccc6423bf95189516d3981742a24f689746ff0464b020e183b 370058
libxml-security-c14_1.4.0-3+lenny3_i386.deb
a7782f3881ec3b6f011796f404974670e2672d874e6b656bac0d43a84642330f 139866
libxml-security-c-dev_1.4.0-3+lenny3_i386.deb
Files:
cc88a76161f90ec729acbcbcf769d83b 1673 libs extra
xml-security-c_1.4.0-3+lenny3.dsc
c41f4046c8907d4fae630cf73db5b618 7886 libs extra
xml-security-c_1.4.0-3+lenny3.diff.gz
2a374cef29a0c3fa80beb2ee01982e9a 370058 libs extra
libxml-security-c14_1.4.0-3+lenny3_i386.deb
65641174cc5cca4b0370e7a50bb7203d 139866 libdevel extra
libxml-security-c-dev_1.4.0-3+lenny3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAEBCAAGBQJOFhcCAAoJEH2AMVxXNt51EYwH/0O0OueL+0W4QZF0vIZ37GIu
BSALQ8wzJL7KjwRZN4VoF9Kpg1Hxz0wxFmnctvcO8tZrK+zyIJKI9mvnrvMU2wIb
rwZ2PNn879NR3m0uE/lr2Fnh7g7yo5zqpsD1FAzgfm5pFUc3LjMqZQ8eHML223Dx
o1/3sp3tzQ/mQen2m/Qzf09UfNTZmov3meaCR0273HrdJ910KsC/n1t1+GfYciLZ
Hok0OoMwjyFuVFoGnHlr6WeCbtW6R21wCK1yQWavy3e3fMR1zNaKrSywZkGFd/2a
5EK3s721+G5Uq1ObGQT88+GkPri2YpvDTYQW/b1iHxp5Q61DF3Aj4+ruOyKQvRw=
=buIu
-----END PGP SIGNATURE-----
--- End Message ---