Bug#703933: marked as done (libxslt: CVE-2012-6139)

Debian Bug Tracking System Fri, 12 Apr 2013 11:06:24 -0700

Your message dated Fri, 12 Apr 2013 18:02:08 +0000
with message-id <[email protected]>
and subject line Bug#703933: fixed in libxslt 1.1.26-6+squeeze3
has caused the Debian Bug report #703933,
regarding libxslt: CVE-2012-6139
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
703933: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703933
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: libxslt
Severity: grave
Tags: security upstream patch

Hi,

the following vulnerability was published for libxslt.

CVE-2012-6139[0]:
libxslt "xsltDocumentFunction()" and "xsltAddKey()" Denial of Service 
Vulnerabilities

There are patches and minimalized test cases available at [1,2,3,4].

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6139
    http://security-tracker.debian.org/tracker/CVE-2012-6139
[1] https://bugzilla.gnome.org/show_bug.cgi?id=685328
[2] 
http://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d
[3] https://bugzilla.gnome.org/show_bug.cgi?id=685330
[4] 
http://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833

Please adjust the affected versions in the BTS as needed.

Thank you for your work!

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: libxslt
Source-Version: 1.1.26-6+squeeze3

We believe that the bug you reported is fixed in the latest version of
libxslt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated libxslt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 26 Mar 2013 21:48:42 +0100
Source: libxslt
Binary: libxslt1.1 libxslt1-dev libxslt1-dbg xsltproc python-libxslt1 
python-libxslt1-dbg
Architecture: source amd64
Version: 1.1.26-6+squeeze3
Distribution: stable-security
Urgency: high
Maintainer: Debian XML/SGML Group <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description: 
 libxslt1-dbg - XSLT 1.0 processing library - debugging symbols
 libxslt1-dev - XSLT 1.0 processing library - development kit
 libxslt1.1 - XSLT 1.0 processing library - runtime library
 python-libxslt1 - Python bindings for libxslt1
 python-libxslt1-dbg - Python bindings for libxslt1 (debug extension)
 xsltproc   - XSLT 1.0 command line processor
Closes: 703933
Changes: 
 libxslt (1.1.26-6+squeeze3) stable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add patches to fix denial of service vulnerability (CVE-2012-6139)
     (Closes: #703933)
Checksums-Sha1: 
 01f36095754524d9a054cb68cec83866b5452478 2118 libxslt_1.1.26-6+squeeze3.dsc
 43f40f1afa605e75b8df6bd274a802704a9aea4c 99118 
libxslt_1.1.26-6+squeeze3.diff.gz
 de9aeb044283bcfe58828cbf7f9b725430a31a53 249614 
libxslt1.1_1.1.26-6+squeeze3_amd64.deb
 375e9180e2f4b1d14825d190f361bd36f6a8e777 666674 
libxslt1-dev_1.1.26-6+squeeze3_amd64.deb
 e28cf0d5036b00d14f2d4d378f5d4d9d3bff9e02 370238 
libxslt1-dbg_1.1.26-6+squeeze3_amd64.deb
 597ae5f7151ff6df598167ebe1c769fa1a446708 116892 
xsltproc_1.1.26-6+squeeze3_amd64.deb
 8101a8865cfb02cbe8933e3bacc4779f9b0ea491 167914 
python-libxslt1_1.1.26-6+squeeze3_amd64.deb
 85a72d2fcbfcef6405a443a78d9525011065cdc7 373158 
python-libxslt1-dbg_1.1.26-6+squeeze3_amd64.deb
Checksums-Sha256: 
 60c379453ec0651d4b5fc27cca129f16b3f74bb402a086c1d70e60f5d2325c17 2118 
libxslt_1.1.26-6+squeeze3.dsc
 51a97c9f544d1e88d772ab3e6013757785ecf0f2e10cdf2497562c606cddd0b1 99118 
libxslt_1.1.26-6+squeeze3.diff.gz
 ccf0c30a1c45a2d17a491d52b123d96b0d6e3ae036f2a941ef6db99fbba91d38 249614 
libxslt1.1_1.1.26-6+squeeze3_amd64.deb
 ef1f4d3a9b24ce75578e1a20e354b6aabdfd8ef3f18b77b0e423f22c2263ad24 666674 
libxslt1-dev_1.1.26-6+squeeze3_amd64.deb
 96a7ec7589f0e4663b57cbd0899c3581fd9daf4a1f530d7e8fde6844bb42ce09 370238 
libxslt1-dbg_1.1.26-6+squeeze3_amd64.deb
 43e99a5c51d98b33330b82a8bfd7f7837fd4ca8283982c043401459609e08bfc 116892 
xsltproc_1.1.26-6+squeeze3_amd64.deb
 5d8038905eea417a02495fd9f85a8409159f9898eba416d0b24f123e3054469c 167914 
python-libxslt1_1.1.26-6+squeeze3_amd64.deb
 56c12ebf46620e82b7a15ea69f987b6d406f3d02adba91e5728df665fb89ee24 373158 
python-libxslt1-dbg_1.1.26-6+squeeze3_amd64.deb
Files: 
 921ba66b7280db3bdb7601495d8d9936 2118 text optional 
libxslt_1.1.26-6+squeeze3.dsc
 b90ca8094b3fcca57db0632a384727a5 99118 text optional 
libxslt_1.1.26-6+squeeze3.diff.gz
 a0c5eebccd01217b101cf20a1caf4017 249614 libs optional 
libxslt1.1_1.1.26-6+squeeze3_amd64.deb
 d1de9d52a2f9f638af8e3b2683d6275a 666674 libdevel optional 
libxslt1-dev_1.1.26-6+squeeze3_amd64.deb
 bb5da85b7fb6e033b656bcee6ff83954 370238 debug extra 
libxslt1-dbg_1.1.26-6+squeeze3_amd64.deb
 becc65c6b598b4f25709089004247fc8 116892 text optional 
xsltproc_1.1.26-6+squeeze3_amd64.deb
 a835b712cac5ba8dfca3d4b0992e94d9 167914 python optional 
python-libxslt1_1.1.26-6+squeeze3_amd64.deb
 62f4b7e2edb17d5531ccfc01c258a6ec 373158 debug extra 
python-libxslt1-dbg_1.1.26-6+squeeze3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJRUgrUAAoJEHidbwV/2GP+hrQQAMIJMeNYRdQTlpPD3Cfis2Pl
Q5KtkP+vXDZKijz8b7qNmnDNUVp7op+YylZjWTJ7tCQ3l2Qe8tXMvQnrKdwuRNdX
dwuiOJDThhTd0OHxmF9wTX3GlYGyWcEj++3kPJp8qiFgHxhEts0mnAeiF9xHpn29
irPOjhMDMdgXUYWzMVNe6CJQWNfauk9KnLH5sXV8nbLEbcXarZOTzx9V6kYVlbq4
DSNSlAAnRtuUOs95HiQ0nvgCWoQrgcg9e4IWU9vXlpfWEELxJrMQGrfyxQA8OJ2G
aHF/O7Zx6YtsEurIpDqBYMlygHKUubTupa7DZxynghoWRCzzdeQgI+3bddmM1zv+
3UWurAufmIOgsnllauz7hJe5aNpeDCNjRaaoU3MZL0xd8xVdU0C//x3OH9CIXxaI
7HPzP42b26QHEpwMuhUkhI2WRXjsjayCN+WE3As06+0F1IrvGfkNJvbIyiZC8ocS
nIAJrq+Pd8IT/c/6I+q5FzwviYhEvFZFHRvoOu625FJwIqQwD+NootUvhamQk7Vw
xDkWWzJVBe0xzSAe9v5UoDjpAzACsl/3JZIcXqtwoy8XWYM0YahjjMxiLQkNk8WE
9GAZQ6vt5gbnVuP/CrcPhq8OIknc6yDDzv+6xfIpbJW+WBZp8Whq+nw3SW1QaxDp
KVeZclq0pBtxAO3aZpRY
=GDCC
-----END PGP SIGNATURE-----

--- End Message ---

Bug#703933: marked as done (libxslt: CVE-2012-6139)

Reply via email to