Your message dated Sat, 12 Jul 2014 18:33:18 +0000
with message-id <[email protected]>
and subject line Bug#747309: fixed in libxml2 2.8.0+dfsg1-7+wheezy1
has caused the Debian Bug report #747309,
regarding CVE-2014-0191
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
747309: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747309
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libxml2
Version: 2.9.1+dfsg1-3
Severity: grave
Tags: security
Hi,
from oss-security. This was assigned CVE-2014-0191
| It was discovered that libxml2, a library providing support to read,
| modify and write XML files, incorrectly performs entity substituton in
| the doctype prolog, even if the application using libxml2 disabled any
| entity substitution. A remote attacker could provide a
| specially-crafted XML file that, when processed, would lead to the
| exhaustion of CPU and memory resources or file descriptors.
|
| This issue was discovered by Daniel Berrange of Red Hat.
Fix:
https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: libxml2
Source-Version: 2.8.0+dfsg1-7+wheezy1
We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aron Xu <[email protected]> (supplier of updated libxml2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 09 Jul 2014 04:18:01 +0800
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg
libxml2-doc python-libxml2 python-libxml2-dbg
Architecture: source amd64 all
Version: 2.8.0+dfsg1-7+wheezy1
Distribution: stable-security
Urgency: high
Maintainer: Debian XML/SGML Group <[email protected]>
Changed-By: Aron Xu <[email protected]>
Description:
libxml2 - GNOME XML library
libxml2-dbg - Debugging symbols for the GNOME XML library
libxml2-dev - Development files for the GNOME XML library
libxml2-doc - Documentation for the GNOME XML library
libxml2-utils - XML utilities
libxml2-utils-dbg - XML utilities (debug extension)
python-libxml2 - Python bindings for the GNOME XML library
python-libxml2-dbg - Python bindings for the GNOME XML library (debug
extension)
Closes: 747309
Changes:
libxml2 (2.8.0+dfsg1-7+wheezy1) stable-security; urgency=high
.
* debian/patches/cve-2014-0191.patch: libxml2 could be made to consume
resources if it processed a specially crafted file.
(Closes: #747309, CVE-2014-0191)
Checksums-Sha1:
c685e8e295d7ba1e127fd0500912ff98ce2c4753 2169 libxml2_2.8.0+dfsg1-7+wheezy1.dsc
1562b67bb4d51268344ef3e5e25981385918bff4 38887
libxml2_2.8.0+dfsg1-7+wheezy1.debian.tar.gz
9c642ed87ef26254ca9b84a6cb3591bcffb528d1 903856
libxml2_2.8.0+dfsg1-7+wheezy1_amd64.deb
e023f8f6ed09ad281db8f50af7a586def07b6b00 96584
libxml2-utils_2.8.0+dfsg1-7+wheezy1_amd64.deb
63876e5c357ddb8407519aad690f7dc957fb9451 127128
libxml2-utils-dbg_2.8.0+dfsg1-7+wheezy1_amd64.deb
a7cbff09c8caa8f29249a0251cd3b5861df306c9 900226
libxml2-dev_2.8.0+dfsg1-7+wheezy1_amd64.deb
e292d483e30488588b3560f13f302acbe656895a 1402114
libxml2-dbg_2.8.0+dfsg1-7+wheezy1_amd64.deb
c99530fc7cf0dffdb05a985d56c5d20105ce0691 1356592
libxml2-doc_2.8.0+dfsg1-7+wheezy1_all.deb
03aa4e19836d36ed3fe39b34196fd50f035f75e9 345742
python-libxml2_2.8.0+dfsg1-7+wheezy1_amd64.deb
f43866a2839356df6bf2fe461acc74f1b15e56f4 727802
python-libxml2-dbg_2.8.0+dfsg1-7+wheezy1_amd64.deb
Checksums-Sha256:
2e47ce36091c9197cdd22d061131fbf3fd66734233e6749fef2c34fbaf290b99 2169
libxml2_2.8.0+dfsg1-7+wheezy1.dsc
f223988c7616dcbf16124240023767af6098e2935af2691744d22e2f9e44e655 38887
libxml2_2.8.0+dfsg1-7+wheezy1.debian.tar.gz
5e4bc0bae6363691872aa89ac4d846cf6b8f924b31bb382d7bd18ee5fa01612d 903856
libxml2_2.8.0+dfsg1-7+wheezy1_amd64.deb
434c29d3ee9a074abf02aad91763afdc467c433a50b3090e2c8d1c1416166d89 96584
libxml2-utils_2.8.0+dfsg1-7+wheezy1_amd64.deb
9d029249ee9b062c677981480fa067c3926701fe131fc2d22f24e4a4555580ac 127128
libxml2-utils-dbg_2.8.0+dfsg1-7+wheezy1_amd64.deb
34ec11c42eb24f9e50953aa417ae7cf0b8fa293d173ee398435213dd086f9884 900226
libxml2-dev_2.8.0+dfsg1-7+wheezy1_amd64.deb
1fd51e3f672f047c09515749364ac271ac5c88e5fd5f0d015c0364bc8e4d0cba 1402114
libxml2-dbg_2.8.0+dfsg1-7+wheezy1_amd64.deb
dc00f67504786705338e9ad3e64c86589047626780bb2312f5738716d89e3e14 1356592
libxml2-doc_2.8.0+dfsg1-7+wheezy1_all.deb
9fce988c272f3a512a82ada18ac03253823d63dc0a8a24e4e9092152b67ba56d 345742
python-libxml2_2.8.0+dfsg1-7+wheezy1_amd64.deb
20d6f2eaec819f8ed93771b4e5b20e10b35e8bd48564c5acf7774ba6dd2c4fbe 727802
python-libxml2-dbg_2.8.0+dfsg1-7+wheezy1_amd64.deb
Files:
a98b103c7e4125746272d897fd79639b 2169 libs optional
libxml2_2.8.0+dfsg1-7+wheezy1.dsc
6d834b47be63790855a9f6c12c961094 38887 libs optional
libxml2_2.8.0+dfsg1-7+wheezy1.debian.tar.gz
21d15f4a719fcfb71cd6f4d0b964aa27 903856 libs standard
libxml2_2.8.0+dfsg1-7+wheezy1_amd64.deb
d71428ecb490bbef88cb59172a03ca4e 96584 text optional
libxml2-utils_2.8.0+dfsg1-7+wheezy1_amd64.deb
3b9d164b51d502aadfa4cd3de1df374a 127128 debug extra
libxml2-utils-dbg_2.8.0+dfsg1-7+wheezy1_amd64.deb
0a3c957cbdb15dc25a91e01431fa1ee2 900226 libdevel optional
libxml2-dev_2.8.0+dfsg1-7+wheezy1_amd64.deb
60fd6db707c62ef94767ab3db15e08d0 1402114 debug extra
libxml2-dbg_2.8.0+dfsg1-7+wheezy1_amd64.deb
58a92e8e04ec7bc83793e1a0055a659d 1356592 doc optional
libxml2-doc_2.8.0+dfsg1-7+wheezy1_all.deb
34cd1281c1aa8277939a58ab801efb8c 345742 python optional
python-libxml2_2.8.0+dfsg1-7+wheezy1_amd64.deb
13b11f9df550d0e171106d1b4131c5dc 727802 debug extra
python-libxml2-dbg_2.8.0+dfsg1-7+wheezy1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBAgAGBQJTvGkJAAoJEGa1A/2e4BN5rtcH/jxTCcJ5Lk6I2gxV4e9MupbH
FqYJRsaEvFDYt/UTEd/T7wr2yOh+B0VDd5WByIcw1DTgO2kAoxG+4kW4D7sP07Ri
RkIs70dVWYZDvgM+YsYBjxdhe7of1knjk2sYcBv2Epmhr/BG54MJ5zXKG1RQJ8IL
dahRP6Aa7Kxzgjbv22Dbx/lvXWvaRZbOgz1cMUVakAwUYmFP7KTiXixBV0/EI94h
dw+gU6bo0ZkeEnyEf68UUq5Cit0GJP+ZENkjvnegePL6DGu3T28PT3qM0rB6UL+A
jgBZu4FRRiRghd1eGensmTNcKsQwEKlNoHGlF0b1qp/VTRLnseeEWPKE6TCQL40=
=nWc7
-----END PGP SIGNATURE-----
--- End Message ---
