Your message dated Thu, 03 Aug 2017 20:52:43 +0000 with message-id <e1ddn6p-000dow...@fasolo.debian.org> and subject line Bug#866676: fixed in libxml-libxml-perl 2.0128+dfsg-2 has caused the Debian Bug report #866676, regarding libxml-libxml-perl: CVE-2017-10672: Use-after-free in XML::LibXML::Node::replaceChild to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 866676: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866676 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libxml-libxml-perl Version: 2.0116+dfsg-1 Severity: grave Tags: security upstream Forwarded: https://rt.cpan.org/Ticket/Display.html?id=122246 Hi, the following vulnerability was published for libxml-libxml-perl. Filling this one for now as severity grave, but we might adjust later the severity if not appropriate. CVE-2017-10672[0]: | Use-after-free in the XML-LibXML module through 2.0129 for Perl allows | remote attackers to execute arbitrary code by controlling the arguments | to a replaceChild call. There is no upstream fix yet. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-10672 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10672 [1] https://rt.cpan.org/Ticket/Display.html?id=122246 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libxml-libxml-perl Source-Version: 2.0128+dfsg-2 We believe that the bug you reported is fixed in the latest version of libxml-libxml-perl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 866...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libxml-libxml-perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 02 Aug 2017 21:42:27 +0200 Source: libxml-libxml-perl Binary: libxml-libxml-perl Architecture: source Version: 2.0128+dfsg-2 Distribution: unstable Urgency: high Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 866676 Description: libxml-libxml-perl - Perl interface to the libxml2 library Changes: libxml-libxml-perl (2.0128+dfsg-2) unstable; urgency=high . * Team upload. . [ gregor herrmann ] * Remove Chris Butler from Uploaders. Thanks for your work! * Remove Jonathan Yu from Uploaders. Thanks for your work! . [ Salvatore Bonaccorso ] * CVE-2017-10672: Use-after-free by controlling the arguments to a replaceChild call (Closes: #866676) * Declare compliance with Debian policy 4.0.0 Checksums-Sha1: dc0384bae272083197a1342d4ffade5c6d325b16 2407 libxml-libxml-perl_2.0128+dfsg-2.dsc e138d9a633b0a69e31da44e9d9abff3ebdb81458 11972 libxml-libxml-perl_2.0128+dfsg-2.debian.tar.xz Checksums-Sha256: 67dcd0eb96fa27d846b70ccb3ccff176fc15e44380645a93e49d6048789a3ac5 2407 libxml-libxml-perl_2.0128+dfsg-2.dsc 676cc9b61fee51ba159cf06d4df4184723eb1c306bddbbc534e2f95dbf0ccae1 11972 libxml-libxml-perl_2.0128+dfsg-2.debian.tar.xz Files: daf0f8e8022e78fcf1ba2769c9266b8e 2407 perl optional libxml-libxml-perl_2.0128+dfsg-2.dsc dce2de6e68df3539ee46f00b478b62b4 11972 perl optional libxml-libxml-perl_2.0128+dfsg-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlmDgmNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EHboP/RpAGTfsvssFkRnNpJWax5dJkp0LZ7fR VEoEiKBuPInFkWSgiFJT3fnjZMLC2uKVafdWxO2kG1ARmel84N9I4iGVVOvD0z/c /tiwNnWBaR7dj+Wtu11X8nvMGStxT9uA06Lj/tDg49JfDnkopEHWpzMwxgRcsE/X BNhWMMTZPKYWzZKE7eR5JSuhBU+zQQ0UyLThHl3qkRQUF0sC6uA57NR20x6jR2fO saU7pCPc2fjAgEJeZRcirWmmG/xXQPiJkiTCO/lZkKcZ/DoBamxfvMI+xSh2Gn3n i/ldP0nhYGF2qqYuSMxSj+9hGLcfjq9zWuadKY+yrl83J2OkNIIoECNe6ERVGGhX f6ai9fvwlSrg3IvyYhNG8ehWORgJ/CW6ynz6raKzzGCdu5UFiVJQsMAzY630MC+w wQV2A7hzerpthHYS7u4frY73J5T5BgvvDLyDVDp+PsJX6MvMV8HrQEuElYZCTZ/1 +pH4DWKiW9MdxzDN6LUAfVNKkXyWJOD6izM9bDmBW52jEge5Lt+ncHEf0oH1oj8x u26rBIhdny56CS1+3J+HerHD5tFBoZ3q7xZ3A1bqV8VlwCAn62spvFRpN9aV9pOM Qa99ExlFzptl+gJ4qHfxg2+Fjw+j/aEvoXGWJWux/zNK4kou/YMipbf0/N2qODIT 4dZ7pbKJU6xn =uUUy -----END PGP SIGNATURE-----
--- End Message ---
