Your message dated Wed, 28 Mar 2018 23:36:58 +0000
with message-id <[email protected]>
and subject line Bug#894050: fixed in xerces-c 3.2.1+debian-1
has caused the Debian Bug report #894050,
regarding xerces-c: CVE-2017-12627: Null pointer dereference while processing
the path to DTD allows denial of service
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
894050: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894050
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: xerces-c
Version: 3.2.0+debian-2
Severity: grave
Tags: patch security upstream
Hi,
the following vulnerability was published for xerces-c.
CVE-2017-12627[0]:
| In Apache Xerces-C XML Parser library before 3.2.1, processing of
| external DTD paths can result in a null pointer dereference under
| certain conditions.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-12627
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12627
[1] https://svn.apache.org/viewvc?view=revision&revision=1819998
[2] https://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: xerces-c
Source-Version: 3.2.1+debian-1
We believe that the bug you reported is fixed in the latest version of
xerces-c, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
William Blough <[email protected]> (supplier of updated xerces-c package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 28 Mar 2018 17:56:05 -0400
Source: xerces-c
Binary: libxerces-c3.2 libxerces-c-dev libxerces-c-doc libxerces-c-samples
Architecture: source amd64 all
Version: 3.2.1+debian-1
Distribution: unstable
Urgency: medium
Maintainer: William Blough <[email protected]>
Changed-By: William Blough <[email protected]>
Description:
libxerces-c-dev - validating XML parser library for C++ (development files)
libxerces-c-doc - validating XML parser library for C++ (documentation)
libxerces-c-samples - validating XML parser library for C++ (compiled samples)
libxerces-c3.2 - validating XML parser library for C++
Closes: 891841 894050
Changes:
xerces-c (3.2.1+debian-1) unstable; urgency=medium
.
* New upstream release. Closes: 891841
Fixes CVE-2017-12627 Closes: 894050
* Update to policy 4.1.3 (no changes)
* Remove patch that was applied upstream
* Lintian fixes:
- remove trailing whitespace in changelog
- install NOTICE file
- change watch file to use https
Checksums-Sha1:
11d4cb29957ac1350c02a1d5ff0a1d8893188293 2407 xerces-c_3.2.1+debian-1.dsc
16bc29dfee1f854b9f5942a40b1cc91fd181a55b 2502048
xerces-c_3.2.1+debian.orig.tar.gz
dcf359aeb2bd2a7f04958d0c3df93e4a3da0e418 21620
xerces-c_3.2.1+debian-1.debian.tar.xz
6174d86836db62f4ee3b0af0aea85e8a92a19fef 1648908
libxerces-c-dev_3.2.1+debian-1_amd64.deb
f5709156f769826672512340d712f85017f6582d 1758504
libxerces-c-doc_3.2.1+debian-1_all.deb
c6b294c4b21346b2cf6fdd10ec1c243f3f33fdd5 1116340
libxerces-c-samples-dbgsym_3.2.1+debian-1_amd64.deb
f4e4b8db25faea576221363c5d708d513d33c399 133624
libxerces-c-samples_3.2.1+debian-1_amd64.deb
33d75fa53f6c6a4169b2ac78a2b96fdbcdbeb866 6159768
libxerces-c3.2-dbgsym_3.2.1+debian-1_amd64.deb
737d7eca64c016aeaef7ec88ec6bb0553329747f 861220
libxerces-c3.2_3.2.1+debian-1_amd64.deb
71e66f276b7750d827bb31986b696439b3756e8e 10260
xerces-c_3.2.1+debian-1_amd64.buildinfo
Checksums-Sha256:
14182c237a035d40b0bcdfaea6291370d4c1061f6695486e1f8c7348ad0e6422 2407
xerces-c_3.2.1+debian-1.dsc
0a2cb3c371909c5723d1b696957ac4e9c51bd162612f1fd285563b39a66f5137 2502048
xerces-c_3.2.1+debian.orig.tar.gz
912875f7188228d58fbd27aa91e50833e81f92f58e67aeb59061cf9e76c74ffb 21620
xerces-c_3.2.1+debian-1.debian.tar.xz
1c2aad6ff47b452ea6ebff872fd0a68b264d6471e61d088ef40cda4ab84a836d 1648908
libxerces-c-dev_3.2.1+debian-1_amd64.deb
8037b6f44d9df75d98b4f6d7dbac482c4e9abd1b1a8393f25e235b0de820302c 1758504
libxerces-c-doc_3.2.1+debian-1_all.deb
9c16dfb5d8c2bc5ba363b355fd516d587c80b92e3fd7869073f4610740b7d480 1116340
libxerces-c-samples-dbgsym_3.2.1+debian-1_amd64.deb
b32b1d2af006f9e38aca463c3b4185eba48c2389dbe2c943c05f14b1d76c95ac 133624
libxerces-c-samples_3.2.1+debian-1_amd64.deb
e3f79c50706310a89c67c22ae63776e1784ed60f48cbf05a78a88120008c53f9 6159768
libxerces-c3.2-dbgsym_3.2.1+debian-1_amd64.deb
8053b4ea018b753d69e78956fa44744ae6858c6997f4f8d9e0a059b75b893118 861220
libxerces-c3.2_3.2.1+debian-1_amd64.deb
7552adb613bac086b6b24895db44bc73b284098ae45417dc7afcb6b8457a71c7 10260
xerces-c_3.2.1+debian-1_amd64.buildinfo
Files:
8fc4603f6fd4bd19ad94d42ac96c42fd 2407 libs optional xerces-c_3.2.1+debian-1.dsc
a77f4349f7032af3ad7df909d7b29290 2502048 libs optional
xerces-c_3.2.1+debian.orig.tar.gz
a5a3574f3b6c90de7891da6fca111b1a 21620 libs optional
xerces-c_3.2.1+debian-1.debian.tar.xz
4df7265b94f8a755764722d21e69f934 1648908 libdevel optional
libxerces-c-dev_3.2.1+debian-1_amd64.deb
f9fc4c23a33b6c590bab58e5b870483d 1758504 doc optional
libxerces-c-doc_3.2.1+debian-1_all.deb
4ba6f16caf8f7d82d1b91c1706e6bdae 1116340 debug optional
libxerces-c-samples-dbgsym_3.2.1+debian-1_amd64.deb
a24c6a871e869b7bee475343fc1b753d 133624 devel optional
libxerces-c-samples_3.2.1+debian-1_amd64.deb
78461bbb7474d869ddf13d67666ab8c1 6159768 debug optional
libxerces-c3.2-dbgsym_3.2.1+debian-1_amd64.deb
d2e4bc2aa7fb044e41dc804091a80fbc 861220 libs optional
libxerces-c3.2_3.2.1+debian-1_amd64.deb
9fac8cd0f4529d0c74665d64ca88aa3b 10260 libs optional
xerces-c_3.2.1+debian-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKkBAEBCACOFiEEXN0MnPRGvBslCYeRF2LgInA0z4QFAlq8HGxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDVD
REQwQzlDRjQ0NkJDMUIyNTA5ODc5MTE3NjJFMDIyNzAzNENGODQQHGRldmVsQGJs
b3VnaC51cwAKCRAXYuAicDTPhJQpEACD4/4LF2R3XAnPBOHaWxfY5X7iskXXXWlp
Xnl9g9fW9UZF0NqU1OMF0vVHoGz0UssOiBr4aL88Q/TqAiVpY7MSGT9QI7aSTqb5
lfmWByKt9VsPBjhZPw1RteqFRG5f1r9EmXQ+l9jH8GdyZjUkyoyAX5kZtpEre+/I
Me4XGwqD4FR6qTEQoBLcM/7dk/kPRaz5HCU7pOaNqzOBeebu25rkYNvUknm4/HbT
JDPo+83qiRMLM4LN5W17+pQxDQJ4p8nTgTLmBKD1ySNPUF3AyUbRiahF0Qzn6oGO
/j8e2QjntrkwcRPxLM67R4Sxe66QaP1AnuLqFCw3T6FNPyfTWRAW7jtwBnwh6B6E
Dc58ywDdcBnhB5C7VorNKoi2zX86ugfS5feM7zKrk/YWnkvClEwcFAcFqgGu/Myv
IZ53aO2otnZkoD2n4o5U4PIedK9ZsLSPaBFgW1w6HF+M+q4Q64KnTo9agWMHQqr0
XdHHk5wdgbwFVAmsfhbI0/LVcIFtxim6K0MHYI+7SyniUB3YiMqsPffCFCmgZOI4
6wSjJcpM+ruLqcoGOAnGRoIq96k094cmtv/Iy20QEW/WJNV3EwTHYjIrP4IzFH/M
WVzBApcrIp7dHW2wkVuR7VPQnB/Rk+3vkfKZnVtrI8H8qTPzKjT4J7Db2ZFo+BrV
ikWIVrx0rA==
=Sn0W
-----END PGP SIGNATURE-----
--- End Message ---
