Your message dated Thu, 14 Dec 2017 19:50:06 +0000
with message-id <e1epzwa-0008zf...@fasolo.debian.org>
and subject line Bug#883790: fixed in libxml2 2.9.4+dfsg1-5.2
has caused the Debian Bug report #883790,
regarding libxml2: CVE-2017-15412: use-after-free in
xmlXPathCompOpEvalPositionalPredicate
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
883790: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883790
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libxml2
Version: 2.9.4+dfsg1-5.1
Severity: important
Tags: patch security upstream
Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=783160
Hi,
the following vulnerability was published for libxml2.
CVE-2017-15412[0]:
use after free
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-15412
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412
[1] https://bugzilla.gnome.org/show_bug.cgi?id=783160
[2]
https://git.gnome.org/browse/libxml2/commit/?id=0f3b843b3534784ef57a4f9b874238aa1fda5a73
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libxml2
Source-Version: 2.9.4+dfsg1-5.2
We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 883...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated libxml2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 14 Dec 2017 20:36:07 +0100
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc
python-libxml2 python-libxml2-dbg python3-libxml2 python3-libxml2-dbg
Architecture: source
Version: 2.9.4+dfsg1-5.2
Distribution: unstable
Urgency: medium
Maintainer: Debian XML/SGML Group <debian-xml-sgml-p...@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 883790
Description:
libxml2 - GNOME XML library
libxml2-dbg - Debugging symbols for the GNOME XML library
libxml2-dev - Development files for the GNOME XML library
libxml2-doc - Documentation for the GNOME XML library
libxml2-utils - XML utilities
python-libxml2 - Python bindings for the GNOME XML library
python-libxml2-dbg - Python bindings for the GNOME XML library (debug
extension)
python3-libxml2 - Python3 bindings for the GNOME XML library
python3-libxml2-dbg - Python3 bindings for the GNOME XML library (debug
extension)
Changes:
libxml2 (2.9.4+dfsg1-5.2) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix XPath stack frame logic (CVE-2017-15412) (Closes: #883790)
Checksums-Sha1:
29760e94d88598248b4358576889a940141be4ca 3131 libxml2_2.9.4+dfsg1-5.2.dsc
bb6cec530f58839f2d55d74844a18804cf1d413c 35848
libxml2_2.9.4+dfsg1-5.2.debian.tar.xz
Checksums-Sha256:
f46aaec278a4e9bb0c6661daa6296709e5445f7cc787cf20d8a031468692f8f0 3131
libxml2_2.9.4+dfsg1-5.2.dsc
31fdc490e38e1b1487dba142688da2ee2924aaccd8980381926322dfde00325c 35848
libxml2_2.9.4+dfsg1-5.2.debian.tar.xz
Files:
84105c0acc59acbaf5d55ad98d70a525 3131 libs optional libxml2_2.9.4+dfsg1-5.2.dsc
aa0bcd43b5db7e26897baed23f9ce8d2 35848 libs optional
libxml2_2.9.4+dfsg1-5.2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAloy1CxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E2PgP/jT4Qmi5woZ1o3ixMllXmd3hajpGda9L
bA72jrtynl15hJ20LHLXSj9Oc+/oXtdklEb5cvVnhu2sCFPOHTi+frU0mDM3qQam
ru+/U4i0NkUWgS5K72Ga32mqCs+WhXYaEN0oJLaBkdSMIbMsP+TfbOzj60megMml
WOL5J0xH+8H+YiM00IkSyEE6FhOvGFHbhIgoLhKfngtFKDb65HFUC78zhThWsMD/
Uw8fL2EDLeIXOXnDoFVtTczOlyVSlQWMH+hGmVHrxkpicZURdywoetZI+NlsDbw7
yHX292CjMv8oGLytcYE3muuhqJYkHH8Cq2z/nwHn8dUz4AmNs8vWOIYXDkDFKBYF
dOuDIa60LbB5S4zY9fVGQF0o2ilXepaOoMbSTZBmj+125dQJBRWCGcxiWNk027+h
CGN45JXtLwb+AlF7Hcy+fM+oO462JXTppT51KEuizbp+XN5TNg98VbbtynW8Po84
mWcVu40L24s0VxZvyAop/JST6bv37hOZXeuw8XuaOs21T+T24y5ELJpnsaASMzpd
OXlDMonpDeLVODxXPW/Pm6o1mTpRN+j+lvjnd41pPPX5mrwAnDmP5rnRWOYYQ3q4
7KN7zscyRCwLd5g18OKhL5k91AMUyGWz3A4qHGhB8HLVv71DQNVrhxvz3Ph3TrSM
6ZjMhR1drEFg
=h5MM
-----END PGP SIGNATURE-----
--- End Message ---
