This bug was fixed in the package xmlrpc-c - 1.16.33-3.2ubuntu1
---------------
xmlrpc-c (1.16.33-3.2ubuntu1) raring; urgency=low
* Merge from Debian testing (LP: #1076812). Remaining changes:
- Add libxmlrpc-core-c3-udeb for use during installation (LP: #831496).
- Add Breaks/Replaces to cover binary package reorganisation (LP: #878180).
- Fix dh_makeshlibs calls for libxmlrpc-core-c3-0 -> libxmlrpc-core-c3
rename.
- Add backport-gssapi-delegation.patch, and bump the build-depends on
libcurl4-openssl-dev and libcurl3-openssl-dev to >= 7.22.0
- Fix dependencies of xmlrpc-api-utils
* Changes merged by Debian:
- Run the tests as part of the build process
- SECURITY UPDATE: Denial of service via hash collisions
- SECURITY UPDATE: Denial of service via memory leak
xmlrpc-c (1.16.33-3.2) unstable; urgency=medium
* Non-maintainer upload.
* Fix CVE-2012-0876 and CVE-2012-1148 in embedded Expat copy. Thanks to
Tyler Hicks for the patch and the report (Closes: #687672)
-- Tyler Hicks <[email protected]> Thu, 08 Nov 2012 16:29:20 -0800
** Changed in: xmlrpc-c (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-0876
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1148
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1076812
Title:
Please merge xmlrpc-c 1.16.33-3.2 (main) from Debian testing (main)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xmlrpc-c/+bug/1076812/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
