[xml/sgml-pkgs] Bug#278622: marked as done (libxml2: CAN-2004-0989: multiple buffer overflows)

Debian Bug Tracking System owner@bugs.debian.org
Tue, 02 Nov 2004 10:03:05 -0800 

Your message dated Tue, 2 Nov 2004 12:47:31 -0500
with message-id <20041102174731.GA21391@kitenet.net>
and subject line closing
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 28 Oct 2004 09:19:40 +0000
>From martin@piware.de Thu Oct 28 02:19:40 2004
Return-path: <martin@piware.de>
Received: from box79162.elkhouse.de [213.9.79.162] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1CN6RY-0004T1-00; Thu, 28 Oct 2004 02:19:40 -0700
Received: from martin by box79162.elkhouse.de with local (Exim 4.34)
	id 1CN6RW-0003Y3-5e; Thu, 28 Oct 2004 11:19:38 +0200
Date: Thu, 28 Oct 2004 11:19:38 +0200
From: Martin Pitt <martin.pitt@canonical.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libxml2: CAN-2004-0989: multiple buffer overflows
Message-ID: <20041028091937.GA13605@box79162.elkhouse.de>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="pf9I7BMVVzbSWLtt"
Content-Disposition: inline
X-Reportbug-Version: 2.63
User-Agent: Mutt/1.5.6+20040722i
Sender: Martin Pitt <martin@piware.de>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 


--pf9I7BMVVzbSWLtt
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: libxml2
Version: 2.6.11-3
Severity: critical
Tags: patch

libxml2 is vulnerable to CAN-2004-0989. Please see=20

  http://www.securityfocus.com/archive/1/379383/2004-10-24/2004-10-30/0
=20
for details.

I just uploaded fixed Ubuntu packages; the package interdiff
containing the patch can be downloaded from our bug tracking system:

https://bugzilla.ubuntulinux.org/show_bug.cgi?id=3D2809

Thanks,

Martin

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.7
Locale: LANG=3Dde_DE.UTF-8, LC_CTYPE=3Dde_DE.UTF-8

Versions of packages libxml2 depends on:
ii  libc6                       2.3.2.ds1-18 GNU C Library: Shared librarie=
s an
ii  zlib1g                      1:1.2.2-1    compression library - runtime

-- no debconf information

--=20
Martin Pitt                       http://www.piware.de
Ubuntu Developer            http://www.ubuntulinux.org
Debian GNU/Linux Developer       http://www.debian.org

--pf9I7BMVVzbSWLtt
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBgLmpDecnbV4Fd/IRAqdAAJwKHerMGQLRyncAYtzh32LuH3/wDACfQROf
wYu9IuP+P1FuX2mdMGsVgm0=
=Hmqh
-----END PGP SIGNATURE-----

--pf9I7BMVVzbSWLtt--

---------------------------------------
Received: (at 278622-done) by bugs.debian.org; 2 Nov 2004 17:46:15 +0000
>From joey@kitenet.net Tue Nov 02 09:46:15 2004
Return-path: <joey@kitenet.net>
Received: from kitenet.net [64.62.161.42] (postfix)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1CP2jX-0005RH-00; Tue, 02 Nov 2004 09:46:15 -0800
Received: from dragon.kitenet.net (unknown [66.168.94.144])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
	by kitenet.net (Postfix) with ESMTP id 2F2D017FF4
	for <278622-done@bugs.debian.org>; Tue,  2 Nov 2004 17:46:11 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
	id 7BCB56E0AE; Tue,  2 Nov 2004 12:47:32 -0500 (EST)
Date: Tue, 2 Nov 2004 12:47:31 -0500
From: Joey Hess <joeyh@debian.org>
To: 278622-done@bugs.debian.org
Subject: closing
Message-ID: <20041102174731.GA21391@kitenet.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="ew6BAiZeqk4r7MaW"
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: 278622-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
	version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 


--ew6BAiZeqk4r7MaW
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

CAN-2004-0989 was fixed in libxml2 version 2.6.11-5. Since we've also
had a DSA already, I see no reason to keep this bug open.

--=20
see shy jo

--ew6BAiZeqk4r7MaW
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBh8gzd8HHehbQuO8RAqtLAJ9QuLbfeKQ2lHSbYVZUd07jJq3vqQCgkbiN
M+KBwndx25IkW9n4VwtUxZc=
=4trd
-----END PGP SIGNATURE-----

--ew6BAiZeqk4r7MaW--