libxml2: CVE-2017-5130

Debian Bug report logs - #880000
libxml2: CVE-2017-5130

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: libxml2: CVE-2017-5130

Date: Sat, 28 Oct 2017 09:59:29 +0200

Source: libxml2
Version: 2.9.4+dfsg1-5
Severity: important
Tags: patch security upstream

Hi,

the following vulnerability was published for libxml2.

CVE-2017-5130[0]:
No description was found (try on a search engine)

I think this corresponds to [1], asked for confirmation.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-5130
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5130
[1] https://bugzilla.gnome.org/show_bug.cgi?id=783026 

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Message #14 received at 880000@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 855001@bugs.debian.org, 878684@bugs.debian.org, 880000@bugs.debian.org

Subject: libxml2: diff for NMU version 2.9.4+dfsg1-5.1

Date: Sat, 18 Nov 2017 16:49:00 +0100

[Message part 1 (text/plain, inline)]

Control: tags 855001 + patch
Control: tags 855001 + pending
Control: tags 878684 + patch
Control: tags 878684 + pending
Control: tags 880000 + pending

Dear maintainer,

I've prepared an NMU for libxml2 (versioned as 2.9.4+dfsg1-5.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards,
Salvatore

[libxml2-2.9.4+dfsg1-5.1-nmu.diff (text/x-diff, attachment)]

Message #19 received at 880000-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 880000-close@bugs.debian.org

Subject: Bug#880000: fixed in libxml2 2.9.4+dfsg1-5.1

Date: Sat, 18 Nov 2017 18:24:30 +0000

Source: libxml2
Source-Version: 2.9.4+dfsg1-5.1

We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 880000@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated libxml2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 18 Nov 2017 16:39:04 +0100
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg python3-libxml2 python3-libxml2-dbg
Architecture: source
Version: 2.9.4+dfsg1-5.1
Distribution: unstable
Urgency: medium
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 855001 878684 880000
Description: 
 libxml2    - GNOME XML library
 libxml2-dbg - Debugging symbols for the GNOME XML library
 libxml2-dev - Development files for the GNOME XML library
 libxml2-doc - Documentation for the GNOME XML library
 libxml2-utils - XML utilities
 python-libxml2 - Python bindings for the GNOME XML library
 python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension)
 python3-libxml2 - Python3 bindings for the GNOME XML library
 python3-libxml2-dbg - Python3 bindings for the GNOME XML library (debug extension)
Changes:
 libxml2 (2.9.4+dfsg1-5.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Fix NULL pointer deref in xmlDumpElementContent (CVE-2017-5969)
     (Closes: #855001)
   * Check for integer overflow in memory debug code (CVE-2017-5130)
     (Closes: #880000)
   * Fix copy-paste errors in error messages
   * python: remove single use of _PyVerify_fd (Closes: #878684)
Checksums-Sha1: 
 871bb7ee1f4aa0a11266fdd521f00c03d8b2878e 3131 libxml2_2.9.4+dfsg1-5.1.dsc
 e186b1e483df0dfe248dbb7e28c7304fa7d72a15 35444 libxml2_2.9.4+dfsg1-5.1.debian.tar.xz
Checksums-Sha256: 
 7a43531fcb67956df3973605720b02c09044594c9e7434edb80d336449557826 3131 libxml2_2.9.4+dfsg1-5.1.dsc
 0a900d807f5de69cb27ddca74db8d6bb83d37abcdfee1c9b2f8a8ddb7ea028f4 35444 libxml2_2.9.4+dfsg1-5.1.debian.tar.xz
Files: 
 05e2a7b85132c0e38ecb5de2810559a5 3131 libs optional libxml2_2.9.4+dfsg1-5.1.dsc
 64e57ddc61b367103a34e2be4046dd37 35444 libs optional libxml2_2.9.4+dfsg1-5.1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAloQVdVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ESlUP/joLyjRmRfBsxlWpKahXcxQpFaxPQQr2
c2ywoT69WbXt+e4J6sUaY+B+/HM0Em4EjZNEkPOT/mpLEJCGARUm1BA1xNduTV/4
mqF6z3pKBPRRwXGYhGX6lDOc4dqgYMwtkYJmkJQSmePWrfgxETEcxExAyUU6+s/d
dxNcNq0qwgNHRU84sCDhYU6MBZnTfiWPkeH85ZEeaMbj2s4fIyxG0Yg6gEiihqrM
GYd7hfY6dLjSngf4PrWlUYJhByY8DYa5xlYjFYkeU3iZkbCXSM5DCzNI8RVUaycC
BxjKcI6u5lzkv5xc5CxMMuhlDl2fnJ7wFW5vsNAMbENNJxl4dKrB1Eu6ClMOfMO1
6+MME9wDF0II194DHMPBK7OOK6NnGoFI/v3Wh6PjDl2XgELw5UW8P52TvjLH7Qur
T+zBgQ//kOrpAQmtALk75OKu8hPaG+XA7O3rIgY/YlYLuX29ZIyGs9ZDvBBP857J
gi6Pgp0QpLuQz0Ytou6eCNeUZ+fZNvPFjhZbFlfXdwyI5IfSK33QqzbxaDfetkLS
9AKA0e7zfaYFSTZnqlXKZPNxigkmsFBmt48aPyjN+tBpqHluSi4EE+zTc6q/N+m1
fF1kyXW/+1tnISxLzL3VCBfi7z3FHqf1Fa8OjOfE/7C23QlvARrzidUiUw8Y3tca
GGNW9x5xRf58
=fiqk
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.