Debian Bug report logs -
#652352
Two security issues
Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>
Date: Fri, 16 Dec 2011 14:54:01 UTC
Severity: grave
Tags: patch, security
Found in version 2.6.32.dfsg-5.34.201109131010
Fixed in versions libxml2/2.7.8.dfsg-5.1, libxml2/2.7.8.dfsg-2+squeeze2, libxml2/2.6.32.dfsg-5+lenny5
Done: Aron Xu <aron@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#652352; Package libxml2.
(Fri, 16 Dec 2011 14:54:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(Fri, 16 Dec 2011 14:54:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libxml2
Version: 2.6.32.dfsg-5.34.201109131010
Severity: grave
Tags: security
Please see the Red Hat bugzilla for links to patches:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0216
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3905
Cheers,
Moritz
-- System Information:
Debian Release: 5.0.1
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.32-ucs44-amd64
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Versions of packages libxml2 depends on:
ii libc6 2.7-18.32.201101241735 GNU C Library: Shared libraries
ii zlib1g 1:1.2.3.3.dfsg-12.30.200909150153 compression library - runtime
Versions of packages libxml2 recommends:
ii xml-core 0.12.11.200909150645 XML infrastructure and XML catalog
-- no debconf information
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#652352; Package libxml2.
(Fri, 30 Dec 2011 17:45:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Luk Claes <luk@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(Fri, 30 Dec 2011 17:45:09 GMT) (full text, mbox, link).
Message #10 received at 652352@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tags 652352 + patch
tags 652352 + pending
thanks
Dear maintainer,
I've prepared an NMU for libxml2 (versioned as 2.7.8.dfsg-5.1) and
uploaded it to DELAYED/02 fixing the two outstanding security issues.
Please feel free to tell me if I should delay it longer.
Cheers
Luk
[libxml2-2.7.8.dfsg-5.1-nmu.diff (text/x-diff, attachment)]
Added tag(s) patch.
Request was from Luk Claes <luk@debian.org>
to control@bugs.debian.org.
(Fri, 30 Dec 2011 17:45:11 GMT) (full text, mbox, link).
Added tag(s) pending.
Request was from Luk Claes <luk@debian.org>
to control@bugs.debian.org.
(Fri, 30 Dec 2011 17:45:12 GMT) (full text, mbox, link).
Reply sent
to Luk Claes <luk@debian.org>:
You have taken responsibility.
(Sun, 01 Jan 2012 18:09:04 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer.
(Sun, 01 Jan 2012 18:09:04 GMT) (full text, mbox, link).
Message #19 received at 652352-close@bugs.debian.org (full text, mbox, reply):
Source: libxml2
Source-Version: 2.7.8.dfsg-5.1
We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive:
libxml2-dbg_2.7.8.dfsg-5.1_i386.deb
to main/libx/libxml2/libxml2-dbg_2.7.8.dfsg-5.1_i386.deb
libxml2-dev_2.7.8.dfsg-5.1_i386.deb
to main/libx/libxml2/libxml2-dev_2.7.8.dfsg-5.1_i386.deb
libxml2-doc_2.7.8.dfsg-5.1_all.deb
to main/libx/libxml2/libxml2-doc_2.7.8.dfsg-5.1_all.deb
libxml2-utils_2.7.8.dfsg-5.1_i386.deb
to main/libx/libxml2/libxml2-utils_2.7.8.dfsg-5.1_i386.deb
libxml2_2.7.8.dfsg-5.1.diff.gz
to main/libx/libxml2/libxml2_2.7.8.dfsg-5.1.diff.gz
libxml2_2.7.8.dfsg-5.1.dsc
to main/libx/libxml2/libxml2_2.7.8.dfsg-5.1.dsc
libxml2_2.7.8.dfsg-5.1_i386.deb
to main/libx/libxml2/libxml2_2.7.8.dfsg-5.1_i386.deb
python-libxml2-dbg_2.7.8.dfsg-5.1_i386.deb
to main/libx/libxml2/python-libxml2-dbg_2.7.8.dfsg-5.1_i386.deb
python-libxml2_2.7.8.dfsg-5.1_i386.deb
to main/libx/libxml2/python-libxml2_2.7.8.dfsg-5.1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 652352@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luk Claes <luk@debian.org> (supplier of updated libxml2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 30 Dec 2011 18:31:13 +0100
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg
Architecture: source i386 all
Version: 2.7.8.dfsg-5.1
Distribution: unstable
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Luk Claes <luk@debian.org>
Description:
libxml2 - GNOME XML library
libxml2-dbg - Debugging symbols for the GNOME XML library
libxml2-dev - Development files for the GNOME XML library
libxml2-doc - Documentation for the GNOME XML library
libxml2-utils - XML utilities
python-libxml2 - Python bindings for the GNOME XML library
python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension)
Closes: 652352
Changes:
libxml2 (2.7.8.dfsg-5.1) unstable; urgency=high
.
* Non-maintainer upload.
* encoding.c: Fix off by one error. CVE-2011-0216.
* parser.c: Make sure parser returns when getting a Stop order.
CVE-2011-3905.
* Both closes: #652352.
Checksums-Sha1:
13b020a381742e5389721cefc5641dd82d36fcf1 1746 libxml2_2.7.8.dfsg-5.1.dsc
af8d86faf495f4689d1ca26f7637eaeef1833ff2 118918 libxml2_2.7.8.dfsg-5.1.diff.gz
d9cb76a05f362f899f69c5645f0c49ecd137a553 882164 libxml2_2.7.8.dfsg-5.1_i386.deb
4ade853403866422e58f1238b6a907cc45f0fdb6 91374 libxml2-utils_2.7.8.dfsg-5.1_i386.deb
bf562eb171224d33b63fde4d876cf6e013540dfc 811664 libxml2-dev_2.7.8.dfsg-5.1_i386.deb
b4abc0b5e4a1ec07d468c3ca798aa9d35b0840b4 1072984 libxml2-dbg_2.7.8.dfsg-5.1_i386.deb
39bfa9c51849509ea8118c83bb6f91be86d68ca0 1379148 libxml2-doc_2.7.8.dfsg-5.1_all.deb
4d08b2b05b4b543c1b53a3d75282e22cfe64cbf1 367028 python-libxml2_2.7.8.dfsg-5.1_i386.deb
773b38ccbbcd47c994bccb259f7d0476ab832bc2 823506 python-libxml2-dbg_2.7.8.dfsg-5.1_i386.deb
Checksums-Sha256:
ac3bf267a08681deaa201fd9d792999adc8f078deb965b7c021b24c4adf92f9f 1746 libxml2_2.7.8.dfsg-5.1.dsc
ddeffec50782a5340cc295481d7ebda14f2b1d18634b5055c797764b061a8bfb 118918 libxml2_2.7.8.dfsg-5.1.diff.gz
fa4e02359463ff62d69d5455ced9e5153ca30916cdbb68d6370de2199d9209a3 882164 libxml2_2.7.8.dfsg-5.1_i386.deb
14d4c285e79ba46ce08815c1b3c290601887b3129572390a88b8ec39235bf124 91374 libxml2-utils_2.7.8.dfsg-5.1_i386.deb
4e37bf00d131f07ec429af54f9d2d6576fc5fdae9d8cff34177a05c51f57a0bb 811664 libxml2-dev_2.7.8.dfsg-5.1_i386.deb
a3590099b5fd37ddb59d9b8dbb7a97659a3d2134120780502fd89b0f881d1c7c 1072984 libxml2-dbg_2.7.8.dfsg-5.1_i386.deb
bdcc451f94bdfb54af7cbe9cdff53ba8f37611163faf6701d01210b186f215d7 1379148 libxml2-doc_2.7.8.dfsg-5.1_all.deb
cd1c83e6d490525f872b4d357ff016da60869c83afc894db00bbe17146f67087 367028 python-libxml2_2.7.8.dfsg-5.1_i386.deb
22029794c49ffeedb9fefe5c6ecb7b2ef82dfc6d016a59888425befc6111ee2f 823506 python-libxml2-dbg_2.7.8.dfsg-5.1_i386.deb
Files:
bda47a813d9e2196bf888230533b7e26 1746 libs optional libxml2_2.7.8.dfsg-5.1.dsc
152b8683d0d60124b61e6b2de8619356 118918 libs optional libxml2_2.7.8.dfsg-5.1.diff.gz
dc1f9f6a623dda128e898a2a9aae2ee2 882164 libs standard libxml2_2.7.8.dfsg-5.1_i386.deb
fb232ee347441d9788c0cbd45fcce676 91374 text optional libxml2-utils_2.7.8.dfsg-5.1_i386.deb
3497cce72f2b504206478d4140feec25 811664 libdevel optional libxml2-dev_2.7.8.dfsg-5.1_i386.deb
df64a90312a2494dfa53b125da747482 1072984 debug extra libxml2-dbg_2.7.8.dfsg-5.1_i386.deb
77120febb138b3682b1f8d82f554916e 1379148 doc optional libxml2-doc_2.7.8.dfsg-5.1_all.deb
500f6f73330fc03cf3e420a879d162a0 367028 python optional python-libxml2_2.7.8.dfsg-5.1_i386.deb
d0fcd361e1ef4c3afa529fc33a311b24 823506 debug extra python-libxml2-dbg_2.7.8.dfsg-5.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk79984ACgkQ5UTeB5t8Mo3zNgCeLGjuKo30bG0WRUr9mLflInMu
KfgAn2RcMHZz1WTT5CgS6UTsFdUeA52e
=0fHD
-----END PGP SIGNATURE-----
Reply sent
to Aron Xu <aron@debian.org>:
You have taken responsibility.
(Sat, 28 Jan 2012 19:33:06 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer.
(Sat, 28 Jan 2012 19:33:06 GMT) (full text, mbox, link).
Message #24 received at 652352-close@bugs.debian.org (full text, mbox, reply):
Source: libxml2
Source-Version: 2.7.8.dfsg-2+squeeze2
We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive:
libxml2-dbg_2.7.8.dfsg-2+squeeze2_amd64.deb
to main/libx/libxml2/libxml2-dbg_2.7.8.dfsg-2+squeeze2_amd64.deb
libxml2-dev_2.7.8.dfsg-2+squeeze2_amd64.deb
to main/libx/libxml2/libxml2-dev_2.7.8.dfsg-2+squeeze2_amd64.deb
libxml2-doc_2.7.8.dfsg-2+squeeze2_all.deb
to main/libx/libxml2/libxml2-doc_2.7.8.dfsg-2+squeeze2_all.deb
libxml2-utils_2.7.8.dfsg-2+squeeze2_amd64.deb
to main/libx/libxml2/libxml2-utils_2.7.8.dfsg-2+squeeze2_amd64.deb
libxml2_2.7.8.dfsg-2+squeeze2.diff.gz
to main/libx/libxml2/libxml2_2.7.8.dfsg-2+squeeze2.diff.gz
libxml2_2.7.8.dfsg-2+squeeze2.dsc
to main/libx/libxml2/libxml2_2.7.8.dfsg-2+squeeze2.dsc
libxml2_2.7.8.dfsg-2+squeeze2_amd64.deb
to main/libx/libxml2/libxml2_2.7.8.dfsg-2+squeeze2_amd64.deb
python-libxml2-dbg_2.7.8.dfsg-2+squeeze2_amd64.deb
to main/libx/libxml2/python-libxml2-dbg_2.7.8.dfsg-2+squeeze2_amd64.deb
python-libxml2_2.7.8.dfsg-2+squeeze2_amd64.deb
to main/libx/libxml2/python-libxml2_2.7.8.dfsg-2+squeeze2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 652352@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aron Xu <aron@debian.org> (supplier of updated libxml2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 24 Jan 2012 03:25:23 +0800
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg
Architecture: source amd64 all
Version: 2.7.8.dfsg-2+squeeze2
Distribution: stable-security
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Aron Xu <aron@debian.org>
Description:
libxml2 - GNOME XML library
libxml2-dbg - Debugging symbols for the GNOME XML library
libxml2-dev - Development files for the GNOME XML library
libxml2-doc - Documentation for the GNOME XML library
libxml2-utils - XML utilities
python-libxml2 - Python bindings for the GNOME XML library
python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension)
Closes: 643648 652352 656377
Changes:
libxml2 (2.7.8.dfsg-2+squeeze2) stable-security; urgency=high
.
* Security update.
* parser.c: Fix an allocation error when copying entities.
CVE-2011-3919. Closes: #656377.
* parser.c: Make sure parser returns when getting a Stop order.
CVE-2011-3905.
* encoding.c: Fix off by one error. CVE-2011-0216. Closes: 652352.
* xpath.c: Fix for undefined namespaces. CVE-2011-2834.
* xpath.c, xpointer.c, include/libxml/xpath.h:
Hardening of XPath evaluation. CVE-2011-2821. Closes: 643648.
Checksums-Sha1:
4d579893c3c9a69c7a1501b9ad4ce19c902d7538 1848 libxml2_2.7.8.dfsg-2+squeeze2.dsc
a6c44a21925893c5ae0d1f7278707f1dd943041c 114123 libxml2_2.7.8.dfsg-2+squeeze2.diff.gz
602dfbdba01bfe2f7c077bb920cd34be482dbac0 872698 libxml2_2.7.8.dfsg-2+squeeze2_amd64.deb
59e7ebb7d11d0d8d8a82c11282bfbdeceaeb12dd 93562 libxml2-utils_2.7.8.dfsg-2+squeeze2_amd64.deb
a0772e321ee20d49179ca7a9493d14981e3e01b6 829522 libxml2-dev_2.7.8.dfsg-2+squeeze2_amd64.deb
f0b2bf8baa6b5bce186fd0d27775f15044452005 989434 libxml2-dbg_2.7.8.dfsg-2+squeeze2_amd64.deb
2f54b26e35dae817df246be61e8b49515248273b 1344280 libxml2-doc_2.7.8.dfsg-2+squeeze2_all.deb
69790763f51d513364d5e114d62a9dec299f9e00 337756 python-libxml2_2.7.8.dfsg-2+squeeze2_amd64.deb
dbecb1b40a1d5f91c4d38d527bcb7a955bda98b9 871316 python-libxml2-dbg_2.7.8.dfsg-2+squeeze2_amd64.deb
Checksums-Sha256:
6b800b7613067d10cac87f102e63c8f5a486ec9020cd48fee46b2944accd1cb9 1848 libxml2_2.7.8.dfsg-2+squeeze2.dsc
4e47516b5fb6070c897bec33ac64f7aba23cdc56e8df5b90eaf27c0a45a6e95f 114123 libxml2_2.7.8.dfsg-2+squeeze2.diff.gz
3752043bae775ad3ffeef4df72f79a59200560c300ddd25cd416f5510a67f0a7 872698 libxml2_2.7.8.dfsg-2+squeeze2_amd64.deb
1b40087c1bacd9e3986a6134b42c80bab7f391cb310d3cb69a783daaa260f893 93562 libxml2-utils_2.7.8.dfsg-2+squeeze2_amd64.deb
a5f197bd4053c849ac4ab4cf9d0d4d1a59e44c6fcab94686965afffc1f619d5a 829522 libxml2-dev_2.7.8.dfsg-2+squeeze2_amd64.deb
1f53495e18fd6a8d662f4819f23e2ef6da72da840d88c54aa373a1e5f6777710 989434 libxml2-dbg_2.7.8.dfsg-2+squeeze2_amd64.deb
12d013eb556c71704f3edd1c2bf3ea73a37920fd7281120808ebe48c3c724684 1344280 libxml2-doc_2.7.8.dfsg-2+squeeze2_all.deb
758d069118af14a5d8cd27eae6ccda37cd6d7aafdac821ec2609f76dc003cb9c 337756 python-libxml2_2.7.8.dfsg-2+squeeze2_amd64.deb
51933e3f1062421b1f562e3419037f7790460928f8eaeee257435cee36fea6a0 871316 python-libxml2-dbg_2.7.8.dfsg-2+squeeze2_amd64.deb
Files:
2289a483906e1bd815ac66723b1171fa 1848 libs optional libxml2_2.7.8.dfsg-2+squeeze2.dsc
af0c7c2a628935f4c5e19a05731f2b65 114123 libs optional libxml2_2.7.8.dfsg-2+squeeze2.diff.gz
a6e62127cb8bffb6e592b8175b337a1a 872698 libs standard libxml2_2.7.8.dfsg-2+squeeze2_amd64.deb
41504ec2093d29ec6125ff5e9fce42c2 93562 text optional libxml2-utils_2.7.8.dfsg-2+squeeze2_amd64.deb
3acf0aecf78055eb53b8296c1a0824fc 829522 libdevel optional libxml2-dev_2.7.8.dfsg-2+squeeze2_amd64.deb
182a9fa5e1a65650e2b0510384ed1736 989434 debug extra libxml2-dbg_2.7.8.dfsg-2+squeeze2_amd64.deb
73772ba505e876f8525a5b5dbfca0201 1344280 doc optional libxml2-doc_2.7.8.dfsg-2+squeeze2_all.deb
c97e21d629f7834c03b6a95eae5125d1 337756 python optional python-libxml2_2.7.8.dfsg-2+squeeze2_amd64.deb
200a40737ccf8a659618961693e99af2 871316 debug extra python-libxml2-dbg_2.7.8.dfsg-2+squeeze2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBCgAGBQJPHpGaAAoJEIAhAkTu07wNTBAIAK5JzAj+YHj6mIy+PcZQTxzp
5+wJ+omkhijL+UtDrCE3ZkimZcjf7PWoc8bLbiCjEeBb+PfD9oIE2dJUXN08iPKG
aPJNiXEt43L6Xp4mAQ7eGA7Onm5iEw+IGtZrS6ziOZQBrwN15QanvK93Am0XOFO9
8/CQPxeFEC/ZS6AWGrk7rEi4SD2UgYE0lrh4Tc4I7Jm9AlSY14nRaJkxPKdhoBfw
x0SVZZ0IYwx0mltLqkUwvMRVx8cSG6NAlr1BfrzVOkK87W/auNVi7Lcu8fs0E9bA
Nwjl3W8Sfzf7R3z/Wn+08fYk3GMNRkmruTxa4HdiPKbiYw55LxsPXbevQOOcpzc=
=rzTR
-----END PGP SIGNATURE-----
Reply sent
to Aron Xu <aron@debian.org>:
You have taken responsibility.
(Mon, 30 Jan 2012 21:51:16 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer.
(Mon, 30 Jan 2012 21:51:16 GMT) (full text, mbox, link).
Message #29 received at 652352-close@bugs.debian.org (full text, mbox, reply):
Source: libxml2
Source-Version: 2.6.32.dfsg-5+lenny5
We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive:
libxml2-dbg_2.6.32.dfsg-5+lenny5_amd64.deb
to main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny5_amd64.deb
libxml2-dev_2.6.32.dfsg-5+lenny5_amd64.deb
to main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny5_amd64.deb
libxml2-doc_2.6.32.dfsg-5+lenny5_all.deb
to main/libx/libxml2/libxml2-doc_2.6.32.dfsg-5+lenny5_all.deb
libxml2-utils_2.6.32.dfsg-5+lenny5_amd64.deb
to main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny5_amd64.deb
libxml2_2.6.32.dfsg-5+lenny5.diff.gz
to main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny5.diff.gz
libxml2_2.6.32.dfsg-5+lenny5.dsc
to main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny5.dsc
libxml2_2.6.32.dfsg-5+lenny5_amd64.deb
to main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny5_amd64.deb
python-libxml2_2.6.32.dfsg-5+lenny5_amd64.deb
to main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny5_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 652352@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aron Xu <aron@debian.org> (supplier of updated libxml2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 24 Jan 2012 06:04:56 +0800
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc python-libxml2
Architecture: source all amd64
Version: 2.6.32.dfsg-5+lenny5
Distribution: oldstable-security
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Aron Xu <aron@debian.org>
Description:
libxml2 - GNOME XML library
libxml2-dbg - Debugging symbols for the GNOME XML library
libxml2-dev - Development files for the GNOME XML library
libxml2-doc - Documentation for the GNOME XML library
libxml2-utils - XML utilities
python-libxml2 - Python bindings for the GNOME XML library
Closes: 643648 652352 656377
Changes:
libxml2 (2.6.32.dfsg-5+lenny5) oldstable-security; urgency=high
.
* Security update.
* parser.c: Fix an allocation error when copying entities.
CVE-2011-3919. Closes: #656377.
* parser.c: Make sure parser returns when getting a Stop order.
CVE-2011-3905.
* encoding.c: Fix off by one error. CVE-2011-0216. Closes: 652352.
* xpath.c: Fix for undefined namespaces.
CVE-2011-2834. Closes: 643648.
Checksums-Sha1:
04a90287debdfc7f7559f80e9e0dab808794e909 1647 libxml2_2.6.32.dfsg-5+lenny5.dsc
9db39d08996626ab5c584214ef70e5e307e8b9f7 86309 libxml2_2.6.32.dfsg-5+lenny5.diff.gz
20a9b17e35dcc7652f0e07ce0d54f0bfa79206a9 1307492 libxml2-doc_2.6.32.dfsg-5+lenny5_all.deb
8e436f404235b31ad0c68c97d23c070ee02bb650 861080 libxml2_2.6.32.dfsg-5+lenny5_amd64.deb
903e7dc78c52ea8b49789957a188c81a44ffbc02 37326 libxml2-utils_2.6.32.dfsg-5+lenny5_amd64.deb
99ba81e0ef39e2b679fc366c8b269da6acaadd4f 774076 libxml2-dev_2.6.32.dfsg-5+lenny5_amd64.deb
39bebbe51e9a142297e85b55d26634fa1362b834 988562 libxml2-dbg_2.6.32.dfsg-5+lenny5_amd64.deb
bd2b69a0f895fc93ff1e6d5f91311bd23d2ee550 295928 python-libxml2_2.6.32.dfsg-5+lenny5_amd64.deb
Checksums-Sha256:
1232b8cd41cdf7f295a23af260a151da9e26b89bb1a271c435aaab2dd6857bed 1647 libxml2_2.6.32.dfsg-5+lenny5.dsc
1059796d4afa24699a5b59bcf9846ea215be06b2657298d526feda2bd3e3db84 86309 libxml2_2.6.32.dfsg-5+lenny5.diff.gz
3e74d6c1d54fbd068a0ea19a4fefca4ec244784e73e664080eedd049f1460171 1307492 libxml2-doc_2.6.32.dfsg-5+lenny5_all.deb
d81e76796ebac9f079e720765102a6ad0c6c5abd7ec6e88caf19a2725f020c6c 861080 libxml2_2.6.32.dfsg-5+lenny5_amd64.deb
a44877fa3585934149ea1e756862dc0732296079e062200b537259e65212a23c 37326 libxml2-utils_2.6.32.dfsg-5+lenny5_amd64.deb
8677a517f84435e99441e8b6a3cd58876b6233a8581648c9a065625e81c27212 774076 libxml2-dev_2.6.32.dfsg-5+lenny5_amd64.deb
4afb005d1e38435d8dd180ab7a8c9cc491c141a442071516c94350a0e3091978 988562 libxml2-dbg_2.6.32.dfsg-5+lenny5_amd64.deb
dcccd350a3e3f87f3a148a8af9cfa0940a9681d226b31653b653023396324c4a 295928 python-libxml2_2.6.32.dfsg-5+lenny5_amd64.deb
Files:
86c24ecca29d1633dff0e7cccc285f06 1647 libs optional libxml2_2.6.32.dfsg-5+lenny5.dsc
9cdf129340dce255b2dfb450ca4e06fe 86309 libs optional libxml2_2.6.32.dfsg-5+lenny5.diff.gz
9826e7e6915ec8090e00d10483ad7031 1307492 doc optional libxml2-doc_2.6.32.dfsg-5+lenny5_all.deb
c327a8e8849388d294d60f95b4d14326 861080 libs optional libxml2_2.6.32.dfsg-5+lenny5_amd64.deb
59fad6589fb7fd7f63bc796b7177ab89 37326 text optional libxml2-utils_2.6.32.dfsg-5+lenny5_amd64.deb
dea37e4e8b0e568d81751524a193a401 774076 libdevel optional libxml2-dev_2.6.32.dfsg-5+lenny5_amd64.deb
873db597ec1a1cfaf16f87e992298c63 988562 libdevel extra libxml2-dbg_2.6.32.dfsg-5+lenny5_amd64.deb
53ffa695e87d37a6499b414d80f795ea 295928 python optional python-libxml2_2.6.32.dfsg-5+lenny5_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBCgAGBQJPHpQ+AAoJEIAhAkTu07wNR5YH/3bk7aGqvpdFPMzWvUS6ks4m
uqi+d7SzE2ZkvEelsYRZ5SjqyvjgSYRnG6wq0VhIMD96v72K5Lo81YxeZCwUvsO+
q1lXnmJaBD62bUOFavwLKALHhrKCrvpDREV5mdDdcCRcM+sbRocuJBwSPPD5Fdwf
F+JLnAByVAAwqOL47ufxcOm2cr9wbuSDutbe5ond5tDHctfDMmVVHMDYK1Lwf4vN
olb453FjQBSowmpAvBktjId0mGz7koMi9wedjLIWuWVoKVKx97OXgCGZEuz26+HP
R3t93UDOWKs4qGeEdDi6Nne/Ve3HWaDHGR8H/adIJqlW3fZh0ejIL5kQUG5Etj4=
=wMNG
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 28 Feb 2012 07:37:15 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:07:23 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon