Debian Bug report logs -
#674191
CVE-2011-3102
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 23 May 2012 17:33:02 UTC
Severity: grave
Tags: security
Found in version libxml2/2.7.8.dfsg-9
Fixed in version libxml2/2.7.8.dfsg-9.1
Done: Michael Gilbert <mgilbert@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#674191; Package libxml2.
(Wed, 23 May 2012 17:33:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(Wed, 23 May 2012 17:33:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libxml2
Version: 2.7.8.dfsg-9
Severity: grave
Tags: security
A DSA is in preparation. Fix:
http://git.gnome.org/browse/libxml2/commit/?id=d8e1faeaa99c7a7c07af01c1c72de352eb590a3e
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#674191; Package libxml2.
(Wed, 23 May 2012 18:06:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Gilbert <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(Wed, 23 May 2012 18:06:05 GMT) (full text, mbox, link).
Message #10 received at 674191@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Wed, May 23, 2012 at 1:30 PM, Moritz Muehlenhoff wrote:
> Package: libxml2
> Version: 2.7.8.dfsg-9
> Severity: grave
> Tags: security
>
> A DSA is in preparation. Fix:
> http://git.gnome.org/browse/libxml2/commit/?id=d8e1faeaa99c7a7c07af01c1c72de352eb590a3e
I've just uploaded the attached patch as a security nmu to delayed/0
fixing this issue.
Best wishes,
Mike
[libxml2.patch (application/octet-stream, attachment)]
Reply sent
to Michael Gilbert <mgilbert@debian.org>:
You have taken responsibility.
(Wed, 23 May 2012 18:21:13 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Wed, 23 May 2012 18:21:13 GMT) (full text, mbox, link).
Message #15 received at 674191-close@bugs.debian.org (full text, mbox, reply):
Source: libxml2
Source-Version: 2.7.8.dfsg-9.1
We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive:
libxml2-dbg_2.7.8.dfsg-9.1_amd64.deb
to main/libx/libxml2/libxml2-dbg_2.7.8.dfsg-9.1_amd64.deb
libxml2-dev_2.7.8.dfsg-9.1_amd64.deb
to main/libx/libxml2/libxml2-dev_2.7.8.dfsg-9.1_amd64.deb
libxml2-doc_2.7.8.dfsg-9.1_all.deb
to main/libx/libxml2/libxml2-doc_2.7.8.dfsg-9.1_all.deb
libxml2-utils-dbg_2.7.8.dfsg-9.1_amd64.deb
to main/libx/libxml2/libxml2-utils-dbg_2.7.8.dfsg-9.1_amd64.deb
libxml2-utils_2.7.8.dfsg-9.1_amd64.deb
to main/libx/libxml2/libxml2-utils_2.7.8.dfsg-9.1_amd64.deb
libxml2_2.7.8.dfsg-9.1.debian.tar.gz
to main/libx/libxml2/libxml2_2.7.8.dfsg-9.1.debian.tar.gz
libxml2_2.7.8.dfsg-9.1.dsc
to main/libx/libxml2/libxml2_2.7.8.dfsg-9.1.dsc
libxml2_2.7.8.dfsg-9.1_amd64.deb
to main/libx/libxml2/libxml2_2.7.8.dfsg-9.1_amd64.deb
python-libxml2-dbg_2.7.8.dfsg-9.1_amd64.deb
to main/libx/libxml2/python-libxml2-dbg_2.7.8.dfsg-9.1_amd64.deb
python-libxml2_2.7.8.dfsg-9.1_amd64.deb
to main/libx/libxml2/python-libxml2_2.7.8.dfsg-9.1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 674191@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Gilbert <mgilbert@debian.org> (supplier of updated libxml2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 23 May 2012 13:48:52 -0400
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg
Architecture: source amd64 all
Version: 2.7.8.dfsg-9.1
Distribution: unstable
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description:
libxml2 - GNOME XML library
libxml2-dbg - Debugging symbols for the GNOME XML library
libxml2-dev - Development files for the GNOME XML library
libxml2-doc - Documentation for the GNOME XML library
libxml2-utils - XML utilities
libxml2-utils-dbg - XML utilities (debug extension)
python-libxml2 - Python bindings for the GNOME XML library
python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension)
Closes: 674191
Changes:
libxml2 (2.7.8.dfsg-9.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix cve-2012-3102: off by one poinnter access in xpointer.c
(closes: #674191).
Checksums-Sha1:
2e7f04b856ddba506bb5380dd8293aea43e1d3cb 3167 libxml2_2.7.8.dfsg-9.1.dsc
c619d5f655a7bc65088eb6a8434144c5cca02f08 34854 libxml2_2.7.8.dfsg-9.1.debian.tar.gz
c3a662d6491dfd2c2a850f40254a49727592f9e0 896518 libxml2_2.7.8.dfsg-9.1_amd64.deb
d3fe6908251791fddf6a54e3a0b8f14a7e2e8a67 94648 libxml2-utils_2.7.8.dfsg-9.1_amd64.deb
8e9da1c626a34048ccf0996bc1f07158140f7eec 124764 libxml2-utils-dbg_2.7.8.dfsg-9.1_amd64.deb
c43a713cff28477a47441480eb0ff4a0ec9f7965 857888 libxml2-dev_2.7.8.dfsg-9.1_amd64.deb
8e20d6e8722fe39586da0ba2cb4bb9bc37b9948b 1384180 libxml2-dbg_2.7.8.dfsg-9.1_amd64.deb
a7072af4c5ecb7297892bb496955281afbf4e259 1385950 libxml2-doc_2.7.8.dfsg-9.1_all.deb
b70f315b78ac83e491e2c214c43a78b4dcbf808a 344326 python-libxml2_2.7.8.dfsg-9.1_amd64.deb
7d46f37539a5182eccd07d75e1278094cc23b683 727382 python-libxml2-dbg_2.7.8.dfsg-9.1_amd64.deb
Checksums-Sha256:
48ed9a7d27bb04a3ea6ec9d4f54fa74e7db85706a19af2841655c9ee8fb221e5 3167 libxml2_2.7.8.dfsg-9.1.dsc
07a55eec8f19027163ab3d5c8ec0258bd2f9170d0ab674d3f9cf9bb423ef4277 34854 libxml2_2.7.8.dfsg-9.1.debian.tar.gz
9e3492f550f296f5dd8ec07f9e464e10145cb1cabba399522689c829352a0702 896518 libxml2_2.7.8.dfsg-9.1_amd64.deb
ebb28113335a08d01ccdef3ba0ff96db479e9a8eae682c6e544aad7014724525 94648 libxml2-utils_2.7.8.dfsg-9.1_amd64.deb
a9cfd4e26c35beaa305d26a706e61eb035b902111bcff85c6e81815bc154a974 124764 libxml2-utils-dbg_2.7.8.dfsg-9.1_amd64.deb
481c859796061510921a15263b0c6edb1b7aa31f11f4ae9430e6b9124bddcab2 857888 libxml2-dev_2.7.8.dfsg-9.1_amd64.deb
d857242c98c5d443ca7e89d5d155319b65c272b8199fc5e39035f8fdfc67e4f6 1384180 libxml2-dbg_2.7.8.dfsg-9.1_amd64.deb
0a592b9bfcbec845d73e1efe5855ba331277a5802228937515cb391b00268b22 1385950 libxml2-doc_2.7.8.dfsg-9.1_all.deb
eba487e173eb341b87ffbb4efcc313b3c4bdb00ebb956e7f69218449db439bd6 344326 python-libxml2_2.7.8.dfsg-9.1_amd64.deb
0f8afe7ffba04828cee6d35a129f863a05e5a9f267d783b910844a911215e01e 727382 python-libxml2-dbg_2.7.8.dfsg-9.1_amd64.deb
Files:
5c984923440dd1587411f8b9a99c5e97 3167 libs optional libxml2_2.7.8.dfsg-9.1.dsc
57fbc6ab8aeb779e59b1bde7d1939ef8 34854 libs optional libxml2_2.7.8.dfsg-9.1.debian.tar.gz
e157d76bed9b25077262a9ce98c96c17 896518 libs standard libxml2_2.7.8.dfsg-9.1_amd64.deb
a3312d4af1d6987556812c628154b478 94648 text optional libxml2-utils_2.7.8.dfsg-9.1_amd64.deb
e675abbd9e0d1cea9e4a7a154c0194d0 124764 debug extra libxml2-utils-dbg_2.7.8.dfsg-9.1_amd64.deb
fbe157e28bebe3c493696e3f1661da8e 857888 libdevel optional libxml2-dev_2.7.8.dfsg-9.1_amd64.deb
a36801b8d6ed64a05842bbdd70d1afa8 1384180 debug extra libxml2-dbg_2.7.8.dfsg-9.1_amd64.deb
cc28e11ff3fdbf7889d893b78249e9de 1385950 doc optional libxml2-doc_2.7.8.dfsg-9.1_all.deb
a9c0250ca92972416c0c05d9d5661596 344326 python optional python-libxml2_2.7.8.dfsg-9.1_amd64.deb
4ac4d3755dec95ffd547d880bb979a38 727382 debug extra python-libxml2-dbg_2.7.8.dfsg-9.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQQcBAEBCAAGBQJPvSW4AAoJELjWss0C1vRzLIogAJuZIG66uOvVCWP9Pdwy+Sbs
y63O9QsDPj1YoKbxCBh4YnqWBgHI4My2b6yGEPFkG3bp4gJbiOcINsG2D+CCLfzR
rvi/btWF0W1N3h4TbSozXxXzzl2I6NEOOBQLV86wnKDpX1DVE+43tV2KRmj6QclZ
j+U476YuEXVIyw3hvY6qCb6qKF1qyECbVMPKc2Lh4B2P9eKkAR1bfNl0gzSklFZN
Ww0rIRApickb+5cXHsaGe//Wk2aPlsj1XYJMraYUNF1h69kwp/MQzQy35xOomvIE
HdICeptc0hP6SJdtgUvsnrHqs3wvgS87MEGXmmyaqZ70UO7NtsRdfmFp8I2La//Q
voJKsvdqbrBCk1VNeJ8Sf2sV9Ik4dXt3rd8subhQZ0rqc42P8Z3euPD/j6qYyKAu
SMTv6ivu5CoIRYfXPORG+hHxctTCE0De/H6AOMBmA5HzPe5uXNUNlzk/Fk59GNtk
ukEpMNk19/h7S8VGZiuuSZ6c/tEKoOX5Xq+/ekqipOrpayEztKpxqkzaqt8FNTxf
9C4yinMtrgDHDaAM/Yd/1xajogzXHYQYqtsDZWj3hAVe36sd+2zd6yG7ap3JYXPX
pjICXiL65klixMkTpEw8SjaKmBCWXzfp16N0yyBS+5dV+Grgvf0kreC+lwt0dSK8
pcl954qG1TZceuWoO+g0DHSiW9BRJE3Wsq0bOJ5kIkdHnRvMkr/GBXu+WHiSXTk+
51p+/2STbzw+Upy3XwfPQHjf/5iZ/hKJuYhR2QUxVbIH4T+ZjiKnuMBhP+gFoiNr
sWkQ0KndId98MbiMbZPEDyGKB/SiDGppk4XfL7BGdYVHRwHOfnLXsHNbdgtdyrtY
LBkcyYZdSD1RgIJjyL2fkQXHq8Y9sHr+Ap1eJunqRdKLe9KgYA+Nw640L+Ai3FAu
sjmppjHgeJvBFYJyLBXS2Oofpsz+rtP8fw0ZqMxwTZLHn6T1FsmuZOos1YHXsy7z
lH7okbdmmwXY0KRThUZ8xDKQY+CQbmiw+F1jgXpfJI21bfX16SW3uV3snbOyuCzM
WZnGmbK23Ia9CpC900IWxkH8PAXNLwv9YzaJb75wCH0/w75NZ+VJn5YhMXy9TAOk
Z77OJAe8WLJVpydZrdbR9if85lfCissJ/Z9W8gIgwmDiKrKsWRMKvmpqD6NHn1Pi
npy2XLiLVP5NFTsu6HZuzB6JW/XUrXBklF8/aNZVnkGnkwNWk6eWMvwTeJmKZi9H
Jr2ZeS153cdfHokji8DwE0o2DWmxa0jeHItufaPIS9koWrYMGiakmDVwWKXgY77q
on6g9nO2NWJJt2jOwuqEYXtiu2WczgidlKWZuRGy7QXrsiCbyM4hr8ZgSQ4NY24=
=eSsl
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 21 Jun 2012 07:44:44 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:50:51 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon