Debian Bug report logs -
#855001
CVE-2017-5969: libxml2: null pointer dereference when parsing a xml file using recover mode
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#855001; Package libxml2.
(Mon, 13 Feb 2017 04:54:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Henri Salo <henri@nerv.fi>:
New Bug report received and forwarded. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(Mon, 13 Feb 2017 04:54:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libxml2
Version: 2.9.4+dfsg1-2.2
Severity: important
Tags: security, upstream
https://bugzilla.gnome.org/show_bug.cgi?id=778519
http://www.openwall.com/lists/oss-security/2016/11/05/3
--
Henri Salo
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#855001; Package libxml2.
(Sat, 18 Nov 2017 15:51:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(Sat, 18 Nov 2017 15:51:03 GMT) (full text, mbox, link).
Message #12 received at 855001@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: tags 855001 + patch
Control: tags 855001 + pending
Control: tags 878684 + patch
Control: tags 878684 + pending
Control: tags 880000 + pending
Dear maintainer,
I've prepared an NMU for libxml2 (versioned as 2.9.4+dfsg1-5.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Regards,
Salvatore
[libxml2-2.9.4+dfsg1-5.1-nmu.diff (text/x-diff, attachment)]
Added tag(s) patch.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 855001-submit@bugs.debian.org.
(Sat, 18 Nov 2017 15:51:04 GMT) (full text, mbox, link).
Added tag(s) pending.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 855001-submit@bugs.debian.org.
(Sat, 18 Nov 2017 15:51:04 GMT) (full text, mbox, link).
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Sat, 18 Nov 2017 18:24:43 GMT) (full text, mbox, link).
Notification sent
to Henri Salo <henri@nerv.fi>:
Bug acknowledged by developer.
(Sat, 18 Nov 2017 18:24:43 GMT) (full text, mbox, link).
Message #21 received at 855001-close@bugs.debian.org (full text, mbox, reply):
Source: libxml2
Source-Version: 2.9.4+dfsg1-5.1
We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 855001@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated libxml2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 18 Nov 2017 16:39:04 +0100
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg python3-libxml2 python3-libxml2-dbg
Architecture: source
Version: 2.9.4+dfsg1-5.1
Distribution: unstable
Urgency: medium
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 855001 878684 880000
Description:
libxml2 - GNOME XML library
libxml2-dbg - Debugging symbols for the GNOME XML library
libxml2-dev - Development files for the GNOME XML library
libxml2-doc - Documentation for the GNOME XML library
libxml2-utils - XML utilities
python-libxml2 - Python bindings for the GNOME XML library
python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension)
python3-libxml2 - Python3 bindings for the GNOME XML library
python3-libxml2-dbg - Python3 bindings for the GNOME XML library (debug extension)
Changes:
libxml2 (2.9.4+dfsg1-5.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix NULL pointer deref in xmlDumpElementContent (CVE-2017-5969)
(Closes: #855001)
* Check for integer overflow in memory debug code (CVE-2017-5130)
(Closes: #880000)
* Fix copy-paste errors in error messages
* python: remove single use of _PyVerify_fd (Closes: #878684)
Checksums-Sha1:
871bb7ee1f4aa0a11266fdd521f00c03d8b2878e 3131 libxml2_2.9.4+dfsg1-5.1.dsc
e186b1e483df0dfe248dbb7e28c7304fa7d72a15 35444 libxml2_2.9.4+dfsg1-5.1.debian.tar.xz
Checksums-Sha256:
7a43531fcb67956df3973605720b02c09044594c9e7434edb80d336449557826 3131 libxml2_2.9.4+dfsg1-5.1.dsc
0a900d807f5de69cb27ddca74db8d6bb83d37abcdfee1c9b2f8a8ddb7ea028f4 35444 libxml2_2.9.4+dfsg1-5.1.debian.tar.xz
Files:
05e2a7b85132c0e38ecb5de2810559a5 3131 libs optional libxml2_2.9.4+dfsg1-5.1.dsc
64e57ddc61b367103a34e2be4046dd37 35444 libs optional libxml2_2.9.4+dfsg1-5.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAloQVdVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ESlUP/joLyjRmRfBsxlWpKahXcxQpFaxPQQr2
c2ywoT69WbXt+e4J6sUaY+B+/HM0Em4EjZNEkPOT/mpLEJCGARUm1BA1xNduTV/4
mqF6z3pKBPRRwXGYhGX6lDOc4dqgYMwtkYJmkJQSmePWrfgxETEcxExAyUU6+s/d
dxNcNq0qwgNHRU84sCDhYU6MBZnTfiWPkeH85ZEeaMbj2s4fIyxG0Yg6gEiihqrM
GYd7hfY6dLjSngf4PrWlUYJhByY8DYa5xlYjFYkeU3iZkbCXSM5DCzNI8RVUaycC
BxjKcI6u5lzkv5xc5CxMMuhlDl2fnJ7wFW5vsNAMbENNJxl4dKrB1Eu6ClMOfMO1
6+MME9wDF0II194DHMPBK7OOK6NnGoFI/v3Wh6PjDl2XgELw5UW8P52TvjLH7Qur
T+zBgQ//kOrpAQmtALk75OKu8hPaG+XA7O3rIgY/YlYLuX29ZIyGs9ZDvBBP857J
gi6Pgp0QpLuQz0Ytou6eCNeUZ+fZNvPFjhZbFlfXdwyI5IfSK33QqzbxaDfetkLS
9AKA0e7zfaYFSTZnqlXKZPNxigkmsFBmt48aPyjN+tBpqHluSi4EE+zTc6q/N+m1
fF1kyXW/+1tnISxLzL3VCBfi7z3FHqf1Fa8OjOfE/7C23QlvARrzidUiUw8Y3tca
GGNW9x5xRf58
=fiqk
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 22 Dec 2017 07:25:20 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:37:21 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon