Bug#685584: marked as done (xml-light: CVE-2012-3514)

To: Mehdi Dogguy <mehdi@debian.org>
Subject: Bug#685584: marked as done (xml-light: CVE-2012-3514)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sat, 06 Oct 2012 12:03:11 +0000
Message-id: <handler.685584.D685584.134952494918769.ackdone@bugs.debian.org>
References: <E1TKT5P-0003iK-Ri@franck.debian.org> <20120822062346.7258.67125.reportbug@m25s06.vlinux.de>

Your message dated Sat, 06 Oct 2012 12:02:27 +0000
with message-id <E1TKT5P-0003iK-Ri@franck.debian.org>
and subject line Bug#685584: fixed in xml-light 2.2-15
has caused the Debian Bug report #685584,
regarding xml-light: CVE-2012-3514
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
685584: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685584
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: xml-light: CVE-2012-3514

From: Moritz Muehlenhoff <jmm@inutil.org>

Date: Wed, 22 Aug 2012 08:23:46 +0200

Message-id: <20120822062346.7258.67125.reportbug@m25s06.vlinux.de>
Package: xml-light
Severity: grave
Tags: security
Justification: user security hole

This was posted to oss-security:

--
Xml-Light has been moved to google code SVN here :
http://ocamllibs.googlecode.com/svn/trunk/xml-light/

I've applied a fix in r234 by using String Map instead of Hashtbl for
DTD proof.

Best,
Nicolas

Please use CVE-2012-3514 for this issue.
--

Cheers,
        Moritz
--- End Message ---

--- Begin Message ---

To: 685584-close@bugs.debian.org
Subject: Bug#685584: fixed in xml-light 2.2-15
From: Mehdi Dogguy <mehdi@debian.org>
Date: Sat, 06 Oct 2012 12:02:27 +0000
Message-id: <E1TKT5P-0003iK-Ri@franck.debian.org>

Source: xml-light
Source-Version: 2.2-15

We believe that the bug you reported is fixed in the latest version of
xml-light, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 685584@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mehdi Dogguy <mehdi@debian.org> (supplier of updated xml-light package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 05 Oct 2012 15:31:52 +0200
Source: xml-light
Binary: libxml-light-ocaml-dev libxml-light-ocaml
Architecture: source amd64
Version: 2.2-15
Distribution: unstable
Urgency: low
Maintainer: Debian OCaml Maintainers <debian-ocaml-maint@lists.debian.org>
Changed-By: Mehdi Dogguy <mehdi@debian.org>
Description: 
 libxml-light-ocaml - mininal XML parser and printer for OCaml (runtime package)
 libxml-light-ocaml-dev - mininal XML parser and printer for OCaml (development package)
Closes: 685584
Changes: 
 xml-light (2.2-15) unstable; urgency=low
 .
   [ Sylvain Le Gall ]
   * Remove Sylvain Le Gall from uploaders
 .
   [ Mehdi Dogguy ]
   * Fix CVE-2012-3514 (Closes: #685584).
     - add 06_CVE-2012-3514.diff
Checksums-Sha1: 
 2c3b67bb18200a39567a80b133cd829dd0a6c0e0 1736 xml-light_2.2-15.dsc
 5b36678e169e95b4ce3375cd9d4ac3d10d0290cf 6676 xml-light_2.2-15.debian.tar.gz
 12a8c2c14c8b7ecb2ee77cda6622899da688e389 63592 libxml-light-ocaml-dev_2.2-15_amd64.deb
 a6160a764d0b05c932abe07bfbd277abecd30eb3 53770 libxml-light-ocaml_2.2-15_amd64.deb
Checksums-Sha256: 
 8e2b45c41192f7a02fcc0914351a1253f8c5ac63cd1099df71544bbf90456c88 1736 xml-light_2.2-15.dsc
 8ab346775fbc264367f6a7815b42e958b11a6e916517e5c7166b7367b21739e9 6676 xml-light_2.2-15.debian.tar.gz
 f3eb2f4670de4a90c52db320946a5d289bce522bf02a3778a3938c03df017403 63592 libxml-light-ocaml-dev_2.2-15_amd64.deb
 93c3ff7ddb5c020d06f0ccf1d842228f6faa22972b57297d6e05a77865c14b3f 53770 libxml-light-ocaml_2.2-15_amd64.deb
Files: 
 d22d3e10b3d7d4d31bd57332b9337426 1736 ocaml optional xml-light_2.2-15.dsc
 f975e5824abc30a0d358d4ff51018dfe 6676 ocaml optional xml-light_2.2-15.debian.tar.gz
 f7d9504d1a11cf2319a73342299517f4 63592 ocaml optional libxml-light-ocaml-dev_2.2-15_amd64.deb
 68885b23ef8131faeee7389ef8e07539 53770 ocaml optional libxml-light-ocaml_2.2-15_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJQcBstAAoJEDe1GR0FRlJolw4H/267uJNxfxJU8d6Uod7NS54P
b130wqK56Kx2sOBiX+QUhPLMjP6Vx46j3zizq5kETrpUxvLdwn268FlkFpJEXS9k
OiJkqu7VEEXSfnzoJlds89yNgBUBqCPp2Q5tv2qnjURoK+yfV7IrIz5myZ1I0Wn+
nbr7mKQAdb11irsZwvwkrpsQ8wxM0mIZ+7a35omGG5OceC6mQ19tQQMvmDuFm1Dl
AfvRrWC9SwOXlxYqhlSJzYefiASRtAxrt5AorQceiDgYTPx0rS4lZFlJMQOxvjSM
xk2HTKXE1N+P0Ppbcs1UJOtkcw+PgvrThBPnJjLskRwohPnDeAhhyKtBAwV22aQ=
=NR5U
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#687651: dose3 source does not clean properly so cannot be built twice
Next by Date: Processing of xml-light_2.2-15_amd64.changes
Previous by thread: Bug#687651: dose3 source does not clean properly so cannot be built twice
Next by thread: Processing of xml-light_2.2-15_amd64.changes
Index(es):
- Date
- Thread