Your message dated Wed, 28 Nov 2012 16:56:44 +0100 with message-id <50B6343C.9000206@thykier.net> and subject line Re: Bug#694636: unblock: libxml2/2.8.0+dfsg1-7 has caused the Debian Bug report #694636, regarding unblock: libxml2/2.8.0+dfsg1-7 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 694636: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694636 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: unblock: libxml2/2.8.0+dfsg1-7
- From: Aron Xu <happyaron.xu@gmail.com>
- Date: Wed, 28 Nov 2012 23:32:36 +0800
- Message-id: <[🔎] 20121128153235.GA13383@eleanor-desktop>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Please unblock libxml2/2.8.0+dfsg1-7, this fixes CVE-2012-5134, that's Bug #694521. -- Regards, Aron Xudiff -Nru libxml2-2.8.0+dfsg1/debian/changelog libxml2-2.8.0+dfsg1/debian/changelog --- libxml2-2.8.0+dfsg1/debian/changelog 2012-10-07 14:20:32.000000000 +0800 +++ libxml2-2.8.0+dfsg1/debian/changelog 2012-11-28 22:56:13.000000000 +0800 @@ -1,3 +1,11 @@ +libxml2 (2.8.0+dfsg1-7) unstable; urgency=low + + [ Daniel Veillard ] + * Fix potential out of bound access + CVE-2012-5134, Closes: #694521. + + -- Aron Xu <aron@debian.org> Wed, 28 Nov 2012 22:40:13 +0800 + libxml2 (2.8.0+dfsg1-6) unstable; urgency=low [ Daniel Veillard ] diff -Nru libxml2-2.8.0+dfsg1/debian/patches/0006-Fix-potential-out-of-bound-access.patch libxml2-2.8.0+dfsg1/debian/patches/0006-Fix-potential-out-of-bound-access.patch --- libxml2-2.8.0+dfsg1/debian/patches/0006-Fix-potential-out-of-bound-access.patch 1970-01-01 08:00:00.000000000 +0800 +++ libxml2-2.8.0+dfsg1/debian/patches/0006-Fix-potential-out-of-bound-access.patch 2012-11-28 22:56:13.000000000 +0800 @@ -0,0 +1,22 @@ +From: Daniel Veillard <veillard@redhat.com> +Date: Wed, 28 Nov 2012 22:38:50 +0800 +Subject: Fix potential out of bound access + +--- + parser.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/parser.c b/parser.c +index 9863275..e1b0364 100644 +--- a/parser.c ++++ b/parser.c +@@ -3932,7 +3932,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) { + c = CUR_CHAR(l); + } + if ((in_space) && (normalize)) { +- while (buf[len - 1] == 0x20) len--; ++ while ((len > 0) && (buf[len - 1] == 0x20)) len--; + } + buf[len] = 0; + if (RAW == '<') { +-- diff -Nru libxml2-2.8.0+dfsg1/debian/patches/series libxml2-2.8.0+dfsg1/debian/patches/series --- libxml2-2.8.0+dfsg1/debian/patches/series 2012-10-07 14:16:14.000000000 +0800 +++ libxml2-2.8.0+dfsg1/debian/patches/series 2012-11-28 22:56:13.000000000 +0800 @@ -3,3 +3,4 @@ 0003-Fix-parser-local-buffers-size-problems.patch 0004-Fix-entities-local-buffers-size-problems.patch 0005-Fix-a-failure-to-report-xmlreader-parsing-failures.patch +0006-Fix-potential-out-of-bound-access.patchAttachment: signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
- To: Aron Xu <happyaron.xu@gmail.com>, 694636-done@bugs.debian.org
- Subject: Re: Bug#694636: unblock: libxml2/2.8.0+dfsg1-7
- From: Niels Thykier <niels@thykier.net>
- Date: Wed, 28 Nov 2012 16:56:44 +0100
- Message-id: <50B6343C.9000206@thykier.net>
- In-reply-to: <[🔎] 20121128153235.GA13383@eleanor-desktop>
- References: <[🔎] 20121128153235.GA13383@eleanor-desktop>
On 2012-11-28 16:32, Aron Xu wrote: > Package: release.debian.org > Severity: normal > User: release.debian.org@packages.debian.org > Usertags: unblock > > Please unblock libxml2/2.8.0+dfsg1-7, this fixes CVE-2012-5134, that's > Bug #694521. > Unblocked, thanks. ~Niels
--- End Message ---