Bug#705691: marked as done (ITP: defusedxml -- XML bomb protection for Python stdlib modules)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Fri, 19 Apr 2013 15:00:09 +0000
with message-id <E1UTCnJ-0000oO-SJ@franck.debian.org>
and subject line Bug#705691: fixed in defusedxml 0.4.1-1
has caused the Debian Bug report #705691,
regarding ITP: defusedxml -- XML bomb protection for Python stdlib modules
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
705691: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705691
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: ITP: defusedxml -- XML bomb protection for Python stdlib modules
• From: Luke Faraone <lfaraone@debian.org>
• Date: Thu, 18 Apr 2013 11:46:19 -0400
• Message-id: <[🔎] 20130418154619.27128.72164.reportbug@COBALT.MIT.EDU>

Package: wnpp
Severity: wishlist
Owner: Luke Faraone <lfaraone@debian.org>

* Package name    : defusedxml
  Version         : 0.4.1
  Upstream Author : Christian Heimes <christian@python.org>
* URL             : https://pypi.python.org/pypi/defusedxml
* License         : Python
  Programming Lang: Python
  Description     : XML bomb protection for Python stdlib modules

The results of an attack on a vulnerable XML library can be fairly dramatic.
With just a few hundred bytes of XML data an attacker can occupy several
gigabytes of memory within seconds. An attacker can also keep
CPUs busy for a long time with a small to medium size request.

This library allows for XML to be parsed in a manner that avoids these
pitfalls.

--- End Message ---

--- Begin Message ---

• To: 705691-close@bugs.debian.org
• Subject: Bug#705691: fixed in defusedxml 0.4.1-1
• From: Luke Faraone <lfaraone@debian.org>
• Date: Fri, 19 Apr 2013 15:00:09 +0000
• Message-id: <E1UTCnJ-0000oO-SJ@franck.debian.org>

Source: defusedxml
Source-Version: 0.4.1-1

We believe that the bug you reported is fixed in the latest version of
defusedxml, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 705691@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luke Faraone <lfaraone@debian.org> (supplier of updated defusedxml package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 18 Apr 2013 11:15:53 -0400
Source: defusedxml
Binary: python-defusedxml
Architecture: source all
Version: 0.4.1-1
Distribution: unstable
Urgency: low
Maintainer: Debian Python Modules Packaging Team <python-modules-team@lists.alioth.debian.org>
Changed-By: Luke Faraone <lfaraone@debian.org>
Description: 
 python-defusedxml - XML bomb protection for Python stdlib modules
Closes: 705691
Changes: 
 defusedxml (0.4.1-1) unstable; urgency=low
 .
   * Initial release. (Closes: #705691)
Checksums-Sha1: 
 357fcd932b6db546f982bb4165d91ffc64078bcf 2028 defusedxml_0.4.1-1.dsc
 762ba44d849c0de9c99980be5137a163291d02b5 48889 defusedxml_0.4.1.orig.tar.gz
 245b704caf0d6017b7065d3bf326ae9272075010 2479 defusedxml_0.4.1-1.debian.tar.gz
 9a3cc3e3d683f8189a3be1696c615f638617eb07 46486 python-defusedxml_0.4.1-1_all.deb
Checksums-Sha256: 
 f5f7af616e4ab67caedc9b6067863c2bf4a6f27e25dbca68839e2105fa5aef4e 2028 defusedxml_0.4.1-1.dsc
 cd551d5a518b745407635bb85116eb813818ecaf182e773c35b36239fc3f2478 48889 defusedxml_0.4.1.orig.tar.gz
 90a8394c4642971e4cb7522b17411c58e7d36dd810f17d7ebe4787a11882d10b 2479 defusedxml_0.4.1-1.debian.tar.gz
 4ba8ab01a3771fe812ab4ccf1e74305e8612122b73c455e156cbdaec5f7260ee 46486 python-defusedxml_0.4.1-1_all.deb
Files: 
 5a7c4c930ff93b457227c2834f07b243 2028 python optional defusedxml_0.4.1-1.dsc
 230a5eff64f878b392478e30376d673a 48889 python optional defusedxml_0.4.1.orig.tar.gz
 88ec6cb26afe44479ea027ef8e23544f 2479 python optional defusedxml_0.4.1-1.debian.tar.gz
 638534a8e5165a03f330191f8051fcdb 46486 python optional python-defusedxml_0.4.1-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJRcBdwAAoJEJcyXdj5/dUGsWMQAIThRIG6D1y0UMtbjjl3dIDl
IY8PwsBrpcfYwb4mFved+/xq3HBnqLHpgHt9Ycw4yW2MDcMghb/Hlmr26KR3op/9
x0ho/D495RUT+rVimtNIpB6LMJc3CGUXpJ/aKz43bNczoH4sdHFHC1GWcv2OYId/
WCIqq9zMT89Kkc21wEd/uMCeWssPhuDxPfqEndcvX20xHX+uLCkmtE1ebbmAgOUB
aQTADDkjjju3QJD6qDXdlHUpo4h/ceiC9KXe3rP01w7TgiP0SEeNTdf0BfRgSwWQ
trjlLgd1t3Tu+I/bexsXHEM4fkFFv6RjtpsQxPrg25U3gg0gtkOA+tk3gEDl+1eK
oS8pJ4mO6fOkZjptMeEujNl0bWzxbu+CU9kccNxPnX3iW1D6GejBAHvP+rfPzBL/
TnD3yd2gerakBvFKkEXMiVFZrxgbjC/oryOtH4NCynsqLNkoBRkavEvRAch9pRLe
aF5+GLlPU0JV0L3QTrrZus4Tk6zT0g7UdHMIVs6tFi1go21iMxBr01QNOfy5qjiU
yKBy3P8DHh4mazIIlTCE2s6f5mj3PIwIqU1dzyOOxS12e6NcxxS0gBClrfdRvn8n
Xb/xbwFuh/Xdcm8HE+r06+vWpcYSHQIjAxBgXo/4PQPXfqATA1S9QjBn7GeQ4eW+
D7HyzgiXcRjtlYkWQIye
=G0M1
-----END PGP SIGNATURE-----

--- End Message ---