Your message dated Wed, 04 Nov 2009 01:32:18 +0000
with message-id <e1n5ujs-00050n...@ries.debian.org>
and subject line Bug#551936: fixed in expat 2.0.1-5
has caused the Debian Bug report #551936,
regarding expat: CVE-2009-2625
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
551936: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551936
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
package: expat
version: 1.95.8-3
severity: serious
tags: security
hello, a security issue has been disclosed for expat. see [0],[1].
this affects all supported debian releases, so please coordinate with
the security team to prepare DSAs.
mike
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625
[1] https://bugs.gentoo.org/show_bug.cgi?id=280615
--- End Message ---
--- Begin Message ---
Source: expat
Source-Version: 2.0.1-5
We believe that the bug you reported is fixed in the latest version of
expat, which is due to be installed in the Debian FTP archive:
expat_2.0.1-5.diff.gz
to main/e/expat/expat_2.0.1-5.diff.gz
expat_2.0.1-5.dsc
to main/e/expat/expat_2.0.1-5.dsc
expat_2.0.1-5_amd64.deb
to main/e/expat/expat_2.0.1-5_amd64.deb
libexpat1-dev_2.0.1-5_amd64.deb
to main/e/expat/libexpat1-dev_2.0.1-5_amd64.deb
libexpat1-udeb_2.0.1-5_amd64.udeb
to main/e/expat/libexpat1-udeb_2.0.1-5_amd64.udeb
libexpat1_2.0.1-5_amd64.deb
to main/e/expat/libexpat1_2.0.1-5_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 551...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Leidert (dale) <daniel.leid...@wgdd.de> (supplier of updated expat
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 03 Nov 2009 22:41:38 +0100
Source: expat
Binary: lib64expat1-dev lib64expat1 libexpat1-dev libexpat1 libexpat1-udeb expat
Architecture: source amd64
Version: 2.0.1-5
Distribution: unstable
Urgency: medium
Maintainer: Debian XML/SGML Group <debian-xml-sgml-p...@lists.alioth.debian.org>
Changed-By: Daniel Leidert (dale) <daniel.leid...@wgdd.de>
Description:
expat - XML parsing C library - example application
lib64expat1 - XML parsing C library - runtime library (64bit)
lib64expat1-dev - XML parsing C library - development kit (64bit)
libexpat1 - XML parsing C library - runtime library
libexpat1-dev - XML parsing C library - development kit
libexpat1-udeb - XML parsing C library - runtime library (udeb)
Closes: 551079 551936
Changes:
expat (2.0.1-5) unstable; urgency=medium
.
* debian/control (Standards-Version): Bumped to 3.8.3.
(Priority, Section): Fixed binary-control-field-duplicates-source.
(Description): Fixed extended-description-is-probably-too-short and
duplicate-long-description.
* debian/rules (CFLAGS): Drop useless '-pthread -D_REENTRANT' from version
1.95-8-1 (closes: #551079).
* debian/README.source: Added for policy compliance.
* debian/patches/551936_CVE_2009_2625.dpatch: Added.
- lib/xmltok_impl.c (updatePosition): Fix DoS vulnerability CVE-2009-2625
(closes: #551936).
* debian/patches/00list: Adjusted.
Checksums-Sha1:
191fc64f41f122338db27baa49f32499d1203b65 1418 expat_2.0.1-5.dsc
2c3ae13b6c1312fe618fe9ba3ee82946999d82b4 133746 expat_2.0.1-5.diff.gz
5ae92c235cd43390cc285127bade6a0ab0bba678 223424 libexpat1-dev_2.0.1-5_amd64.deb
0b0e0784b7404bb63a62b110c9c57627fcdbe4b7 135480 libexpat1_2.0.1-5_amd64.deb
8787186f113ed1f783f78062f6c39336e99060fc 62350
libexpat1-udeb_2.0.1-5_amd64.udeb
f7eda87cf4d2557c59fa014d899235f87ef0f68d 23878 expat_2.0.1-5_amd64.deb
Checksums-Sha256:
4c4439415f2f2e3aaddfbe372e18025b82f71365f169ba15b7a4f7634570a403 1418
expat_2.0.1-5.dsc
fbcc8e540c6a1f2cdba31b20d10ff6253b9525641f32e6acf507eda98a0f2204 133746
expat_2.0.1-5.diff.gz
424a7ef785b8f8087e6be536f4620c61a218507fe2211c696f7df3ef26d38671 223424
libexpat1-dev_2.0.1-5_amd64.deb
218da3aba042af05bd2b4e11085d55724f9b9a469812f50b6c48cb27fe28e9c0 135480
libexpat1_2.0.1-5_amd64.deb
fbe0486762a397fdda63acb851a35da0c651207075040c10b243b9a1852d04fc 62350
libexpat1-udeb_2.0.1-5_amd64.udeb
43facd52ef9587800869ddf0d3ea66104640bc53e4f0c6ee918b1aa45eddc4c3 23878
expat_2.0.1-5_amd64.deb
Files:
fd3b353c53d500d84665262f2fdee8c0 1418 text optional expat_2.0.1-5.dsc
b992b69e77a7bb9eb7a62a7b851c80f6 133746 text optional expat_2.0.1-5.diff.gz
c688ea7137c2244607e8072e446cb380 223424 libdevel optional
libexpat1-dev_2.0.1-5_amd64.deb
92be45942a41bb79b21289d0528c070b 135480 libs optional
libexpat1_2.0.1-5_amd64.deb
7cfb0f54c431d5aed3eaaed998dafbc6 62350 debian-installer extra
libexpat1-udeb_2.0.1-5_amd64.udeb
585c73f25ec6eb1b280846e5a86d8f38 23878 text optional expat_2.0.1-5_amd64.deb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkrwpIYACgkQm0bx+wiPa4ydqwCglVN6oY4NQCM/lI4qlkK/1RmZ
2OgAoM/roHFrdvEpZ8tGrX/mMDk8aPWu
=6jpE
-----END PGP SIGNATURE-----
--- End Message ---
