Your message dated Tue, 10 May 2016 17:30:50 +0000
with message-id <[email protected]>
and subject line Bug#823863: fixed in xerces-c 3.1.3+debian-2
has caused the Debian Bug report #823863,
regarding xerces-c: CVE-2016-2099: use-after-free
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
823863: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823863
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: xerces-c
Version: 3.1.1-1
Severity: grave
Tags: security upstream patch
Forwarded: https://issues.apache.org/jira/browse/XERCESC-2066
Hi,
the following vulnerability was published for xerces-c.
CVE-2016-2099[0]:
use-after-free
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-2099
[1] https://issues.apache.org/jira/browse/XERCESC-2066
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: xerces-c
Source-Version: 3.1.3+debian-2
We believe that the bug you reported is fixed in the latest version of
xerces-c, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
William Blough <[email protected]> (supplier of updated xerces-c package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 10 May 2016 00:34:51 -0400
Source: xerces-c
Binary: libxerces-c3.1 libxerces-c-dev libxerces-c-doc libxerces-c-samples
Architecture: source
Version: 3.1.3+debian-2
Distribution: unstable
Urgency: medium
Maintainer: William Blough <[email protected]>
Changed-By: William Blough <[email protected]>
Description:
libxerces-c-dev - validating XML parser library for C++ (development files)
libxerces-c-doc - validating XML parser library for C++ (documentation)
libxerces-c-samples - validating XML parser library for C++ (compiled samples)
libxerces-c3.1 - validating XML parser library for C++
Closes: 823863
Changes:
xerces-c (3.1.3+debian-2) unstable; urgency=medium
.
* Fix CVE-2016-2099: Exception handling mistake in DTDScanner.
Closes: #823863
* Update standards version to 3.9.8 (no changes needed)
Checksums-Sha1:
a4a93e7e822ae36f8ecb711f5e1d071bc17e8fb4 2231 xerces-c_3.1.3+debian-2.dsc
267026e10adda0c48d367555827d66a002fa3c2f 21224
xerces-c_3.1.3+debian-2.debian.tar.xz
Checksums-Sha256:
6095444b27c7e69d99a59dd181acbe2e6c34a480e75076c057c1e93f31a70d29 2231
xerces-c_3.1.3+debian-2.dsc
b27cc0686bb2f3fd413baf7dfbc06ecff4a729d0853e4ff7269d192cce11a594 21224
xerces-c_3.1.3+debian-2.debian.tar.xz
Files:
e518a398333974f1c00ce2f6e9012275 2231 libs optional xerces-c_3.1.3+debian-2.dsc
f925df082d4e558da70776e8157eaf81 21224 libs optional
xerces-c_3.1.3+debian-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXMg2VAAoJEPNPCXROn13ZkP4QAJEnKnDpyDw51/V9qGShZKRm
SxJhxSICy+g4rFBth0nF51XzwobZWiGQfKPPh9w+iUdbDPQt8KcxvZ7ctBarucSV
4zBH4jNwzrPIM+nsco3bAut+cJN59O0ik3gfY10WzNNSrw77ytofgAEiy6TJSNI0
b3GAP3Imj+/PWGGODDRKOGVWWHhGanvnAbmGhtRAXo+SrM+rYidl/TEsvEsx01Xc
/zH8SbzVD4XZekCSztR7hZElh69T7+MWaPzhOsp+MOEwNt+H2aizR8SdoTLkwBeo
q5Ms6L4rHMs70TlzF9+1HJocT1mVhQddrEIWcu2/jK3/DnKUJPwRbECx2x7F3byS
NfCNTMq0zsgwqXl80RgI3gJbvqgu8Q0fd6oE3wNy/5JqufcWcjkEO+E/gB8b7utN
/fFrkLN2/FY9gH7bH8ELfPOwK3IsH2Kt5DWIUpNoIWRFXI7h1kPxVNCx1Haoh3ju
+4BQNH/WiR8EcQzk6pdTuNJDZbUm62yVmmlRC59rBl5LwGpEg+EaaanL5lhULt6s
PlyBTQyJNg9c6diKc1J2EsoyhThmY75BrIHDakaviscJBGLn18TeoC+vcCI3+mPq
MTn9XCOLaVOdLNIwP9/TGdf0Tyuvmbsql0IVY0mwj5sCxYSqM7ljoWekQ5HyrQUT
w/Xd1Is+SF1YtDf4h0Fa
=DN8C
-----END PGP SIGNATURE-----
--- End Message ---
