Debian Bug report logs - #628537
libxml2: overflow issues

version graph

Package: libxml2; Maintainer for libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>; Source for libxml2 is src:libxml2.

Reported by: Michael Gilbert <michael.s.gilbert@gmail.com>

Date: Sun, 29 May 2011 23:03:02 UTC

Severity: serious

Found in version libxml2/2.7.8.dfsg-2

Fixed in versions libxml2/2.7.8.dfsg-3, libxml2/2.6.32.dfsg-5+lenny4, libxml2/2.7.8.dfsg-2+squeeze1

Done: Mike Hommey <glandium@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#628537; Package libxml2. (Sun, 29 May 2011 23:03:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
New Bug report received and forwarded. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>. (Sun, 29 May 2011 23:03:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Michael Gilbert <michael.s.gilbert@gmail.com>
To: submit@bugs.debian.org
Subject: libxml2: overflow issues
Date: Sun, 29 May 2011 19:00:23 -0400
package: libxml2
version: 2.7.8.dfsg-2
severity: serious
tag: security

some overflow issues were disclosed for libxml2.  see:
http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html

best wishes,
mike




Information forwarded to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#628537; Package libxml2. (Sat, 04 Jun 2011 01:51:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mike Hommey <mh@glandium.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>. (Sat, 04 Jun 2011 01:51:03 GMT) Full text and rfc822 format available.

Message #10 received at 628537@bugs.debian.org (full text, mbox):

From: Mike Hommey <mh@glandium.org>
To: Michael Gilbert <michael.s.gilbert@gmail.com>, 628537@bugs.debian.org, team@security.debian.org
Subject: Re: [xml/sgml-pkgs] Bug#628537: libxml2: overflow issues
Date: Sat, 4 Jun 2011 03:47:02 +0200
On Sun, May 29, 2011 at 07:00:23PM -0400, Michael Gilbert wrote:
> package: libxml2
> version: 2.7.8.dfsg-2
> severity: serious
> tag: security
> 
> some overflow issues were disclosed for libxml2.  see:
> http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html

I prepared an update for lenny, squeeze and unstable and will proceed
with the upload to unstable soon. May I proceed for squeeze and lenny?
Do I need to do a source-full build for squeeze ? (I think I do, but I
think it'd be fine for lenny which already received security updates)

Mike




Reply sent to Mike Hommey <glandium@debian.org>:
You have taken responsibility. (Sat, 04 Jun 2011 02:54:05 GMT) Full text and rfc822 format available.

Notification sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer. (Sat, 04 Jun 2011 02:54:05 GMT) Full text and rfc822 format available.

Message #15 received at 628537-close@bugs.debian.org (full text, mbox):

From: Mike Hommey <glandium@debian.org>
To: 628537-close@bugs.debian.org
Subject: Bug#628537: fixed in libxml2 2.7.8.dfsg-3
Date: Sat, 04 Jun 2011 02:52:18 +0000
Source: libxml2
Source-Version: 2.7.8.dfsg-3

We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive:

libxml2-dbg_2.7.8.dfsg-3_amd64.deb
  to main/libx/libxml2/libxml2-dbg_2.7.8.dfsg-3_amd64.deb
libxml2-dev_2.7.8.dfsg-3_amd64.deb
  to main/libx/libxml2/libxml2-dev_2.7.8.dfsg-3_amd64.deb
libxml2-doc_2.7.8.dfsg-3_all.deb
  to main/libx/libxml2/libxml2-doc_2.7.8.dfsg-3_all.deb
libxml2-utils_2.7.8.dfsg-3_amd64.deb
  to main/libx/libxml2/libxml2-utils_2.7.8.dfsg-3_amd64.deb
libxml2_2.7.8.dfsg-3.diff.gz
  to main/libx/libxml2/libxml2_2.7.8.dfsg-3.diff.gz
libxml2_2.7.8.dfsg-3.dsc
  to main/libx/libxml2/libxml2_2.7.8.dfsg-3.dsc
libxml2_2.7.8.dfsg-3_amd64.deb
  to main/libx/libxml2/libxml2_2.7.8.dfsg-3_amd64.deb
python-libxml2-dbg_2.7.8.dfsg-3_amd64.deb
  to main/libx/libxml2/python-libxml2-dbg_2.7.8.dfsg-3_amd64.deb
python-libxml2_2.7.8.dfsg-3_amd64.deb
  to main/libx/libxml2/python-libxml2_2.7.8.dfsg-3_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 628537@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Hommey <glandium@debian.org> (supplier of updated libxml2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 04 Jun 2011 10:40:39 +0900
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg
Architecture: source amd64 all
Version: 2.7.8.dfsg-3
Distribution: unstable
Urgency: low
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Mike Hommey <glandium@debian.org>
Description: 
 libxml2    - GNOME XML library
 libxml2-dbg - Debugging symbols for the GNOME XML library
 libxml2-dev - Development files for the GNOME XML library
 libxml2-doc - Documentation for the GNOME XML library
 libxml2-utils - XML utilities
 python-libxml2 - Python bindings for the GNOME XML library
 python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension)
Closes: 628537
Changes: 
 libxml2 (2.7.8.dfsg-3) unstable; urgency=low
 .
   * xpath.c: Fix some potential problems on reallocation failures.
     Closes: #628537.
Checksums-Sha1: 
 7c46c4d28e35797a2a1dcd335f7fa47e82a9fb0c 2150 libxml2_2.7.8.dfsg-3.dsc
 7f8ea8ca5ad328ddbdea6cea79805808429eb975 117800 libxml2_2.7.8.dfsg-3.diff.gz
 19224520e1d50069afe7fc4a131dccc77e3776d0 889754 libxml2_2.7.8.dfsg-3_amd64.deb
 aedde7f5ba342007244aabe61003446e806efb5f 92678 libxml2-utils_2.7.8.dfsg-3_amd64.deb
 a379a15f3acf8c3dff6fa300c9cd18f76e0b5fcb 851238 libxml2-dev_2.7.8.dfsg-3_amd64.deb
 6989709287f8446b473e4337af141c6dee9b4e17 1117564 libxml2-dbg_2.7.8.dfsg-3_amd64.deb
 f29b6c67ab0375e92ef95c0ffe908ee4ad622013 1344098 libxml2-doc_2.7.8.dfsg-3_all.deb
 13021be3bd62d6c43a7854b671e2261dc213e997 339224 python-libxml2_2.7.8.dfsg-3_amd64.deb
 6a025b26ecfea46ca8a6a19f22cfdae6734afb92 854356 python-libxml2-dbg_2.7.8.dfsg-3_amd64.deb
Checksums-Sha256: 
 eb2f4d8ef45fa5629d8fff44d36207830f026b2c7b1c4e08625997b8bd763da9 2150 libxml2_2.7.8.dfsg-3.dsc
 ea0761998dae7fa143fcf5c087912216f02ee57b0ae15991ebf1976b5d1dba06 117800 libxml2_2.7.8.dfsg-3.diff.gz
 6749bc830cc449e0956f50b649757ef6a10f6ffed9bfa6b584c4e995a69a5329 889754 libxml2_2.7.8.dfsg-3_amd64.deb
 f6a5f97d3417433f9d7df36cc369631676e46e6afed3fd2b75d5a48a8aed18ba 92678 libxml2-utils_2.7.8.dfsg-3_amd64.deb
 2883a841f326c0a56af73b1162f9755d75f227b033a6247b71e0eb0e49fe76c7 851238 libxml2-dev_2.7.8.dfsg-3_amd64.deb
 b933e77c88ba78926f21d79e78950c3726d9105c8294b1b013aa8511798571fb 1117564 libxml2-dbg_2.7.8.dfsg-3_amd64.deb
 3314cc883c1e18d2a6b89a161a8ac3389dda7dcd5c9c596b411a108d2270e447 1344098 libxml2-doc_2.7.8.dfsg-3_all.deb
 84ed4cf86db6897452f6dbb9387f6b7c7005e2bd99a6e9cef27c610a5522bf01 339224 python-libxml2_2.7.8.dfsg-3_amd64.deb
 5ff92f68cc7d8501a758c153d3ff2a3f659ba04253ec6de0bb7b17e64596e2b9 854356 python-libxml2-dbg_2.7.8.dfsg-3_amd64.deb
Files: 
 185e323fbeafaa1a4c0dc6a04846beb2 2150 libs optional libxml2_2.7.8.dfsg-3.dsc
 c1931b2fb300ab9971dadfd79c02ad48 117800 libs optional libxml2_2.7.8.dfsg-3.diff.gz
 92f1cbdb8aaebbca7ec9694809e8f438 889754 libs standard libxml2_2.7.8.dfsg-3_amd64.deb
 ece1501b75d79dddc07a48af5e6714b2 92678 text optional libxml2-utils_2.7.8.dfsg-3_amd64.deb
 c57b4355db1af86712fe41ae16789d76 851238 libdevel optional libxml2-dev_2.7.8.dfsg-3_amd64.deb
 45d731c6eb9a6bb7d4768acd0cb8fbdd 1117564 debug extra libxml2-dbg_2.7.8.dfsg-3_amd64.deb
 a8267689734956ae7fbb6d673c9c4c92 1344098 doc optional libxml2-doc_2.7.8.dfsg-3_all.deb
 5c3e8025c406d7149c594b758829e36d 339224 python optional python-libxml2_2.7.8.dfsg-3_amd64.deb
 42d64b003543b16b0ea254b73086ec54 854356 debug extra python-libxml2-dbg_2.7.8.dfsg-3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIVAwUBTemOyOQqoE+mqoxyAQiXDhAAoHMIIyVFL04aBqftfGC46NDTVuJekTRB
COHfRB2xf1Vz/LIth3BGHlwkq3uOaDbZNcf6pMjXF3RRhvhkLvnxrjINbGJA38RT
5asvZe1/cXAB6cho+2lb4zKeMT9sV+bWkTWj0h+Mf3wBB5257J7UTwU9bMZdP2Cc
whcoie4+khL/efTUU0bLG+Lu8YUHgOxIDGSkbxF/HismYy6Z5pjn8g22zO+tulY7
ytq6jhUHIvs/dR5o1H0EXd9OW6Y0BYEqEWRDrk0DONbJZnXWbmRjtV6NGpH1qPMn
j4Fg3kAPRFzuuPQP5KvwUDAkRk1tSykok7hQjH2D95/yuz4sYuyWcXY5glXVCj35
5N3VPpi7fvYqoQqdCRGQNd77ZayQXLkavF9EXaHwbHRU110j8XV3Ro17OMAHfhd+
KCpy9/2/egNaeDyVodOI36MykUJEr0n26+19eCRnrPiMN22ii+UDRSZwX+F434k/
R87lL+J0XX9Ob9T0Njg1sR2PpFtwf4+HVdOSokaGSxZxAyRJTx/3/oaqDP48yqpH
QK3MOu0C/YrpSYs+1oqo7CTSfv0BHjz6H060dqKQev88rIrnVfwCrCkcsDH24/R6
YoEAwvuzOD1uwgB1Q+pzV9EIzmLKIGFfCytiyfvbOkQu5ajftrDwrrnb74zu2wCt
IrW5a/MxVM8=
=x10N
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#628537; Package libxml2. (Sat, 04 Jun 2011 05:57:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Thijs Kinkhorst" <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>. (Sat, 04 Jun 2011 05:57:04 GMT) Full text and rfc822 format available.

Message #20 received at 628537@bugs.debian.org (full text, mbox):

From: "Thijs Kinkhorst" <thijs@debian.org>
To: "Mike Hommey" <mh@glandium.org>
Cc: "Michael Gilbert" <michael.s.gilbert@gmail.com>, 628537@bugs.debian.org, team@security.debian.org
Subject: Re: [xml/sgml-pkgs] Bug#628537: libxml2: overflow issues
Date: Sat, 4 Jun 2011 07:46:25 +0200
Hi Mike,

On Sat, June 4, 2011 03:47, Mike Hommey wrote:
> On Sun, May 29, 2011 at 07:00:23PM -0400, Michael Gilbert wrote:
>> package: libxml2
>> version: 2.7.8.dfsg-2
>> severity: serious
>> tag: security
>>
>> some overflow issues were disclosed for libxml2.  see:
>> http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html
>
> I prepared an update for lenny, squeeze and unstable and will proceed
> with the upload to unstable soon. May I proceed for squeeze and lenny?

Thanks. We'd prefer to see the debdiffs before you upload.

> Do I need to do a source-full build for squeeze ? (I think I do, but I
> think it'd be fine for lenny which already received security updates)

Correct indeed: source-full for squeeze, sourceless for lenny.


Cheers,
Thijs




Information forwarded to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#628537; Package libxml2. (Sat, 04 Jun 2011 05:57:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mike Hommey <mh@glandium.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>. (Sat, 04 Jun 2011 05:57:06 GMT) Full text and rfc822 format available.

Message #25 received at 628537@bugs.debian.org (full text, mbox):

From: Mike Hommey <mh@glandium.org>
To: Thijs Kinkhorst <thijs@debian.org>
Cc: Michael Gilbert <michael.s.gilbert@gmail.com>, 628537@bugs.debian.org, team@security.debian.org
Subject: Re: [xml/sgml-pkgs] Bug#628537: libxml2: overflow issues
Date: Sat, 4 Jun 2011 07:53:53 +0200
[Message part 1 (text/plain, inline)]
On Sat, Jun 04, 2011 at 07:46:25AM +0200, Thijs Kinkhorst wrote:
> Hi Mike,
> 
> On Sat, June 4, 2011 03:47, Mike Hommey wrote:
> > On Sun, May 29, 2011 at 07:00:23PM -0400, Michael Gilbert wrote:
> >> package: libxml2
> >> version: 2.7.8.dfsg-2
> >> severity: serious
> >> tag: security
> >>
> >> some overflow issues were disclosed for libxml2.  see:
> >> http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html
> >
> > I prepared an update for lenny, squeeze and unstable and will proceed
> > with the upload to unstable soon. May I proceed for squeeze and lenny?
> 
> Thanks. We'd prefer to see the debdiffs before you upload.

Attached.

Mike
[lenny.diff (text/x-diff, attachment)]
[squeeze.diff (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#628537; Package libxml2. (Sat, 04 Jun 2011 06:21:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Thijs Kinkhorst" <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>. (Sat, 04 Jun 2011 06:21:05 GMT) Full text and rfc822 format available.

Message #30 received at 628537@bugs.debian.org (full text, mbox):

From: "Thijs Kinkhorst" <thijs@debian.org>
To: "Mike Hommey" <mh@glandium.org>
Cc: "Michael Gilbert" <michael.s.gilbert@gmail.com>, 628537@bugs.debian.org, team@security.debian.org
Subject: Re: [xml/sgml-pkgs] Bug#628537: libxml2: overflow issues
Date: Sat, 4 Jun 2011 08:17:48 +0200
On Sat, June 4, 2011 07:53, Mike Hommey wrote:
> On Sat, Jun 04, 2011 at 07:46:25AM +0200, Thijs Kinkhorst wrote:
>> Hi Mike,
>>
>> On Sat, June 4, 2011 03:47, Mike Hommey wrote:
>> > On Sun, May 29, 2011 at 07:00:23PM -0400, Michael Gilbert wrote:
>> >> package: libxml2
>> >> version: 2.7.8.dfsg-2
>> >> severity: serious
>> >> tag: security
>> >>
>> >> some overflow issues were disclosed for libxml2.  see:
>> >> http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html
>> >
>> > I prepared an update for lenny, squeeze and unstable and will proceed
>> > with the upload to unstable soon. May I proceed for squeeze and lenny?
>>
>> Thanks. We'd prefer to see the debdiffs before you upload.
>
> Attached.

Great. Please upload to security-master so that the buildd's can have
their go at it.


Thijs




Information forwarded to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#628537; Package libxml2. (Sat, 04 Jun 2011 07:30:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mike Hommey <mh@glandium.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>. (Sat, 04 Jun 2011 07:30:07 GMT) Full text and rfc822 format available.

Message #35 received at 628537@bugs.debian.org (full text, mbox):

From: Mike Hommey <mh@glandium.org>
To: Thijs Kinkhorst <thijs@debian.org>
Cc: Michael Gilbert <michael.s.gilbert@gmail.com>, 628537@bugs.debian.org, team@security.debian.org
Subject: Re: [xml/sgml-pkgs] Bug#628537: libxml2: overflow issues
Date: Sat, 4 Jun 2011 09:26:10 +0200
On Sat, Jun 04, 2011 at 08:17:48AM +0200, Thijs Kinkhorst wrote:
> On Sat, June 4, 2011 07:53, Mike Hommey wrote:
> > On Sat, Jun 04, 2011 at 07:46:25AM +0200, Thijs Kinkhorst wrote:
> >> Hi Mike,
> >>
> >> On Sat, June 4, 2011 03:47, Mike Hommey wrote:
> >> > On Sun, May 29, 2011 at 07:00:23PM -0400, Michael Gilbert wrote:
> >> >> package: libxml2
> >> >> version: 2.7.8.dfsg-2
> >> >> severity: serious
> >> >> tag: security
> >> >>
> >> >> some overflow issues were disclosed for libxml2.  see:
> >> >> http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html
> >> >
> >> > I prepared an update for lenny, squeeze and unstable and will proceed
> >> > with the upload to unstable soon. May I proceed for squeeze and lenny?
> >>
> >> Thanks. We'd prefer to see the debdiffs before you upload.
> >
> > Attached.
> 
> Great. Please upload to security-master so that the buildd's can have
> their go at it.

Uploaded.

Mike




Reply sent to Mike Hommey <glandium@debian.org>:
You have taken responsibility. (Wed, 08 Jun 2011 01:57:16 GMT) Full text and rfc822 format available.

Notification sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer. (Wed, 08 Jun 2011 01:57:17 GMT) Full text and rfc822 format available.

Message #40 received at 628537-close@bugs.debian.org (full text, mbox):

From: Mike Hommey <glandium@debian.org>
To: 628537-close@bugs.debian.org
Subject: Bug#628537: fixed in libxml2 2.6.32.dfsg-5+lenny4
Date: Wed, 08 Jun 2011 01:54:52 +0000
Source: libxml2
Source-Version: 2.6.32.dfsg-5+lenny4

We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive:

libxml2-dbg_2.6.32.dfsg-5+lenny4_amd64.deb
  to main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny4_amd64.deb
libxml2-dev_2.6.32.dfsg-5+lenny4_amd64.deb
  to main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny4_amd64.deb
libxml2-doc_2.6.32.dfsg-5+lenny4_all.deb
  to main/libx/libxml2/libxml2-doc_2.6.32.dfsg-5+lenny4_all.deb
libxml2-utils_2.6.32.dfsg-5+lenny4_amd64.deb
  to main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny4_amd64.deb
libxml2_2.6.32.dfsg-5+lenny4.diff.gz
  to main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny4.diff.gz
libxml2_2.6.32.dfsg-5+lenny4.dsc
  to main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny4.dsc
libxml2_2.6.32.dfsg-5+lenny4_amd64.deb
  to main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny4_amd64.deb
python-libxml2_2.6.32.dfsg-5+lenny4_amd64.deb
  to main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny4_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 628537@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Hommey <glandium@debian.org> (supplier of updated libxml2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 04 Jun 2011 10:41:00 +0900
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc python-libxml2
Architecture: source all amd64
Version: 2.6.32.dfsg-5+lenny4
Distribution: oldstable-security
Urgency: low
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Mike Hommey <glandium@debian.org>
Description: 
 libxml2    - GNOME XML library
 libxml2-dbg - Debugging symbols for the GNOME XML library
 libxml2-dev - Development files for the GNOME XML library
 libxml2-doc - Documentation for the GNOME XML library
 libxml2-utils - XML utilities
 python-libxml2 - Python bindings for the GNOME XML library
Closes: 628537
Changes: 
 libxml2 (2.6.32.dfsg-5+lenny4) oldstable-security; urgency=low
 .
   * xpath.c: Fix some potential problems on reallocation failures.
     Closes: #628537.
Checksums-Sha1: 
 b606ce1aa535b890381c21dbbe211ede36799c5e 1985 libxml2_2.6.32.dfsg-5+lenny4.dsc
 d3497a0f9e5c8b76fa7b73dae9d23537b2644538 84794 libxml2_2.6.32.dfsg-5+lenny4.diff.gz
 892c2ae78fe5f47db5a9baab81075221f542a9ad 1307358 libxml2-doc_2.6.32.dfsg-5+lenny4_all.deb
 af86b89b63844fd7b1d1775e36dbb745aa520b2e 860968 libxml2_2.6.32.dfsg-5+lenny4_amd64.deb
 0d6ab0729c7f2cc724782679d34ed485a7510032 37324 libxml2-utils_2.6.32.dfsg-5+lenny4_amd64.deb
 17f038e180ca1fed4a343a15a9b224b81287ecbb 774136 libxml2-dev_2.6.32.dfsg-5+lenny4_amd64.deb
 68f5d3ec18a553502db8cc553ca1aec3961e1cca 988376 libxml2-dbg_2.6.32.dfsg-5+lenny4_amd64.deb
 18c960cda9ce0e652662e963c8ae7acb711c5b50 295944 python-libxml2_2.6.32.dfsg-5+lenny4_amd64.deb
Checksums-Sha256: 
 f1f774dff4a8bdc69e3aa3866ad257ee3b8c94aceb615ff5325db0c74ef29580 1985 libxml2_2.6.32.dfsg-5+lenny4.dsc
 45816fe7cc01afaf6243f577e403f80027b42dfbaa6815092b100353ae541857 84794 libxml2_2.6.32.dfsg-5+lenny4.diff.gz
 4d4bd20031993b26992f239027e30f4e01a2bf3701af6f1b36c5f90647500228 1307358 libxml2-doc_2.6.32.dfsg-5+lenny4_all.deb
 ba421bc5a90352ad315cda2888941b1485a1a044cf9c0b5ab7a8188dc800642a 860968 libxml2_2.6.32.dfsg-5+lenny4_amd64.deb
 312eb5f4cc332d1f5e31d3eed9efbf69a068c6b93fbd865f793b1a911a148c0b 37324 libxml2-utils_2.6.32.dfsg-5+lenny4_amd64.deb
 b649f572a1fe7aa3cb20a3a7ef8cc204ef43499b1d46cac6f41a4734b37fca88 774136 libxml2-dev_2.6.32.dfsg-5+lenny4_amd64.deb
 d97033768c54563510fcc1c411222c93a3baaf5712ea74d6487aa5e169d373c6 988376 libxml2-dbg_2.6.32.dfsg-5+lenny4_amd64.deb
 e415b3b45aaa299beb95ac28ff209490a41dd9bd2cd939ba8799be0767c5ae51 295944 python-libxml2_2.6.32.dfsg-5+lenny4_amd64.deb
Files: 
 9a0ac0544938b2009d3e447425587787 1985 libs optional libxml2_2.6.32.dfsg-5+lenny4.dsc
 73b2c2e770ce1a939b2b559450450c35 84794 libs optional libxml2_2.6.32.dfsg-5+lenny4.diff.gz
 48f4bfa6fe8f23826a2d3192cedc6322 1307358 doc optional libxml2-doc_2.6.32.dfsg-5+lenny4_all.deb
 c75a029901edcf0e0b76c52aaf0321ad 860968 libs optional libxml2_2.6.32.dfsg-5+lenny4_amd64.deb
 956bc24398ba5f5a8ac46cfb4e205cf4 37324 text optional libxml2-utils_2.6.32.dfsg-5+lenny4_amd64.deb
 738d601f6eb4160c4165962649392c31 774136 libdevel optional libxml2-dev_2.6.32.dfsg-5+lenny4_amd64.deb
 ba1fa29ea40aaade671a60e9f12bea0b 988376 libdevel extra libxml2-dbg_2.6.32.dfsg-5+lenny4_amd64.deb
 951d141d448eb9e2dd7d93cf9f3e4d34 295944 python optional python-libxml2_2.6.32.dfsg-5+lenny4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIVAwUBTemPWOQqoE+mqoxyAQgADA/8CS3NZQGJKkCoEEigMWrxcyCu8HTXtZue
WY4T8+/9vFTnt5aqm4q9N5dTwp80igXoNrUOcm5POrGCoftRcyy/heDL9tH3Phvg
28MIFIItQh/Sqs2k9nGXn4sMlh+CHe8/KWa3GyWG4C8fxjl1kEYtmTV8sj3BmrJb
U9nLWSqW7k28Fe8Sz5Kg9T+G6hYJNiJypieTo+cZq+43dTF54qzJnMCDalSgVxR6
WBrDil+iHRW+gqkr9T1SYY9BMfaw4Id0p8+ksDVUX13+0BzPD5uIoW7+iBXzTP2I
sz1K58QXL3g8rH0vBIEzmqbwlvD2F0e2vVJGzouC1T3cC6dkj2Hsxp/QU/yocYP5
tbGXfaxE3DRZu5TcxfPPYCwfqwmwEppZx8zgJJotK/GuJjd/kcP/c6fpU+11vjQ1
VpHVZqNAQ1FPnrJSmeYDTZeAqrmy1S2TZU2MTEljAC3kFzLZ0J/AYZxUsKO4g50X
92hAWjy0HPrne2Zz3iR7sjbOVHM/er3jaACuJjycWs2aMR9JZQyfT4wRJwe5hLz5
c8wR+6wzOYSGsWMi6CR6Jj0o9wRIdf7kc6zb9KMmg0GgfLjdmLmd+MrggKWOPLqW
ojqrBwQMsYKy/nG6C5mkenxLt7mLsJ9Tmb7xh9a21Smg5Wn0XuUL7jmaRAbGWzsq
W6wKxMhHKo0=
=OfBV
-----END PGP SIGNATURE-----





Reply sent to Mike Hommey <glandium@debian.org>:
You have taken responsibility. (Wed, 08 Jun 2011 01:57:19 GMT) Full text and rfc822 format available.

Notification sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer. (Wed, 08 Jun 2011 01:57:19 GMT) Full text and rfc822 format available.

Message #45 received at 628537-close@bugs.debian.org (full text, mbox):

From: Mike Hommey <glandium@debian.org>
To: 628537-close@bugs.debian.org
Subject: Bug#628537: fixed in libxml2 2.7.8.dfsg-2+squeeze1
Date: Wed, 08 Jun 2011 01:55:11 +0000
Source: libxml2
Source-Version: 2.7.8.dfsg-2+squeeze1

We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive:

libxml2-dbg_2.7.8.dfsg-2+squeeze1_amd64.deb
  to main/libx/libxml2/libxml2-dbg_2.7.8.dfsg-2+squeeze1_amd64.deb
libxml2-dev_2.7.8.dfsg-2+squeeze1_amd64.deb
  to main/libx/libxml2/libxml2-dev_2.7.8.dfsg-2+squeeze1_amd64.deb
libxml2-doc_2.7.8.dfsg-2+squeeze1_all.deb
  to main/libx/libxml2/libxml2-doc_2.7.8.dfsg-2+squeeze1_all.deb
libxml2-utils_2.7.8.dfsg-2+squeeze1_amd64.deb
  to main/libx/libxml2/libxml2-utils_2.7.8.dfsg-2+squeeze1_amd64.deb
libxml2_2.7.8.dfsg-2+squeeze1.diff.gz
  to main/libx/libxml2/libxml2_2.7.8.dfsg-2+squeeze1.diff.gz
libxml2_2.7.8.dfsg-2+squeeze1.dsc
  to main/libx/libxml2/libxml2_2.7.8.dfsg-2+squeeze1.dsc
libxml2_2.7.8.dfsg-2+squeeze1_amd64.deb
  to main/libx/libxml2/libxml2_2.7.8.dfsg-2+squeeze1_amd64.deb
python-libxml2-dbg_2.7.8.dfsg-2+squeeze1_amd64.deb
  to main/libx/libxml2/python-libxml2-dbg_2.7.8.dfsg-2+squeeze1_amd64.deb
python-libxml2_2.7.8.dfsg-2+squeeze1_amd64.deb
  to main/libx/libxml2/python-libxml2_2.7.8.dfsg-2+squeeze1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 628537@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Hommey <glandium@debian.org> (supplier of updated libxml2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 04 Jun 2011 10:40:06 +0900
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg
Architecture: source amd64 all
Version: 2.7.8.dfsg-2+squeeze1
Distribution: stable-security
Urgency: low
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Mike Hommey <glandium@debian.org>
Description: 
 libxml2    - GNOME XML library
 libxml2-dbg - Debugging symbols for the GNOME XML library
 libxml2-dev - Development files for the GNOME XML library
 libxml2-doc - Documentation for the GNOME XML library
 libxml2-utils - XML utilities
 python-libxml2 - Python bindings for the GNOME XML library
 python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension)
Closes: 628537
Changes: 
 libxml2 (2.7.8.dfsg-2+squeeze1) stable-security; urgency=low
 .
   * xpath.c: Fix some potential problems on reallocation failures.
     Closes: #628537.
Checksums-Sha1: 
 57693c0eef8d30cd316f1da3fb52afb54d07fa3e 2186 libxml2_2.7.8.dfsg-2+squeeze1.dsc
 bf481743478da6899a65507a34b67731466960dd 3509930 libxml2_2.7.8.dfsg.orig.tar.gz
 62c3a550e89412e6c7bb164aa8a68f6f02ea83fd 111143 libxml2_2.7.8.dfsg-2+squeeze1.diff.gz
 d3b21e19fa1408512b2bb85066190258e8656fab 872212 libxml2_2.7.8.dfsg-2+squeeze1_amd64.deb
 96d94fab584e58403f507010785f11309b218490 93366 libxml2-utils_2.7.8.dfsg-2+squeeze1_amd64.deb
 f63bf28ff249796f7b370c91cee8f20a26d061be 828958 libxml2-dev_2.7.8.dfsg-2+squeeze1_amd64.deb
 3d7ec55be6713c9bc31e7a05f2c5f5627fce4917 989018 libxml2-dbg_2.7.8.dfsg-2+squeeze1_amd64.deb
 9a2b6e2fc7d5afd9ebebef46979096cb036fc0cd 1343946 libxml2-doc_2.7.8.dfsg-2+squeeze1_all.deb
 d7f820b89f9e747fa049140f526099e919c2fbf0 337494 python-libxml2_2.7.8.dfsg-2+squeeze1_amd64.deb
 b9edc2555dc1c980e518ccf098f19ee72c0d1628 871108 python-libxml2-dbg_2.7.8.dfsg-2+squeeze1_amd64.deb
Checksums-Sha256: 
 0a68f784eeb901cba8300ad7229d3378698efd380adaf1e353e5761830c0e5d6 2186 libxml2_2.7.8.dfsg-2+squeeze1.dsc
 9f5262963fda356708903b42ff862a816c714582d0cf41477a8b3839945f0e43 3509930 libxml2_2.7.8.dfsg.orig.tar.gz
 498e3d777cdccc5b53357a7a1d6ea04d9df2f86da9e692eb9038ad46d70f3103 111143 libxml2_2.7.8.dfsg-2+squeeze1.diff.gz
 a947cedfcad7edfc6a95db19019869e6254ed7ee1eb914851719f792c7885ac7 872212 libxml2_2.7.8.dfsg-2+squeeze1_amd64.deb
 8c6d847f2631a7e9f3dc18358ec04cd175ac67ff8bfef3807fbe4d60f9635bf3 93366 libxml2-utils_2.7.8.dfsg-2+squeeze1_amd64.deb
 95f6af0ccdc2c16dcd80fd64b4f853235c73ca9a432e5a5c3b20382cd24c908e 828958 libxml2-dev_2.7.8.dfsg-2+squeeze1_amd64.deb
 4a6b08e3d56243ab51433a21776150a858d840f6c45de8032476ae7473f3c8b3 989018 libxml2-dbg_2.7.8.dfsg-2+squeeze1_amd64.deb
 15c754650e73a1e1c6dae958d956df46de322806d86e36fc1e1e1243092e7dba 1343946 libxml2-doc_2.7.8.dfsg-2+squeeze1_all.deb
 6bd4202ba8e10bcc6f9a3f440ba31a640f6039390ab6dcb49af5bb540e708c85 337494 python-libxml2_2.7.8.dfsg-2+squeeze1_amd64.deb
 e89aef6a631e9f2f0149e0d4c6b1af5b76582ab4a7615ae3d0b71895252f06d1 871108 python-libxml2-dbg_2.7.8.dfsg-2+squeeze1_amd64.deb
Files: 
 7ba9c1c537c8198087f912a59139730c 2186 libs optional libxml2_2.7.8.dfsg-2+squeeze1.dsc
 116fd86aa1b392dfe38d6b17613deebb 3509930 libs optional libxml2_2.7.8.dfsg.orig.tar.gz
 48bd4ae957dac6f6ee6ec60b71f363da 111143 libs optional libxml2_2.7.8.dfsg-2+squeeze1.diff.gz
 cef27444c26da0d6ff09c9ffc5053868 872212 libs standard libxml2_2.7.8.dfsg-2+squeeze1_amd64.deb
 a467cbd5bd5e807dfc1fad3207a77935 93366 text optional libxml2-utils_2.7.8.dfsg-2+squeeze1_amd64.deb
 d07c67a26ab4ddfe960eebc103ebc428 828958 libdevel optional libxml2-dev_2.7.8.dfsg-2+squeeze1_amd64.deb
 808c8cd72ff02362d80141c9e081e8cb 989018 debug extra libxml2-dbg_2.7.8.dfsg-2+squeeze1_amd64.deb
 d80e39ffea46964838b382b373be197c 1343946 doc optional libxml2-doc_2.7.8.dfsg-2+squeeze1_all.deb
 19cd6a65bb4cf6e67d7f5c61c92179f5 337494 python optional python-libxml2_2.7.8.dfsg-2+squeeze1_amd64.deb
 a89227c1415efd3e14db3f445f677f75 871108 debug extra python-libxml2-dbg_2.7.8.dfsg-2+squeeze1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIVAwUBTemR0+QqoE+mqoxyAQhr/hAArs8K2aWKtc2Kx2Eof8Xn7w9tRS/2wgv8
CmqNPo//OMmd/5eCEuMB9Vph71kC7X5ebKKc3ZEzHhdhlk4iGtnK2wDe+jrra/GV
5k5MSVdjZECqMhzAvu/g0+hZVXFSAk+8GquO8/eMWP3N+/gqdYQgmw88cO3H6X5i
pl3zWGif90mwUJQXPiJPNz/bPAmz/wSx252+JMybrrdYE9MxsTJ/cU+Uj14r81X4
kAc+E+zZ4tZD9pNrndjnjW96E3GEKnIIv9Si1u+dzwSdQ+ZM+rPI7QviFQWn/Viz
HDWGlMS0Fibl48olPkiIjHAQA8PKEzgsai2r8doLGADwe2hN0sXrB7IqnkCn1/76
bTEP/W+rijXZf2vACgeQeo30L6vDHlX/VhlCfP+HppE4gs3+F0iCIP2XI1B/VkAq
D2b+IY/VroL/PTEaXhyazqmDBb0eXrA1QS49MO7Q4Su0Lh8dWLOFOWqgiLBaYYHK
sMW0fYR1QtvivAQjeyYc1vyM/iCpLyu65KDu/mBdDlmm/QuQyjwnN3YVMMqT/lb6
jjHo3OU2Y1LkxC8iQ9TxWlyJBzYDEc56GogdgguFr2kJCxQpgsOuxqQskdcD90MZ
UL4mTRDSwDOg7+3zwUdfwi8+CY8ucAR//H34FEH+qUEnByvliDQYNdElyhL9B8qA
ZaLuP8mmR2k=
=no55
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 06 Jul 2011 07:32:09 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 12:19:52 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.