-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 3.0 (quilt) Source: libxml2 Binary: libxml2, libxml2-utils, libxml2-utils-dbg, libxml2-dev, libxml2-dbg, libxml2-doc, python-libxml2, python-libxml2-dbg Architecture: any all Version: 2.8.0+dfsg1-7+wheezy4 Maintainer: Debian XML/SGML Group <[email protected]> Uploaders: Aron Xu <[email protected]>, YunQiang Su <[email protected]> Homepage: http://xmlsoft.org/ Standards-Version: 3.9.3 Vcs-Browser: http://git.debian.org/?p=debian-xml-sgml/libxml2.git Vcs-Git: git://git.debian.org/debian-xml-sgml/libxml2.git Build-Depends: debhelper (>= 9), perl, dh-autoreconf, autotools-dev, binutils (>= 2.14.90.0.7), python-all-dev (>= 2.6.6-3~), python-all-dbg, zlib1g-dev | libz-dev, liblzma-dev, libreadline-dev | libreadline6-dev Package-List: libxml2 deb libs standard libxml2-dbg deb debug extra libxml2-dev deb libdevel optional libxml2-doc deb doc optional libxml2-utils deb text optional libxml2-utils-dbg deb debug extra python-libxml2 deb python optional python-libxml2-dbg deb debug extra Checksums-Sha1: fcc1bca14d2c7dd73c71556cf0a223a73bd92305 3554683 libxml2_2.8.0+dfsg1.orig.tar.gz 220c813f26f6284c15f0c52f65e2c120b40928a5 43067 libxml2_2.8.0+dfsg1-7+wheezy4.debian.tar.gz Checksums-Sha256: 46f339843967e861e81f8427373ff2a3d0a8cb608022dea16aa1d345ddcee338 3554683 libxml2_2.8.0+dfsg1.orig.tar.gz d807f286f77babaf01bfa24e297281fb6b87d9f2f83e3a3eeb04a504702ca143 43067 libxml2_2.8.0+dfsg1-7+wheezy4.debian.tar.gz Files: 008920f545a36da4eca363d0c1a0ffee 3554683 libxml2_2.8.0+dfsg1.orig.tar.gz 581d8728c1afdb0c3714e8436ac30768 43067 libxml2_2.8.0+dfsg1-7+wheezy4.debian.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVI+k9AAoJEAVMuPMTQ89EqqkP+gOrmqW6axKfVDE0C7/SjTNM KCTl5vT4KCY5A2c5k/ziFuEhK9FiowtrM5EWTajKaEXK6BFfsTaa4OC2R3gVP/fC 0gPh0/bU1JNZB1wLPVKxQJQmZ6e80K+Z0569raSb2GubrE0iEWpqlIV5gaaYY2wS Th6wa+NQKwK8ls2gUwERvfNv1qvGOkXCkdhVxYKkqpbBnBad2y1erelItRFzk0Pk 7aaJKK3QV91TXJn8W5dj5CSeSav0JnLkr/7GLY1KKW8GZ9C2G0CQQsHPMzOGE+4T Om7t+usfFYJ5G8xdEuNJY9UdkXn6jkKp46ejz9GE/2guQjAwODiqfPRF9vEeF2Pf n8xsU2gff7N95FaMJZH6+pQOZxU5QNWVjQ/Svqs3TcnCTHxUnTmNRIuxS/h6+bNb hPZcry95+dREBAjt0hHz8gi9+4scM6NkAHWsiLizXEOmfcpVqZaizB6a+4vwdOJ0 NtuUa6HNf0/f5SJtqScsR7VzQ6oWhvZqU6+HfM78O1kxT5s6LoTxdfyTRRcsoIo+ RhEOyISWQC53b+R1ADBw8kMbfPmkAATGLD35FM4R26oHgUHYwRxZw92UeKq979aq RFjg5i7ILnI3KPkgr8aMY49khmTxXI4UP+8xHMHExy7pWVq/pwkH8WtnR8Xu+4sp RrpnoBL78VWmYYLXrUuG =FlPu -----END PGP SIGNATURE----- Changes: libxml2 (2.8.0+dfsg1-7+wheezy4) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Add missing required patches for CVE-2014-3660. The two upstream commits a3f1e3e5712257fd279917a9158278534e8f4b72 and cff2546f13503ac028e4c1f63c7b6d85f2f2d777 are required in addition to the commit be2a7edaf289c5da74a4f9ed3a0b6c733e775230 to fix CVE-2014-3660 due to changes in the use of ent->checked. Fixes "libxml2: CVE-2014-3660 patch makes installation-guide FTBFS". (Closes: #774358) * Refresh cve-2014-3660.patch patch * Refresh cve-2014-3660-bis.patch patch -- Salvatore Bonaccorso <[email protected]> Sat, 04 Apr 2015 11:01:18 +0200
