[ubuntu/lucid] xmlrpc-c 1.06.27-1ubuntu7 (Accepted)

Jamie Strandboge jamie at ubuntu.com
Tue Jan 26 19:35:13 GMT 2010 

xmlrpc-c (1.06.27-1ubuntu7) lucid; urgency=low

  * SECURITY UPDATE: fix DoS via malformed XML
    - debian/patches/CVE-2009-3720.patch: update expat/xmltok/xmltok_impl.c
      to not access beyond end of input string
    - CVE-2009-3720
  * SECURITY UPDATE: fix DoS via malformed UTF-8 sequences
    - debian/patches/CVE-2009-3560.patch: update expat/xmlparse/xmlparse.c to
      properly recognize the end of a token
    - CVE-2009-3560

Date: Tue, 26 Jan 2010 13:14:57 -0600
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/xmlrpc-c/1.06.27-1ubuntu7
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 26 Jan 2010 13:14:57 -0600
Source: xmlrpc-c
Binary: libxmlrpc-c3-dev libxmlrpc-c3 libxmlrpc-core-c3-dev libxmlrpc-core-c3 xml-rpc-api2cpp xml-rpc-api2txt
Architecture: source
Version: 1.06.27-1ubuntu7
Distribution: lucid
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 libxmlrpc-c3 - A lightweight RPC library based on XML and HTTP for C and C++
 libxmlrpc-c3-dev - A lightweight RPC library based on XML and HTTP for C and C++
 libxmlrpc-core-c3 - A lightweight RPC library based on XML and HTTP (core libraries)
 libxmlrpc-core-c3-dev - A lightweight RPC library based on XML and HTTP (core libraries)
 xml-rpc-api2cpp - Generate C++ wrapper classes for XML-RPC servers
 xml-rpc-api2txt - Dump an XML-RPC API as a text file
Changes: 
 xmlrpc-c (1.06.27-1ubuntu7) lucid; urgency=low
 .
   * SECURITY UPDATE: fix DoS via malformed XML
     - debian/patches/CVE-2009-3720.patch: update expat/xmltok/xmltok_impl.c
       to not access beyond end of input string
     - CVE-2009-3720
   * SECURITY UPDATE: fix DoS via malformed UTF-8 sequences
     - debian/patches/CVE-2009-3560.patch: update expat/xmlparse/xmlparse.c to
       properly recognize the end of a token
     - CVE-2009-3560
Checksums-Sha1: 
 f58003bfdba02ac4b01757afc575c5a695178e8a 1227 xmlrpc-c_1.06.27-1ubuntu7.dsc
 feba5f9bfb593c4b6aa9fe872c60ea3f742a992b 8963 xmlrpc-c_1.06.27-1ubuntu7.diff.gz
Checksums-Sha256: 
 94ebe680939b5304cd7e99311955a7ef940a35afb47ce7d534ca839d57d1f141 1227 xmlrpc-c_1.06.27-1ubuntu7.dsc
 e5efda4d9726c7336a4a131ca4a7fd52eee630b70a8d411dae24352d61a12908 8963 xmlrpc-c_1.06.27-1ubuntu7.diff.gz
Files: 
 d073be0a29ad06e3d451e95ab5b65d26 1227 libs optional xmlrpc-c_1.06.27-1ubuntu7.dsc
 c8aa97b1e1eaede9994c44b3fb6c2b83 8963 libs optional xmlrpc-c_1.06.27-1ubuntu7.diff.gz
Original-Maintainer: Sean Finney <seanius at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAktfQ5kACgkQW0JvuRdL8Bq+AACfYdV/Vxo2w7KwHbsXpn/V+d/W
2tQAnjmcSV0MQsLz8ensuRwPMbQa0XVL
=5w6p
-----END PGP SIGNATURE-----

More information about the Lucid-changes mailing list