Ubuntu
xmlrpc-c package

Please merge xmlrpc-c 1.16.33-3.2 (main) from Debian testing (main)

Bug #1076812 reported by Tyler Hicks
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
xmlrpc-c (Ubuntu)
Fix Released
Wishlist
Unassigned

Bug Description

This is a trivial merge. Debian picked up my previous security updates and my patch to enable the build tests.

Related branches

lp:ubuntu/raring/xmlrpc-c

CVE References

Revision history for this message
Tyler Hicks (tyhicks) wrote :

The build tests pass, as well as the simple tests of xml-rpc-api2txt and xml-rpc-api2cpp in test-xmlrpc-c.py from lp:qa-regression-testing

Changed in xmlrpc-c (Ubuntu):
status: In Progress → Confirmed
assignee: Tyler Hicks (tyhicks) → nobody
Revision history for this message
Micah Gersten (micahg) wrote :

Taking a look

Changed in xmlrpc-c (Ubuntu):
assignee: nobody → Micah Gersten (micahg)
status: Confirmed → In Progress
Revision history for this message
Micah Gersten (micahg) wrote :

Looks fine, sponsored, thanks

Changed in xmlrpc-c (Ubuntu):
assignee: Micah Gersten (micahg) → nobody
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xmlrpc-c - 1.16.33-3.2ubuntu1

---------------
xmlrpc-c (1.16.33-3.2ubuntu1) raring; urgency=low

  * Merge from Debian testing (LP: #1076812). Remaining changes:
    - Add libxmlrpc-core-c3-udeb for use during installation (LP: #831496).
    - Add Breaks/Replaces to cover binary package reorganisation (LP: #878180).
    - Fix dh_makeshlibs calls for libxmlrpc-core-c3-0 -> libxmlrpc-core-c3
      rename.
    - Add backport-gssapi-delegation.patch, and bump the build-depends on
      libcurl4-openssl-dev and libcurl3-openssl-dev to >= 7.22.0
    - Fix dependencies of xmlrpc-api-utils
  * Changes merged by Debian:
    - Run the tests as part of the build process
    - SECURITY UPDATE: Denial of service via hash collisions
    - SECURITY UPDATE: Denial of service via memory leak

xmlrpc-c (1.16.33-3.2) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix CVE-2012-0876 and CVE-2012-1148 in embedded Expat copy. Thanks to
    Tyler Hicks for the patch and the report (Closes: #687672)
 -- Tyler Hicks <email address hidden> Thu, 08 Nov 2012 16:29:20 -0800

Changed in xmlrpc-c (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.