[Bug 1076812] Re: Please merge xmlrpc-c 1.16.33-3.2 (main) from Debian testing (main)

Sun Nov 11 18:09:10 UTC 2012

This bug was fixed in the package xmlrpc-c - 1.16.33-3.2ubuntu1

---------------
xmlrpc-c (1.16.33-3.2ubuntu1) raring; urgency=low

  * Merge from Debian testing (LP: #1076812). Remaining changes:
    - Add libxmlrpc-core-c3-udeb for use during installation (LP: #831496).
    - Add Breaks/Replaces to cover binary package reorganisation (LP: #878180).
    - Fix dh_makeshlibs calls for libxmlrpc-core-c3-0 -> libxmlrpc-core-c3
      rename.
    - Add backport-gssapi-delegation.patch, and bump the build-depends on
      libcurl4-openssl-dev and libcurl3-openssl-dev to >= 7.22.0
    - Fix dependencies of xmlrpc-api-utils
  * Changes merged by Debian:
    - Run the tests as part of the build process
    - SECURITY UPDATE: Denial of service via hash collisions
    - SECURITY UPDATE: Denial of service via memory leak

xmlrpc-c (1.16.33-3.2) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix CVE-2012-0876 and CVE-2012-1148 in embedded Expat copy. Thanks to
    Tyler Hicks for the patch and the report (Closes: #687672)
 -- Tyler Hicks <tyhicks at canonical.com>   Thu, 08 Nov 2012 16:29:20 -0800

** Changed in: xmlrpc-c (Ubuntu)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-0876

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1148

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to xmlrpc-c in Ubuntu.
https://bugs.launchpad.net/bugs/1076812

Title:
  Please merge xmlrpc-c 1.16.33-3.2 (main) from Debian testing (main)

Status in “xmlrpc-c” package in Ubuntu:
  Fix Released

Bug description:
  This is a trivial merge. Debian picked up my previous security updates
  and my patch to enable the build tests.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xmlrpc-c/+bug/1076812/+subscriptions