Bug#1019262: libxmlb2: Under some circumstances, depending on the data, memory blocks can be double-freed.
Recently, several users complaint that snap-store (which is derived from gnome-
software) was crashing on start up with a segmentation fault. We found that the
bug was in libxmlb, where, under some circumstances, some memory blocks could
be double-freed when the library performed a prune of the binary tree.
This bug has been there since, at least, version 0.1.8, so it probably affects
Debian Stable and old-Stable too.
A patch was sent to upstream and was merged immediately
Also, a patch adapted for version 0.3.8 (the one currently in Debian SID) has
been sent to the SALSA repository: https://salsa.debian.org/efi-
-- System Information:
Debian Release: bookworm/sid
APT prefers jammy-updates
APT policy: (500, 'jammy-updates'), (500, 'jammy-security'), (500, 'jammy'), (100, 'jammy-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.15.0-47-generic (SMP w/16 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8), LANGUAGE=es:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libxmlb2 depends on:
ii libc6 2.35-0ubuntu3.1
ii libglib2.0-0 2.72.1-1
ii liblzma5 5.2.5-2ubuntu1
libxmlb2 recommends no packages.
libxmlb2 suggests no packages.
-- no debconf information