[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1019262: libxmlb2: Under some circumstances, depending on the data, memory blocks can be double-freed.

Package: libxmlb2
Version: 0.3.6-2build1
Severity: normal
Tags: patch
X-Debbugs-Cc: sergio.costas@canonical.com

Recently, several users complaint that snap-store (which is derived from gnome-
software) was crashing on start up with a segmentation fault. We found that the
bug was in libxmlb, where, under some circumstances, some memory blocks could
be double-freed when the library performed a prune of the binary tree.

This bug has been there since, at least, version 0.1.8, so it probably affects
Debian Stable and old-Stable too.

A patch was sent to upstream and was merged immediately

Also, a patch adapted for version 0.3.8 (the one currently in Debian SID) has
been sent to the SALSA repository: https://salsa.debian.org/efi-

-- System Information:
Debian Release: bookworm/sid
  APT prefers jammy-updates
  APT policy: (500, 'jammy-updates'), (500, 'jammy-security'), (500, 'jammy'), (100, 'jammy-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.15.0-47-generic (SMP w/16 CPU threads)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8), LANGUAGE=es:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libxmlb2 depends on:
ii  libc6         2.35-0ubuntu3.1
ii  libglib2.0-0  2.72.1-1
ii  liblzma5      5.2.5-2ubuntu1

libxmlb2 recommends no packages.

libxmlb2 suggests no packages.

-- no debconf information

Reply to: