Bug#1019262: marked as done (libxmlb2: Under some circumstances, depending on the data, memory blocks can be double-freed.)

To: Matthias Klumpp <mak@debian.org>
Subject: Bug#1019262: marked as done (libxmlb2: Under some circumstances, depending on the data, memory blocks can be double-freed.)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Wed, 21 Dec 2022 19:03:10 +0000
Message-id: <[🔎] handler.1019262.D1019262.16716492162771239.ackdone@bugs.debian.org>
Reply-to: 1019262@bugs.debian.org
References: <E1p84K5-00An6P-Fy@fasolo.debian.org> <166247148456.29261.3687379554413879040.reportbug@raster-PROX14-AMD>

Your message dated Wed, 21 Dec 2022 19:00:13 +0000
with message-id <E1p84K5-00An6P-Fy@fasolo.debian.org>
and subject line Bug#1019262: fixed in libxmlb 0.3.10-1
has caused the Debian Bug report #1019262,
regarding libxmlb2: Under some circumstances, depending on the data, memory blocks can be double-freed.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1019262: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019262
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libxmlb2: Under some circumstances, depending on the data, memory blocks can be double-freed.
From: Sergio Costas Rodriguez <sergio.costas@canonical.com>
Date: Tue, 06 Sep 2022 15:38:04 +0200
Message-id: <166247148456.29261.3687379554413879040.reportbug@raster-PROX14-AMD>

Package: libxmlb2
Version: 0.3.6-2build1
Severity: normal
Tags: patch
X-Debbugs-Cc: sergio.costas@canonical.com

Recently, several users complaint that snap-store (which is derived from gnome-
software) was crashing on start up with a segmentation fault. We found that the
bug was in libxmlb, where, under some circumstances, some memory blocks could
be double-freed when the library performed a prune of the binary tree.

This bug has been there since, at least, version 0.1.8, so it probably affects
Debian Stable and old-Stable too.

A patch was sent to upstream and was merged immediately
(https://github.com/hughsie/libxmlb/pull/127).

Also, a patch adapted for version 0.3.8 (the one currently in Debian SID) has
been sent to the SALSA repository: https://salsa.debian.org/efi-
team/libxmlb/-/merge_requests/6


-- System Information:
Debian Release: bookworm/sid
  APT prefers jammy-updates
  APT policy: (500, 'jammy-updates'), (500, 'jammy-security'), (500, 'jammy'), (100, 'jammy-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.15.0-47-generic (SMP w/16 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8), LANGUAGE=es:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libxmlb2 depends on:
ii  libc6         2.35-0ubuntu3.1
ii  libglib2.0-0  2.72.1-1
ii  liblzma5      5.2.5-2ubuntu1

libxmlb2 recommends no packages.

libxmlb2 suggests no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

To: 1019262-close@bugs.debian.org
Subject: Bug#1019262: fixed in libxmlb 0.3.10-1
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Wed, 21 Dec 2022 19:00:13 +0000
Message-id: <E1p84K5-00An6P-Fy@fasolo.debian.org>
Reply-to: Matthias Klumpp <mak@debian.org>

Source: libxmlb
Source-Version: 0.3.10-1
Done: Matthias Klumpp <mak@debian.org>

We believe that the bug you reported is fixed in the latest version of
libxmlb, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1019262@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthias Klumpp <mak@debian.org> (supplier of updated libxmlb package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 20 Dec 2022 18:16:38 +0100
Source: libxmlb
Binary: gir1.2-xmlb-2.0 libxmlb-dev libxmlb-tests libxmlb-tests-dbgsym libxmlb-utils libxmlb-utils-dbgsym libxmlb2 libxmlb2-dbgsym
Architecture: source amd64
Version: 0.3.10-1
Distribution: unstable
Urgency: medium
Maintainer: Debian EFI team <debian-efi@lists.debian.org>
Changed-By: Matthias Klumpp <mak@debian.org>
Description:
 gir1.2-xmlb-2.0 - GObject introspection data for libxmlb
 libxmlb-dev - Development files for libxmlb
 libxmlb-tests - Installed tests for libxmlb2
 libxmlb-utils - Binary XML library - Command-line utility
 libxmlb2   - Binary XML library
Closes: 1019262
Changes:
 libxmlb (0.3.10-1) unstable; urgency=medium
 .
   * New upstream release: 0.3.10
     - Resolves double-free corruption (Closes: #1019262)
     - xb-tool has been moved to PATH
     - Various other crash fixes
   * Bump standards version: No changes needed
   * Add new package for xb-tool, which is now in PATH
Checksums-Sha1:
 5950b762dfea21e9c8ee36f6bc17617b9ad464b4 2450 libxmlb_0.3.10-1.dsc
 a10b8b34e92693bfbf7d00b79fc10f5f8fe4dfbe 122004 libxmlb_0.3.10.orig.tar.gz
 8711d1cfbe2b14667c560df6571743e6d7cce5ef 5072 libxmlb_0.3.10-1.debian.tar.xz
 1b7eb9a41a221f5dcbc7b135bf7ab2c93124b19e 9560 gir1.2-xmlb-2.0_0.3.10-1_amd64.deb
 dbe5d8f7eab887a2755cb1c930222350fa2f88df 67060 libxmlb-dev_0.3.10-1_amd64.deb
 0f7feb910fcdf6f51ed3db873353a0b2b1f8f96f 311120 libxmlb-tests-dbgsym_0.3.10-1_amd64.deb
 b63a6b7ee663e2056a270363a377d40f491d2140 85312 libxmlb-tests_0.3.10-1_amd64.deb
 afc4ae77aeec63df182157334adfcdbf3a7debbf 22144 libxmlb-utils-dbgsym_0.3.10-1_amd64.deb
 57c1be2b6d0a85de7bc585315349ead339b45632 10400 libxmlb-utils_0.3.10-1_amd64.deb
 9a5b430e2b3e3dd26d5fa3f5c72fe8e8a53e36b8 225584 libxmlb2-dbgsym_0.3.10-1_amd64.deb
 74b0bc6750b9b7e3efa53d1f24495650bdf762d7 59788 libxmlb2_0.3.10-1_amd64.deb
 a015bde327340763b8b78a158801a471c1275719 9711 libxmlb_0.3.10-1_amd64.buildinfo
Checksums-Sha256:
 876a6ff85d66fa19aed4752447739c3535e8925523c04f89f726c927c19ae127 2450 libxmlb_0.3.10-1.dsc
 5d4c84eaba463cc6ea6ac9107818d51a581a3a443cb40200798452c36365bc8a 122004 libxmlb_0.3.10.orig.tar.gz
 4faa088efdc9909eb35838d55e45fb8149d57a54cd70a6d419a1ebd21d250dd5 5072 libxmlb_0.3.10-1.debian.tar.xz
 a52a66069ce8ce6f8b8819b0133d616ad3d6392bfd19cde39abc1613c8da0241 9560 gir1.2-xmlb-2.0_0.3.10-1_amd64.deb
 f098a1aa2982f8271f691ddc8396d5f37a381afc09a823828ea386000d5b2168 67060 libxmlb-dev_0.3.10-1_amd64.deb
 ada296afc50bd23e348b401fe9d135d4120d0c69b44c878c86eb17141c3e0a38 311120 libxmlb-tests-dbgsym_0.3.10-1_amd64.deb
 92236a0c4995bb96e6e0e57710323f30cc91f611822bc90673209a70a06d5291 85312 libxmlb-tests_0.3.10-1_amd64.deb
 09aa9ee3915ecd81f330096b469feb9753eecbc3fd1b78126f59beb841916f1e 22144 libxmlb-utils-dbgsym_0.3.10-1_amd64.deb
 ab93eec7f1212407db6590af2d2ab08af101203337dbf67f7a80d82073e382b1 10400 libxmlb-utils_0.3.10-1_amd64.deb
 3920b336a71bcfa9dd221c72628bcb4cd5361bd31ece7e5f15388bebaf0852ac 225584 libxmlb2-dbgsym_0.3.10-1_amd64.deb
 bd137f45b649b0ae57b280a88aaf8c61aa49d8e084ee4341f97e319f28d7bd6b 59788 libxmlb2_0.3.10-1_amd64.deb
 c4dcec67ab80a0cb8210644fe6f2fe13a8bef2e53e60953d93db9e87887fe24f 9711 libxmlb_0.3.10-1_amd64.buildinfo
Files:
 d834f51f2724e1ec5fbf6f036f24ff43 2450 libs optional libxmlb_0.3.10-1.dsc
 8e9240b2b292b846beb29ae5428af75f 122004 libs optional libxmlb_0.3.10.orig.tar.gz
 24b2837cbfeb7fc3cabf65b967646dbe 5072 libs optional libxmlb_0.3.10-1.debian.tar.xz
 2707b1beb03b1c4c1bce82c4f7c01a86 9560 introspection optional gir1.2-xmlb-2.0_0.3.10-1_amd64.deb
 f0f10e7ebae29bfa15f072f65dee2dd6 67060 libdevel optional libxmlb-dev_0.3.10-1_amd64.deb
 1631c6e6c9277fa1672b309a8d816d10 311120 debug optional libxmlb-tests-dbgsym_0.3.10-1_amd64.deb
 d16bcb28755d4dcfbcc7ba5d353889b9 85312 libs optional libxmlb-tests_0.3.10-1_amd64.deb
 6056dd3919d9d75adab8a2dd215478f3 22144 debug optional libxmlb-utils-dbgsym_0.3.10-1_amd64.deb
 75d260de86d276b868bc648cdfab82ac 10400 libs optional libxmlb-utils_0.3.10-1_amd64.deb
 99237e9c4a4eea75272d8895657e0d29 225584 debug optional libxmlb2-dbgsym_0.3.10-1_amd64.deb
 c8e4a05edaa2e9bf6a117a0361b03b72 59788 libs optional libxmlb2_0.3.10-1_amd64.deb
 380219f2fdf7c92c23ae2a515d634b3e 9711 libs optional libxmlb_0.3.10-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCAAtFiEE0zo/DKFrCsxRpgc4SUyKX79N7OsFAmOh8xAPHG1ha0BkZWJp
YW4ub3JnAAoJEElMil+/TezrXHMP/0MzvK8RauCsN4IDkLKIgary9+YxtKv80b8B
bDH7eCRzDMiTmW7MFqHCeNpKytn0XtW4TpRmYRs1ZUmLeSLg+eetDWV4qk2Q0XEx
HVBVj9n5clc5GJluaSnAoRENVP5WBqZmFHo1ATElDRLThTYxS3sjWZbozfXsIXdJ
2DUqh7tvMojuD+qZbX/mwfr5w9a0whrhmYiIPygL6mdRCLjZv3fWMxPDTBVi2g1u
V1Q+3CQFTStRInmC83eV2Bi6t9Zi9yAbJiZZnN2LQJKt9gJgMxzXcMs37AlvPZKS
ZT9h1fJJ7ovCWVZ6VvRiY2OHj6lvtRdr+5np8I0e62ijn2ajs2oYGA/1DRAJgniu
JKw7YIkbsOf3EC+uGSHtHLp7xBUnO8vM/nYg3dUt5zQSMJMiqbGdslsQmPnQNjh2
6p0j+OZdcoLlQ0yrygm4D7ISwGizx56srxfUfMeHC+qNpb2UM+pLOGI0UqO6oqIX
O0yjgxW9FCDVdQglD5zmWvf4eaNRyeIindhupa3kbxxVNW1Bxn5NivM8+8yeBJcd
ENakTcrmLddPapkBAo1wnGRqZgqlroQ5oEhPDXJEY7Dtp3zIDWLwyoWcHTZWvcuV
lXLzrL5ci+j/pxhhTaunIXR76ihKXvONXIPOIHVMKKi9/cjlqu0TYHRYmPJSHY3F
Dx+hOVtu
=q5B5
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: libxmlb_0.3.10-1_amd64.changes is NEW
Next by Date: libxmlb_0.3.10-1_amd64.changes ACCEPTED into unstable
Previous by thread: libxmlb_0.3.10-1_amd64.changes is NEW
Next by thread: libxmlb_0.3.10-1_amd64.changes ACCEPTED into unstable
Index(es):
- Date
- Thread