[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#944064: marked as done (buster-pu: package libxslt/1.1.32-2.2~deb10u1)

Your message dated Sat, 16 Nov 2019 10:08:47 +0000
with message-id <83c9ffab6f08361485f70dda4733a7a24aeec09b.camel@adam-barratt.org.uk>
and subject line Closing bugs for 10.2 point release fixes
has caused the Debian Bug report #944064,
regarding buster-pu: package libxslt/1.1.32-2.2~deb10u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
944064: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944064
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

Hi SRM'ers

libxslt is affected by CVE-2019-18197 and the issue was fixed in
unstable via the NMU 1.1.32-2.2 cherry picking the upstream commit. As
per previous upload here the simplest seem to be to do a rebuild of
1.1.32-2.2 for buster, versioned as 1.1.32-2.2~deb10u1.

Attached the full resulting debdiff against the current
1.1.32-2.1~deb10u1 in buster.

Regards,
Salvatore

diff -Nru libxslt-1.1.32/debian/changelog libxslt-1.1.32/debian/changelog
--- libxslt-1.1.32/debian/changelog	2019-08-09 21:49:31.000000000 +0200
+++ libxslt-1.1.32/debian/changelog	2019-11-03 17:11:47.000000000 +0100
@@ -1,8 +1,15 @@
-libxslt (1.1.32-2.1~deb10u1) buster; urgency=medium
+libxslt (1.1.32-2.2~deb10u1) buster; urgency=medium
 
   * Rebuild for buster 
 
- -- Salvatore Bonaccorso <carnil@debian.org>  Fri, 09 Aug 2019 21:49:31 +0200
+ -- Salvatore Bonaccorso <carnil@debian.org>  Sun, 03 Nov 2019 17:11:47 +0100
+
+libxslt (1.1.32-2.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix dangling pointer in xsltCopyText (CVE-2019-18197) (Closes: #942646)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Sat, 19 Oct 2019 21:21:23 +0200
 
 libxslt (1.1.32-2.1) unstable; urgency=medium
 
diff -Nru libxslt-1.1.32/debian/patches/0009-Fix-dangling-pointer-in-xsltCopyText.patch libxslt-1.1.32/debian/patches/0009-Fix-dangling-pointer-in-xsltCopyText.patch
--- libxslt-1.1.32/debian/patches/0009-Fix-dangling-pointer-in-xsltCopyText.patch	1970-01-01 01:00:00.000000000 +0100
+++ libxslt-1.1.32/debian/patches/0009-Fix-dangling-pointer-in-xsltCopyText.patch	2019-10-19 21:21:23.000000000 +0200
@@ -0,0 +1,35 @@
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sat, 17 Aug 2019 16:51:53 +0200
+Subject: Fix dangling pointer in xsltCopyText
+Origin: https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-18197
+Bug-Debian: https://bugs.debian.org/942646
+Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746
+Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768
+Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914
+
+xsltCopyText didn't reset ctxt->lasttext in some cases which could
+lead to various memory errors in relation with CDATA sections in input
+documents.
+
+Found by OSS-Fuzz.
+---
+ libxslt/transform.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libxslt/transform.c b/libxslt/transform.c
+index 95ebd0732f95..d7ab0b6677cc 100644
+--- a/libxslt/transform.c
++++ b/libxslt/transform.c
+@@ -1094,6 +1094,8 @@ xsltCopyText(xsltTransformContextPtr ctxt, xmlNodePtr target,
+ 	    if ((copy->content = xmlStrdup(cur->content)) == NULL)
+ 		return NULL;
+ 	}
++
++	ctxt->lasttext = NULL;
+     } else {
+         /*
+ 	 * normal processing. keep counters to extend the text node
+-- 
+2.20.1
+
diff -Nru libxslt-1.1.32/debian/patches/series libxslt-1.1.32/debian/patches/series
--- libxslt-1.1.32/debian/patches/series	2019-08-04 08:14:05.000000000 +0200
+++ libxslt-1.1.32/debian/patches/series	2019-10-19 21:21:23.000000000 +0200
@@ -6,3 +6,4 @@
 0006-Fix-security-framework-bypass.patch
 0007-Fix-uninitialized-read-of-xsl-number-token.patch
 0008-Fix-uninitialized-read-with-UTF-8-grouping-chars.patch
+0009-Fix-dangling-pointer-in-xsltCopyText.patch

--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 10.2

Hi,

The fixes referenced by these bugs were included in today's 10.2 stable
point release.

Regards,

Adam

--- End Message ---
Reply to: