Bug#946159: marked as done (stretch-pu: package libxslt/1.1.29-2.1+deb9u2)

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Subject: Bug#946159: marked as done (stretch-pu: package libxslt/1.1.29-2.1+deb9u2)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 08 Feb 2020 14:27:54 +0000
Message-id: <[🔎] handler.946159.D946159.158117182916798.ackdone@bugs.debian.org>
Reply-to: 946159@bugs.debian.org
References: <a894a0233c2d264936953d7a69507573c4a5742a.camel@adam-barratt.org.uk> <157547101996.29331.1323584272785788176.reportbug@lorien.valinor.li>

Your message dated Sat, 08 Feb 2020 14:23:35 +0000
with message-id <a894a0233c2d264936953d7a69507573c4a5742a.camel@adam-barratt.org.uk>
and subject line Closing bugs included in 9.12
has caused the Debian Bug report #946159,
regarding stretch-pu: package libxslt/1.1.29-2.1+deb9u2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
946159: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946159
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: stretch-pu: package libxslt/1.1.29-2.1+deb9u2
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 04 Dec 2019 15:50:19 +0100
Message-id: <157547101996.29331.1323584272785788176.reportbug@lorien.valinor.li>

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

Hi

This update adresses CVE-2019-18197 as well for stretch (was alredy
done for buster in the last point release). Attaching the resulting
debdiff.

Regards,
Salvatore

diff -Nru libxslt-1.1.29/debian/changelog libxslt-1.1.29/debian/changelog
--- libxslt-1.1.29/debian/changelog	2019-08-24 14:04:13.000000000 +0200
+++ libxslt-1.1.29/debian/changelog	2019-12-04 15:41:16.000000000 +0100
@@ -1,3 +1,10 @@
+libxslt (1.1.29-2.1+deb9u2) stretch; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix dangling pointer in xsltCopyText (CVE-2019-18197) (Closes: #942646)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Wed, 04 Dec 2019 15:41:16 +0100
+
 libxslt (1.1.29-2.1+deb9u1) stretch; urgency=medium
 
   * Non-maintainer upload.
diff -Nru libxslt-1.1.29/debian/patches/0012-Fix-dangling-pointer-in-xsltCopyText.patch libxslt-1.1.29/debian/patches/0012-Fix-dangling-pointer-in-xsltCopyText.patch
--- libxslt-1.1.29/debian/patches/0012-Fix-dangling-pointer-in-xsltCopyText.patch	1970-01-01 01:00:00.000000000 +0100
+++ libxslt-1.1.29/debian/patches/0012-Fix-dangling-pointer-in-xsltCopyText.patch	2019-12-04 15:41:16.000000000 +0100
@@ -0,0 +1,35 @@
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sat, 17 Aug 2019 16:51:53 +0200
+Subject: Fix dangling pointer in xsltCopyText
+Origin: https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-18197
+Bug-Debian: https://bugs.debian.org/942646
+Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746
+Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768
+Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914
+
+xsltCopyText didn't reset ctxt->lasttext in some cases which could
+lead to various memory errors in relation with CDATA sections in input
+documents.
+
+Found by OSS-Fuzz.
+---
+ libxslt/transform.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libxslt/transform.c b/libxslt/transform.c
+index 95ebd0732f95..d7ab0b6677cc 100644
+--- a/libxslt/transform.c
++++ b/libxslt/transform.c
+@@ -1094,6 +1094,8 @@ xsltCopyText(xsltTransformContextPtr ctxt, xmlNodePtr target,
+ 	    if ((copy->content = xmlStrdup(cur->content)) == NULL)
+ 		return NULL;
+ 	}
++
++	ctxt->lasttext = NULL;
+     } else {
+         /*
+ 	 * normal processing. keep counters to extend the text node
+-- 
+2.20.1
+
diff -Nru libxslt-1.1.29/debian/patches/series libxslt-1.1.29/debian/patches/series
--- libxslt-1.1.29/debian/patches/series	2019-08-24 14:04:13.000000000 +0200
+++ libxslt-1.1.29/debian/patches/series	2019-12-04 15:41:16.000000000 +0100
@@ -9,3 +9,4 @@
 0009-Fix-security-framework-bypass.patch
 0010-Fix-uninitialized-read-of-xsl-number-token.patch
 0011-Fix-uninitialized-read-with-UTF-8-grouping-chars.patch
+0012-Fix-dangling-pointer-in-xsltCopyText.patch

--- End Message ---

--- Begin Message ---

To: 887324-done@bugs.debian.org, 902487-done@bugs.debian.org, 933263-done@bugs.debian.org, 935728-done@bugs.debian.org, 935970-done@bugs.debian.org, 939364-done@bugs.debian.org, 939897-done@bugs.debian.org, 939907-done@bugs.debian.org, 939967-done@bugs.debian.org, 940246-done@bugs.debian.org, 940477-done@bugs.debian.org, 940714-done@bugs.debian.org, 940715-done@bugs.debian.org, 941126-done@bugs.debian.org, 941169-done@bugs.debian.org, 941350-done@bugs.debian.org, 941452-done@bugs.debian.org, 942024-done@bugs.debian.org, 942110-done@bugs.debian.org, 942839-done@bugs.debian.org, 942840-done@bugs.debian.org, 942841-done@bugs.debian.org, 943352-done@bugs.debian.org, 943564-done@bugs.debian.org, 943606-done@bugs.debian.org, 944186-done@bugs.debian.org, 944233-done@bugs.debian.org, 944282-done@bugs.debian.org, 944794-done@bugs.debian.org, 944866-done@bugs.debian.org, 945821-done@bugs.debian.org, 945944-done@bugs.debian.org, 946159-done@bugs.debian.org, 946185-done@bugs.debian.org, 946558-done@bugs.debian.org, 946560-done@bugs.debian.org, 946570-done@bugs.debian.org, 946654-done@bugs.debian.org, 946704-done@bugs.debian.org, 946824-done@bugs.debian.org, 946907-done@bugs.debian.org, 947204-done@bugs.debian.org, 947255-done@bugs.debian.org, 947747-done@bugs.debian.org, 947834-done@bugs.debian.org, 948219-done@bugs.debian.org, 948391-done@bugs.debian.org, 948401-done@bugs.debian.org, 948465-done@bugs.debian.org, 948649-done@bugs.debian.org, 948704-done@bugs.debian.org, 948715-done@bugs.debian.org, 948730-done@bugs.debian.org, 948737-done@bugs.debian.org, 948898-done@bugs.debian.org, 949838-done@bugs.debian.org, 949853-done@bugs.debian.org, 949900-done@bugs.debian.org, 949905-done@bugs.debian.org, 949907-done@bugs.debian.org, 949909-done@bugs.debian.org, 950156-done@bugs.debian.org, 950256-done@bugs.debian.org, 950281-done@bugs.debian.org, 950309-done@bugs.debian.org

Subject: Closing bugs included in 9.12

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Date: Sat, 08 Feb 2020 14:23:35 +0000

Message-id: <a894a0233c2d264936953d7a69507573c4a5742a.camel@adam-barratt.org.uk>
Package: release.debian.org
Version: 9.12

Hi,

Each of the uploads referred to by these bugs was included in today's
oldstable point release.

Regards,

Adam
--- End Message ---

Reply to:

Prev by Date: Bug#945944: marked as done (stretch-pu: package ros-ros-comm/1.12.6-2)
Next by Date: Bug#946185: marked as done (stretch-pu: package fig2dev/1:3.2.6a-2+deb9u3)
Previous by thread: Bug#945944: marked as done (stretch-pu: package ros-ros-comm/1.12.6-2)
Next by thread: Bug#946185: marked as done (stretch-pu: package fig2dev/1:3.2.6a-2+deb9u3)
Index(es):
- Date
- Thread