Your message dated Sat, 17 Dec 2022 10:57:10 +0000 with message-id <03e9b90cf2f149b9e2835590c9ec0ccb048b744d.camel@adam-barratt.org.uk> and subject line Closing p-u requests for fixes included in 11.6 has caused the Debian Bug report #1023105, regarding bullseye-pu: package tinyxml/2.6.2-4+deb11u1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1023105: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023105 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: bullseye-pu: package tinyxml/2.6.2-4+deb11u1
- From: Felix Geyer <fgeyer@debian.org>
- Date: Sun, 30 Oct 2022 10:31:36 +0100
- Message-id: <528ff77c-53e2-6fa1-b635-1a4e762b9210@debian.org>
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian.org@packages.debian.org Usertags: pu [ Reason ] Fixing the no-dsa tagged CVE-2021-42260 [ Impact ] DoS vulnerability [ Tests ] General testing of a few reverse-dependencies. [ Risks ] Targeted fix that has been sitting in bookworm, stretch and buster for a while without any bug reports. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Fixes potential infinite loop in parser code.diff -Nru tinyxml-2.6.2/debian/changelog tinyxml-2.6.2/debian/changelog --- tinyxml-2.6.2/debian/changelog 2016-10-20 20:36:11.000000000 +0200 +++ tinyxml-2.6.2/debian/changelog 2022-10-20 16:32:51.000000000 +0200 @@ -1,3 +1,10 @@ +tinyxml (2.6.2-4+deb11u1) bullseye; urgency=medium + + * Import fix for CVE-2021-42260. + - Add CVE-2021-42260.patch + + -- Felix Geyer <fgeyer@debian.org> Thu, 20 Oct 2022 16:32:51 +0200 + tinyxml (2.6.2-4) unstable; urgency=medium [ Helmut Grohne ] diff -Nru tinyxml-2.6.2/debian/patches/CVE-2021-42260.patch tinyxml-2.6.2/debian/patches/CVE-2021-42260.patch --- tinyxml-2.6.2/debian/patches/CVE-2021-42260.patch 1970-01-01 01:00:00.000000000 +0100 +++ tinyxml-2.6.2/debian/patches/CVE-2021-42260.patch 2022-10-20 16:31:07.000000000 +0200 @@ -0,0 +1,23 @@ +Description: In stamp always advance the pointer if *p= 0xef + . + The current implementation only advanced if 0xef is followed + by two non-zero bytes. In case of malformed input (0xef should be + the start byte of a three byte character) this leads to an infinite + loop. (CVE-2021-42260) +Origin: https://sourceforge.net/p/tinyxml/git/merge-requests/1/ + +--- a/tinyxmlparser.cpp ++++ b/tinyxmlparser.cpp +@@ -274,6 +274,12 @@ void TiXmlParsingData::Stamp( const char* now, TiXmlEncoding encoding ) + else + { p +=3; ++col; } // A normal character. + } ++ else ++ { ++ // TIXML_UTF_LEAD_0 (239) is the start character of a 3 byte sequence, so ++ // there is something wrong here. Just advance the pointer to evade infinite loops ++ ++p; ++ } + } + else + { diff -Nru tinyxml-2.6.2/debian/patches/series tinyxml-2.6.2/debian/patches/series --- tinyxml-2.6.2/debian/patches/series 2011-05-19 10:42:07.000000000 +0200 +++ tinyxml-2.6.2/debian/patches/series 2022-10-20 16:32:49.000000000 +0200 @@ -1,2 +1,3 @@ enforce-use-stl.patch entity-encoding.patch +CVE-2021-42260.patch
--- End Message ---
--- Begin Message ---
- To: 1017723-done@bugs.debian.org, 1018977-done@bugs.debian.org, 1019539-done@bugs.debian.org, 1019915-done@bugs.debian.org, 1020224-done@bugs.debian.org, 1020443-done@bugs.debian.org, 1020596-done@bugs.debian.org, 1020853-done@bugs.debian.org, 1021130-done@bugs.debian.org, 1021172-done@bugs.debian.org, 1021186-done@bugs.debian.org, 1021214-done@bugs.debian.org, 1021426-done@bugs.debian.org, 1021645-done@bugs.debian.org, 1021647-done@bugs.debian.org, 1021651-done@bugs.debian.org, 1021777-done@bugs.debian.org, 1021838-done@bugs.debian.org, 1021963-done@bugs.debian.org, 1022122-done@bugs.debian.org, 1022860-done@bugs.debian.org, 1023064-done@bugs.debian.org, 1023105-done@bugs.debian.org, 1023118-done@bugs.debian.org, 1023261-done@bugs.debian.org, 1023263-done@bugs.debian.org, 1023423-done@bugs.debian.org, 1023602-done@bugs.debian.org, 1023798-done@bugs.debian.org, 1023981-done@bugs.debian.org, 1024054-done@bugs.debian.org, 1024385-done@bugs.debian.org, 1024480-done@bugs.debian.org, 1024745-done@bugs.debian.org, 1024850-done@bugs.debian.org, 1025010-done@bugs.debian.org, 1025083-done@bugs.debian.org, 1025137-done@bugs.debian.org, 1025173-done@bugs.debian.org, 1025204-done@bugs.debian.org, 1025205-done@bugs.debian.org, 1025323-done@bugs.debian.org, 1025387-done@bugs.debian.org, 1025414-done@bugs.debian.org, 1025553-done@bugs.debian.org, 1025601-done@bugs.debian.org, 1025646-done@bugs.debian.org, 1025651-done@bugs.debian.org, 1025652-done@bugs.debian.org, 1025700-done@bugs.debian.org, 1025710-done@bugs.debian.org, 1025716-done@bugs.debian.org, 1025750-done@bugs.debian.org, 1025754-done@bugs.debian.org, 1025755-done@bugs.debian.org, 1025756-done@bugs.debian.org, 1025758-done@bugs.debian.org, 1025764-done@bugs.debian.org, 1025766-done@bugs.debian.org, 1025773-done@bugs.debian.org, 1025774-done@bugs.debian.org, 1025809-done@bugs.debian.org
- Subject: Closing p-u requests for fixes included in 11.6
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Sat, 17 Dec 2022 10:57:10 +0000
- Message-id: <03e9b90cf2f149b9e2835590c9ec0ccb048b744d.camel@adam-barratt.org.uk>
Package: release.debian.org Version: 11.6 Hi, Each of the updates referred to in these requests was included in this morning's 11.6 point release. Regards, Adam
--- End Message ---