Bug#1061473: bookworm-pu: package tinyxml/2.6.2-6+deb12u1

To: Guilhem Moulin <guilhem@debian.org>, 1061473@bugs.debian.org
Subject: Bug#1061473: bookworm-pu: package tinyxml/2.6.2-6+deb12u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Mon, 29 Jan 2024 21:55:37 +0000
Message-id: <[🔎] 34ba29dbff45440877d8d01171b768cfbe171dc3.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1061473@bugs.debian.org
In-reply-to: <[🔎] ZbHZc3-GKn4-ZkIT@debian.org>
References: <[🔎] ZbHZc3-GKn4-ZkIT@debian.org> <[🔎] ZbHZc3-GKn4-ZkIT@debian.org>

Control: tags -1 + moreinfo

On Thu, 2024-01-25 at 04:45 +0100, Guilhem Moulin wrote:
> Fix CVE-2023-34194: Reachable assertion (and application exit) via a
> crafted XML document with a '\0' located after whitespace.

+  * Fix CVE-2023-34194 / CVE-2023-40462: Reachable assertion (and
application

As far as I can tell from the Security Tracker, CVE-2023-40462
specifically refers to TinyXML's use in software that isn't in Debian.
Does it make sense to mention it in the changelog?

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#1061473: bookworm-pu: package tinyxml/2.6.2-6+deb12u1
  - From: Guilhem Moulin <guilhem@debian.org>

References:
- Bug#1061473: bookworm-pu: package tinyxml/2.6.2-6+deb12u1
  - From: Guilhem Moulin <guilhem@debian.org>

Prev by Date: Processed: Re: Bug#1061465: bookworm-pu: package usbutils/014-1+deb12u1
Next by Date: Bug#1061487: bookworm-pu: package rpm/4.18.0+dfsg-1+deb12u1
Previous by thread: Processed: bookworm-pu: package tinyxml/2.6.2-6+deb12u1
Next by thread: Bug#1061473: bookworm-pu: package tinyxml/2.6.2-6+deb12u1
Index(es):
- Date
- Thread