Control: tags -1 - moreinfo On Mon, 29 Jan 2024 at 21:55:37 +0000, Adam D. Barratt wrote: > > On Thu, 2024-01-25 at 04:45 +0100, Guilhem Moulin wrote: >> Fix CVE-2023-34194: Reachable assertion (and application exit) via a >> crafted XML document with a '\0' located after whitespace. > > + * Fix CVE-2023-34194 / CVE-2023-40462: Reachable assertion (and > application > > As far as I can tell from the Security Tracker, CVE-2023-40462 > specifically refers to TinyXML's use in software that isn't in Debian. > Does it make sense to mention it in the changelog?
That CVE was assigned to TinyXML until https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e507c932b999df48f808969c00f07a638e3357b , see also https://bugs.debian.org/1059315 . But fair enough, new debiff attached :-) -- Guilhem.
diffstat for tinyxml-2.6.2 tinyxml-2.6.2 changelog | 9 +++++++++ patches/CVE-2023-34194.patch | 27 +++++++++++++++++++++++++++ patches/series | 1 + 3 files changed, 37 insertions(+) diff -Nru tinyxml-2.6.2/debian/changelog tinyxml-2.6.2/debian/changelog --- tinyxml-2.6.2/debian/changelog 2021-12-12 23:53:05.000000000 +0100 +++ tinyxml-2.6.2/debian/changelog 2024-01-25 04:27:36.000000000 +0100 @@ -1,3 +1,12 @@ +tinyxml (2.6.2-6+deb12u1) bookworm; urgency=medium + + * Non-maintainer upload. + * Fix CVE-2023-34194: Reachable assertion (and application exit) via a + crafted XML document with a '\0' located after whitespace. + (Closes: #1059315) + + -- Guilhem Moulin <guil...@debian.org> Thu, 25 Jan 2024 04:27:36 +0100 + tinyxml (2.6.2-6) unstable; urgency=medium * Import fix for CVE-2021-42260. diff -Nru tinyxml-2.6.2/debian/patches/CVE-2023-34194.patch tinyxml-2.6.2/debian/patches/CVE-2023-34194.patch --- tinyxml-2.6.2/debian/patches/CVE-2023-34194.patch 1970-01-01 01:00:00.000000000 +0100 +++ tinyxml-2.6.2/debian/patches/CVE-2023-34194.patch 2024-01-25 04:27:36.000000000 +0100 @@ -0,0 +1,27 @@ +From: Guilhem Moulin <guil...@debian.org> +Date: Sat, 30 Dec 2023 14:15:54 +0100 +Subject: Avoid reachable assertion via crafted XML document with a '\0' + located after whitespace + +Bug: https://www.forescout.com/resources/sierra21-vulnerabilities +Bug-Debian: https://bugs.debian.org/1059315 +Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2023-34194 +--- + tinyxmlparser.cpp | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/tinyxmlparser.cpp b/tinyxmlparser.cpp +index 8aa0dfa..1601962 100644 +--- a/tinyxmlparser.cpp ++++ b/tinyxmlparser.cpp +@@ -1606,6 +1606,10 @@ const char* TiXmlDeclaration::Parse( const char* p, TiXmlParsingData* data, TiXm + } + + p = SkipWhiteSpace( p, _encoding ); ++ if ( !p || !*p ) ++ { ++ break; ++ } + if ( StringEqual( p, "version", true, _encoding ) ) + { + TiXmlAttribute attrib; diff -Nru tinyxml-2.6.2/debian/patches/series tinyxml-2.6.2/debian/patches/series --- tinyxml-2.6.2/debian/patches/series 2021-12-12 23:48:07.000000000 +0100 +++ tinyxml-2.6.2/debian/patches/series 2024-01-25 04:27:36.000000000 +0100 @@ -1,3 +1,4 @@ enforce-use-stl.patch entity-encoding.patch CVE-2021-42260.patch +CVE-2023-34194.patch
signature.asc
Description: PGP signature