Your message dated Sun, 05 Apr 2026 17:00:40 +0000
with message-id <[email protected]>
and subject line Bug#1130747: fixed in lexbor 3.0.0-1~exp1
has caused the Debian Bug report #1130747,
regarding lexbor: CVE-2026-29078 CVE-2026-29079
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1130747: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130747
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: lexbor
Version: 2.6.0-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerabilities were published for lexbor.
CVE-2026-29078[0]:
| Lexbor is a web browser engine library. Prior to 2.7.0, the
| ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size
| variable between iterations. The statement ctx->buffer_used -= size
| with a stale size = 3 causes an integer underflow that wraps to
| SIZE_MAX. Afterwards, memcpy is called with a negative length,
| leading to an out‑of‑bounds read from the stack and an out‑of‑bounds
| write to the heap. The source data is partially controllable via the
| contents of the DOM tree. This vulnerability is fixed in 2.7.0.
CVE-2026-29079[1]:
| Lexbor is a web browser engine library. Prior to 2.7.0, a
| type‑confusion vulnerability exists in Lexbor’s HTML fragment
| parser. When ns = UNDEF, a comment is created using the “unknown
| element” constructor. The comment’s data are written into the
| element’s fields via an unsafe cast, corrupting the qualified_name
| field. That corrupted value is later used as a pointer and
| dereferenced near the zero page. This vulnerability is fixed in
| 2.7.0.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-29078
https://www.cve.org/CVERecord?id=CVE-2026-29078
https://github.com/lexbor/lexbor/security/advisories/GHSA-mrwr-xh7f-96v3
[1] https://security-tracker.debian.org/tracker/CVE-2026-29079
https://www.cve.org/CVERecord?id=CVE-2026-29079
https://github.com/lexbor/lexbor/security/advisories/GHSA-mrpr-v36q-2vp8
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: lexbor
Source-Version: 3.0.0-1~exp1
Done: Karsten Schöke <[email protected]>
We believe that the bug you reported is fixed in the latest version of
lexbor, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Karsten Schöke <[email protected]> (supplier of updated lexbor
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 04 Apr 2026 16:13:07 +0200
Source: lexbor
Binary: liblexbor-dev liblexbor3 liblexbor3-dbgsym
Architecture: source amd64
Version: 3.0.0-1~exp1
Distribution: experimental
Urgency: medium
Maintainer: Karsten Schöke <[email protected]>
Changed-By: Karsten Schöke <[email protected]>
Description:
liblexbor-dev - Pure C HTML and CSS renderer (development files)
liblexbor3 - Pure C HTML and CSS renderer (library)
Closes: 1130747
Changes:
lexbor (3.0.0-1~exp1) experimental; urgency=medium
.
[ Carsten Schoenert ]
* [8dab9da] d/gbp.conf: Adjust to debian/experimental
* [0cc7d04] New upstream version 3.0.0
(Closes: #1130747)
Fixes CVE-2026-29078, CVE-2026-29079
.
[ Karsten Schöke ]
* [d644623] d/copyright: Adjustment to the current year
* [4c65e49] d/liblexbor-dev.install: .pc file is now delivered from upstream.
* [bf84c33] SONAME: Change from liblexbor2 to liblexbor3
* [06eda99] d/control: Bump Standards-Version to 4.7.4
No further changes needed.
* [974b3f4] d/liblexbor3.lintian-override: Ignore one warning
Checksums-Sha1:
42051932425855d33162012fa1377dabd08a7e76 1980 lexbor_3.0.0-1~exp1.dsc
cd37796d4b7afeac524600289dbdb0fc9774450f 5586367 lexbor_3.0.0.orig.tar.gz
2a6103070df4a577dc452181f678757919f5f4c4 14716
lexbor_3.0.0-1~exp1.debian.tar.xz
732b58b612410b0bb460dff29bc7f9c258327bd4 7278
lexbor_3.0.0-1~exp1_amd64.buildinfo
5614034b866968fd8e8bef388ee31a77849869e5 1036864
liblexbor-dev_3.0.0-1~exp1_amd64.deb
1ad9ae87407f03f815e51191c81dadde43cb2c0e 885184
liblexbor3-dbgsym_3.0.0-1~exp1_amd64.deb
b8db36288d7c4f5bb6a66fd224c38686b18d4586 580792
liblexbor3_3.0.0-1~exp1_amd64.deb
Checksums-Sha256:
dd230b9139dc2bb8a06e4d641b41cab5fcd7dc7687050acbad24fea3b88929ab 1980
lexbor_3.0.0-1~exp1.dsc
6c10e42eff581a7996ac91764a394f2375f1dae8a583634169343725e29fa770 5586367
lexbor_3.0.0.orig.tar.gz
5a85f7ee954ea42898015a9d232bec624d0fa7d02632088ca9644ad68907c910 14716
lexbor_3.0.0-1~exp1.debian.tar.xz
ea8584333329f65d31d80e14cbf2786b2a052c98b8fcc81ad3580df9eb629dec 7278
lexbor_3.0.0-1~exp1_amd64.buildinfo
90e5e381c232850066f31da3c419457178e746c43354ac9afce1ec1bda3c2eba 1036864
liblexbor-dev_3.0.0-1~exp1_amd64.deb
ea8435d30d803ec9b760b5326ab518f973d93ed648fc053cef345b29edafc96f 885184
liblexbor3-dbgsym_3.0.0-1~exp1_amd64.deb
70b08c5419ee9cdab32bdfbc4ecbeda7e1fcd26872ebf412ef0c930db028f6c2 580792
liblexbor3_3.0.0-1~exp1_amd64.deb
Files:
032407f5a89be8a0b93a3a7ddc5bd291 1980 libs optional lexbor_3.0.0-1~exp1.dsc
b72d04015e6633fe2c16727668460f98 5586367 libs optional lexbor_3.0.0.orig.tar.gz
d0d2372a4ddfc7f35c6b6a9d07da4d15 14716 libs optional
lexbor_3.0.0-1~exp1.debian.tar.xz
246580dee6fd13db5932b3d6efd43bd9 7278 libs optional
lexbor_3.0.0-1~exp1_amd64.buildinfo
7b802645f39636f103221c06af4224e5 1036864 libdevel optional
liblexbor-dev_3.0.0-1~exp1_amd64.deb
9b7bbfae72f268c901cfb36b3acbc0c4 885184 debug optional
liblexbor3-dbgsym_3.0.0-1~exp1_amd64.deb
85528165fa4c87f22ab1a72067adc037 580792 libs optional
liblexbor3_3.0.0-1~exp1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtw38bxNP7PwBHmKqgwFgFCUdHbAFAmnSAuQACgkQgwFgFCUd
HbCsLQ//YuioRwKxoBLo8fNBb6AVPolOqZTCy9/wZtjUcPEpVaVnPnhrEfxHEt0c
NuUZXMoE3VEJ0WoBPmJf075vINjmskiYs0sjtKCwAdFlnlvh9qDwTsgt9ZTW8E/9
UP7Li5H3vMF9hPSkoTe1Op6YpfY4HcIcL42ElR4Qtco5olsxoT0dVwEMY5i05OXp
vmCC67vGe+/y9or9omAWxN88yB1eny5/z4BNGoVC3TcC4WRwVcc1NxSGgEhW1Gj7
ITev4miltIzL+kkVXWwPRch1HxCnDTJmfjexdR4Dl3I4kjY4IG9FgkWsqeOvSGqn
RHALzDA6+x4p2Ye26aPv/bitP8yJ4j4xRGXEogzlf3NJ0XW0i673EwAvPzIX9Ox5
nSQBhcWGX5tIFnYHJJU1cUwiebvupzL/7PezUXqXIbQTD8FS4J6dN8V4vgyUo/sK
hsxu8EejH4jyJ7Hoo1MR0cdVNRJQxf+pDkEEWYTBQu9SG8/c3mNbOvqDL2LuKQN8
t3jiMLALZ9DNIhdxcJj706zeStmuWie7PoabdtR/JRkDAkzdQG/99hWADcXiy6nK
K4rVFKAL5mfATdVzhjPUlIfHdiZqlJUXWVbMJcP6hHeB8CP8EHi3joWLqKoom9H+
vT3laqfGffwp2Uux5OkeoduqsW5QwyaZvy1LjyJ88vRZlUUP4HM=
=Y7Uo
-----END PGP SIGNATURE-----
pgpn2FrqQCpVp.pgp
Description: PGP signature
--- End Message ---
