Bug#656377: marked as done (libxml2: [PATCH] fix for CVE-2011-3919)

Debian Bug Tracking System Sat, 28 Jan 2012 11:33:21 -0800

Your message dated Sat, 28 Jan 2012 19:32:14 +0000
with message-id <e1rre0u-00037t...@franck.debian.org>
and subject line Bug#656377: fixed in libxml2 2.7.8.dfsg-2+squeeze2
has caused the Debian Bug report #656377,
regarding libxml2: [PATCH] fix for CVE-2011-3919
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
656377: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656377
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libxml2
Version: 2.7.8.dfsg-5.1
Severity: grave
Tags: patch security
Justification: user security hole
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu precise ubuntu-patch

Dear Maintainer,

In Ubuntu, the attached patch was applied to achieve the following:

  * SECURITY UPDATE: denial of service via buffer overflow
    - parser.c: fix an allocation error when copying entities
    - 5bd3c061823a8499b27422aee04ea20aae24f03e
    - CVE-2011-3919

Thanks for considering the patch.

References:
http://git.gnome.org/browse/libxml2/commit/?id=5bd3c061823a8499b27422aee04ea20aae24f03e
http://src.chromium.org/svn/trunk/src/third_party/libxml/README.chromium
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3919
http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html


-- System Information:
Debian Release: wheezy/sid
  APT prefers precise-updates
  APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500, 
'precise')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-8-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -u libxml2-2.7.8.dfsg/parser.c libxml2-2.7.8.dfsg/parser.c
--- libxml2-2.7.8.dfsg/parser.c
+++ libxml2-2.7.8.dfsg/parser.c
@@ -2709,7 +2709,7 @@
 
 		buffer[nbchars++] = '&';
 		if (nbchars > buffer_size - i - XML_PARSER_BUFFER_SIZE) {
-		    growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
+		    growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE);
 		}
 		for (;i > 0;i--)
 		    buffer[nbchars++] = *cur++;
diff -u libxml2-2.7.8.dfsg/debian/changelog libxml2-2.7.8.dfsg/debian/changelog

--- End Message ---

--- Begin Message ---

Source: libxml2
Source-Version: 2.7.8.dfsg-2+squeeze2

We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive:

libxml2-dbg_2.7.8.dfsg-2+squeeze2_amd64.deb
  to main/libx/libxml2/libxml2-dbg_2.7.8.dfsg-2+squeeze2_amd64.deb
libxml2-dev_2.7.8.dfsg-2+squeeze2_amd64.deb
  to main/libx/libxml2/libxml2-dev_2.7.8.dfsg-2+squeeze2_amd64.deb
libxml2-doc_2.7.8.dfsg-2+squeeze2_all.deb
  to main/libx/libxml2/libxml2-doc_2.7.8.dfsg-2+squeeze2_all.deb
libxml2-utils_2.7.8.dfsg-2+squeeze2_amd64.deb
  to main/libx/libxml2/libxml2-utils_2.7.8.dfsg-2+squeeze2_amd64.deb
libxml2_2.7.8.dfsg-2+squeeze2.diff.gz
  to main/libx/libxml2/libxml2_2.7.8.dfsg-2+squeeze2.diff.gz
libxml2_2.7.8.dfsg-2+squeeze2.dsc
  to main/libx/libxml2/libxml2_2.7.8.dfsg-2+squeeze2.dsc
libxml2_2.7.8.dfsg-2+squeeze2_amd64.deb
  to main/libx/libxml2/libxml2_2.7.8.dfsg-2+squeeze2_amd64.deb
python-libxml2-dbg_2.7.8.dfsg-2+squeeze2_amd64.deb
  to main/libx/libxml2/python-libxml2-dbg_2.7.8.dfsg-2+squeeze2_amd64.deb
python-libxml2_2.7.8.dfsg-2+squeeze2_amd64.deb
  to main/libx/libxml2/python-libxml2_2.7.8.dfsg-2+squeeze2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 656...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aron Xu <a...@debian.org> (supplier of updated libxml2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 24 Jan 2012 03:25:23 +0800
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc 
python-libxml2 python-libxml2-dbg
Architecture: source amd64 all
Version: 2.7.8.dfsg-2+squeeze2
Distribution: stable-security
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-p...@lists.alioth.debian.org>
Changed-By: Aron Xu <a...@debian.org>
Description: 
 libxml2    - GNOME XML library
 libxml2-dbg - Debugging symbols for the GNOME XML library
 libxml2-dev - Development files for the GNOME XML library
 libxml2-doc - Documentation for the GNOME XML library
 libxml2-utils - XML utilities
 python-libxml2 - Python bindings for the GNOME XML library
 python-libxml2-dbg - Python bindings for the GNOME XML library (debug 
extension)
Closes: 643648 652352 656377
Changes: 
 libxml2 (2.7.8.dfsg-2+squeeze2) stable-security; urgency=high
 .
   * Security update.
   * parser.c: Fix an allocation error when copying entities.
     CVE-2011-3919. Closes: #656377.
   * parser.c: Make sure parser returns when getting a Stop order.
     CVE-2011-3905.
   * encoding.c: Fix off by one error. CVE-2011-0216. Closes: 652352.
   * xpath.c: Fix for undefined namespaces. CVE-2011-2834.
   * xpath.c, xpointer.c, include/libxml/xpath.h:
     Hardening of XPath evaluation. CVE-2011-2821. Closes: 643648.
Checksums-Sha1: 
 4d579893c3c9a69c7a1501b9ad4ce19c902d7538 1848 libxml2_2.7.8.dfsg-2+squeeze2.dsc
 a6c44a21925893c5ae0d1f7278707f1dd943041c 114123 
libxml2_2.7.8.dfsg-2+squeeze2.diff.gz
 602dfbdba01bfe2f7c077bb920cd34be482dbac0 872698 
libxml2_2.7.8.dfsg-2+squeeze2_amd64.deb
 59e7ebb7d11d0d8d8a82c11282bfbdeceaeb12dd 93562 
libxml2-utils_2.7.8.dfsg-2+squeeze2_amd64.deb
 a0772e321ee20d49179ca7a9493d14981e3e01b6 829522 
libxml2-dev_2.7.8.dfsg-2+squeeze2_amd64.deb
 f0b2bf8baa6b5bce186fd0d27775f15044452005 989434 
libxml2-dbg_2.7.8.dfsg-2+squeeze2_amd64.deb
 2f54b26e35dae817df246be61e8b49515248273b 1344280 
libxml2-doc_2.7.8.dfsg-2+squeeze2_all.deb
 69790763f51d513364d5e114d62a9dec299f9e00 337756 
python-libxml2_2.7.8.dfsg-2+squeeze2_amd64.deb
 dbecb1b40a1d5f91c4d38d527bcb7a955bda98b9 871316 
python-libxml2-dbg_2.7.8.dfsg-2+squeeze2_amd64.deb
Checksums-Sha256: 
 6b800b7613067d10cac87f102e63c8f5a486ec9020cd48fee46b2944accd1cb9 1848 
libxml2_2.7.8.dfsg-2+squeeze2.dsc
 4e47516b5fb6070c897bec33ac64f7aba23cdc56e8df5b90eaf27c0a45a6e95f 114123 
libxml2_2.7.8.dfsg-2+squeeze2.diff.gz
 3752043bae775ad3ffeef4df72f79a59200560c300ddd25cd416f5510a67f0a7 872698 
libxml2_2.7.8.dfsg-2+squeeze2_amd64.deb
 1b40087c1bacd9e3986a6134b42c80bab7f391cb310d3cb69a783daaa260f893 93562 
libxml2-utils_2.7.8.dfsg-2+squeeze2_amd64.deb
 a5f197bd4053c849ac4ab4cf9d0d4d1a59e44c6fcab94686965afffc1f619d5a 829522 
libxml2-dev_2.7.8.dfsg-2+squeeze2_amd64.deb
 1f53495e18fd6a8d662f4819f23e2ef6da72da840d88c54aa373a1e5f6777710 989434 
libxml2-dbg_2.7.8.dfsg-2+squeeze2_amd64.deb
 12d013eb556c71704f3edd1c2bf3ea73a37920fd7281120808ebe48c3c724684 1344280 
libxml2-doc_2.7.8.dfsg-2+squeeze2_all.deb
 758d069118af14a5d8cd27eae6ccda37cd6d7aafdac821ec2609f76dc003cb9c 337756 
python-libxml2_2.7.8.dfsg-2+squeeze2_amd64.deb
 51933e3f1062421b1f562e3419037f7790460928f8eaeee257435cee36fea6a0 871316 
python-libxml2-dbg_2.7.8.dfsg-2+squeeze2_amd64.deb
Files: 
 2289a483906e1bd815ac66723b1171fa 1848 libs optional 
libxml2_2.7.8.dfsg-2+squeeze2.dsc
 af0c7c2a628935f4c5e19a05731f2b65 114123 libs optional 
libxml2_2.7.8.dfsg-2+squeeze2.diff.gz
 a6e62127cb8bffb6e592b8175b337a1a 872698 libs standard 
libxml2_2.7.8.dfsg-2+squeeze2_amd64.deb
 41504ec2093d29ec6125ff5e9fce42c2 93562 text optional 
libxml2-utils_2.7.8.dfsg-2+squeeze2_amd64.deb
 3acf0aecf78055eb53b8296c1a0824fc 829522 libdevel optional 
libxml2-dev_2.7.8.dfsg-2+squeeze2_amd64.deb
 182a9fa5e1a65650e2b0510384ed1736 989434 debug extra 
libxml2-dbg_2.7.8.dfsg-2+squeeze2_amd64.deb
 73772ba505e876f8525a5b5dbfca0201 1344280 doc optional 
libxml2-doc_2.7.8.dfsg-2+squeeze2_all.deb
 c97e21d629f7834c03b6a95eae5125d1 337756 python optional 
python-libxml2_2.7.8.dfsg-2+squeeze2_amd64.deb
 200a40737ccf8a659618961693e99af2 871316 debug extra 
python-libxml2-dbg_2.7.8.dfsg-2+squeeze2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBCgAGBQJPHpGaAAoJEIAhAkTu07wNTBAIAK5JzAj+YHj6mIy+PcZQTxzp
5+wJ+omkhijL+UtDrCE3ZkimZcjf7PWoc8bLbiCjEeBb+PfD9oIE2dJUXN08iPKG
aPJNiXEt43L6Xp4mAQ7eGA7Onm5iEw+IGtZrS6ziOZQBrwN15QanvK93Am0XOFO9
8/CQPxeFEC/ZS6AWGrk7rEi4SD2UgYE0lrh2Tc4I7Jm9AlSY14nRaJkxPKdhoBfw
x0SVZZ0IYwx0mltLqkUwvMRVx8cSG6NAlr1BfrzVOkK87W/auNVi7Lcu8fs0E9bA
Nwjl3W8Sfzf7R3z/Wn+08fYk3GMNRkmruTxa4HdiPKbiYw55LxsPXbevQOOcpzc=
=rzTR
-----END PGP SIGNATURE-----

--- End Message ---

Bug#656377: marked as done (libxml2: [PATCH] fix for CVE-2011-3919)

Reply via email to