[Desktop-packages] [Bug 1201849] Re: libxml2 security update regression

Launchpad Bug Tracker Wed, 17 Jul 2013 06:23:09 -0700

This bug was fixed in the package libxml2 - 2.7.6.dfsg-1ubuntu1.10

---------------
libxml2 (2.7.6.dfsg-1ubuntu1.10) lucid-security; urgency=low


  * SECURITY REGRESSION: regression with lxml (LP: #1201849)
    - parser.c: revised to fix regression, and a couple of wrong return
      values.
    - CVE-2013-2877
 -- Marc Deslauriers <marc.deslauri...@ubuntu.com>   Tue, 16 Jul 2013 14:08:20 
-0400

** Changed in: libxml2 (Ubuntu Lucid)
       Status: New => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2877

** Changed in: libxml2 (Ubuntu Quantal)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libxml2 in Ubuntu.
https://bugs.launchpad.net/bugs/1201849

Title:
  libxml2 security update regression

Status in “libxml2” package in Ubuntu:
  New
Status in “libxml2” source package in Lucid:
  Fix Released
Status in “libxml2” source package in Precise:
  Fix Released
Status in “libxml2” source package in Quantal:
  Fix Released
Status in “libxml2” source package in Raring:
  New

Bug description:
  USN-1904-1 seems to have introduced a regression.

  See
  https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1194410/comments/5

  Steps to reproduce:

  >>> from io import BytesIO
  >>> from lxml import etree
  >>> xml='''<root>
  ... <child name='one' />
  ... <child name='two' />
  ... </root>
  ... '''
  >>> document = etree.iterparse(BytesIO(xml), events=('end',), tag='root')
  >>> for action, elem in document:
  ... print("%s: %s" % (action, elem.tag))
  ...
  end: root
  >>> file('/tmp/test.xml', 'w').write(xml)
  >>> document = etree.iterparse('/tmp/test.xml', events=('end',), tag='root')
  >>> for action, elem in document:
  ... print("%s: %s" % (action, elem.tag))
  ...
  end: root
  Traceback (most recent call last):
    File "<stdin>", line 1, in <module>
    File "iterparse.pxi", line 478, in lxml.etree.iterparse.__next__ 
(src/lxml/lxml.etree.c:98432)
    File "iterparse.pxi", line 530, in lxml.etree.iterparse._read_more_events 
(src/lxml/lxml.etree.c:98953)
    File "parser.pxi", line 601, in lxml.etree._raiseParseError 
(src/lxml/lxml.etree.c:74863)
  lxml.etree.XMLSyntaxError: None

  Can reproduce on Precise and Quantal

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1201849/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1201849] Re: libxml2 security update regression

Reply via email to