Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock libxml2/2.8.0+dfsg1-7, this fixes CVE-2012-5134, that's Bug #694521. -- Regards, Aron Xu
diff -Nru libxml2-2.8.0+dfsg1/debian/changelog libxml2-2.8.0+dfsg1/debian/changelog --- libxml2-2.8.0+dfsg1/debian/changelog 2012-10-07 14:20:32.000000000 +0800 +++ libxml2-2.8.0+dfsg1/debian/changelog 2012-11-28 22:56:13.000000000 +0800 @@ -1,3 +1,11 @@ +libxml2 (2.8.0+dfsg1-7) unstable; urgency=low + + [ Daniel Veillard ] + * Fix potential out of bound access + CVE-2012-5134, Closes: #694521. + + -- Aron Xu <a...@debian.org> Wed, 28 Nov 2012 22:40:13 +0800 + libxml2 (2.8.0+dfsg1-6) unstable; urgency=low [ Daniel Veillard ] diff -Nru libxml2-2.8.0+dfsg1/debian/patches/0006-Fix-potential-out-of-bound-access.patch libxml2-2.8.0+dfsg1/debian/patches/0006-Fix-potential-out-of-bound-access.patch --- libxml2-2.8.0+dfsg1/debian/patches/0006-Fix-potential-out-of-bound-access.patch 1970-01-01 08:00:00.000000000 +0800 +++ libxml2-2.8.0+dfsg1/debian/patches/0006-Fix-potential-out-of-bound-access.patch 2012-11-28 22:56:13.000000000 +0800 @@ -0,0 +1,22 @@ +From: Daniel Veillard <veill...@redhat.com> +Date: Wed, 28 Nov 2012 22:38:50 +0800 +Subject: Fix potential out of bound access + +--- + parser.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/parser.c b/parser.c +index 9863275..e1b0364 100644 +--- a/parser.c ++++ b/parser.c +@@ -3932,7 +3932,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) { + c = CUR_CHAR(l); + } + if ((in_space) && (normalize)) { +- while (buf[len - 1] == 0x20) len--; ++ while ((len > 0) && (buf[len - 1] == 0x20)) len--; + } + buf[len] = 0; + if (RAW == '<') { +-- diff -Nru libxml2-2.8.0+dfsg1/debian/patches/series libxml2-2.8.0+dfsg1/debian/patches/series --- libxml2-2.8.0+dfsg1/debian/patches/series 2012-10-07 14:16:14.000000000 +0800 +++ libxml2-2.8.0+dfsg1/debian/patches/series 2012-11-28 22:56:13.000000000 +0800 @@ -3,3 +3,4 @@ 0003-Fix-parser-local-buffers-size-problems.patch 0004-Fix-entities-local-buffers-size-problems.patch 0005-Fix-a-failure-to-report-xmlreader-parsing-failures.patch +0006-Fix-potential-out-of-bound-access.patch
signature.asc
Description: Digital signature