Bug#863021: marked as done (libxml2: CVE-2017-9048: another stack overflow in valid.c)

[Debian Bug Tracking System]

Your message dated Wed, 23 Aug 2017 21:17:44 +0000
with message-id <e1dkd20-0006xf...@fasolo.debian.org>
and subject line Bug#863021: fixed in libxml2 2.9.1+dfsg1-5+deb8u5
has caused the Debian Bug report #863021,
regarding libxml2: CVE-2017-9048: another stack overflow in valid.c
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
863021: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863021
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: libxml2
Version: 2.9.4+dfsg1-2.2
Severity: important
Tags: upstream security
Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=781701

Hi,

the following vulnerability was published for libxml2.

CVE-2017-9048[0]:
| libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based
| buffer overflow. The function xmlSnprintfElementContent in valid.c is
| supposed to recursively dump the element content definition into a char
| buffer 'buf' of size 'size'. At the end of the routine, the function
| may strcat two more characters without checking whether the current
| strlen(buf) + 2 < size. This vulnerability causes programs that use
| libxml2, such as PHP, to crash.

The report at [1] mentions that this was reported upstream as [2], but
the upstream bug report is not yet opened. The posting at [1] contains
a patch which is not yet blessed upstream.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-9048
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
[1] http://www.openwall.com/lists/oss-security/2017/05/15/1
[2] https://bugzilla.gnome.org/show_bug.cgi?id=781701

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: libxml2
Source-Version: 2.9.1+dfsg1-5+deb8u5

We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 863...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated libxml2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 19 Aug 2017 17:31:22 +0200
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg 
libxml2-doc python-libxml2 python-libxml2-dbg
Architecture: all source
Version: 2.9.1+dfsg1-5+deb8u5
Distribution: jessie-security
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-p...@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 863018 863019 863021 863022 870865 870867 870870
Description: 
 libxml2    - GNOME XML library
 libxml2-dbg - Debugging symbols for the GNOME XML library
 libxml2-dev - Development files for the GNOME XML library
 libxml2-doc - Documentation for the GNOME XML library
 libxml2-utils - XML utilities
 libxml2-utils-dbg - XML utilities (debug extension)
 python-libxml2 - Python bindings for the GNOME XML library
 python-libxml2-dbg - Python bindings for the GNOME XML library (debug 
extension)
Changes:
 libxml2 (2.9.1+dfsg1-5+deb8u5) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Increase buffer space for port in HTTP redirect support (CVE-2017-7376)
     Incorrect limit was used for port values. (Closes: #870865)
   * Prevent unwanted external entity reference (CVE-2017-7375)
     Missing validation for external entities in xmlParsePEReference.
     (Closes: #870867)
   * Fix handling of parameter-entity references (CVE-2017-9049, CVE-2017-9050)
     - Heap-based buffer over-read in function xmlDictComputeFastKey
       (CVE-2017-9049).
     - Heap-based buffer over-read in function xmlDictAddString
       (CVE-2017-9050).
     (Closes: #863019, #863018)
   * Fix buffer size checks in xmlSnprintfElementContent (CVE-2017-9047,
     CVE-2017-9048)
     - Buffer overflow in function xmlSnprintfElementContent (CVE-2017-9047).
     - Stack-based buffer overflow in function xmlSnprintfElementContent
       (CVE-2017-9048).
     (Closes: #863022, #863021)
   * Fix type confusion in xmlValidateOneNamespace (CVE-2017-0663)
     Heap buffer overflow in xmlAddID. (Closes: #870870)
Checksums-Sha1: 
 eaab819c0731a18e9c54f4063ab224dcf6cbb601 2760 libxml2_2.9.1+dfsg1-5+deb8u5.dsc
 1ac243dfcb48cc4c6f75c047fbc615ad8dd13f34 70784 
libxml2_2.9.1+dfsg1-5+deb8u5.debian.tar.xz
 53e9469a3539c99004bf03f2d48c740d35fd11c1 815012 
libxml2-doc_2.9.1+dfsg1-5+deb8u5_all.deb
Checksums-Sha256: 
 6fe2c4e997f1ed1520cbba4474513880a1e7450de57a0c86f73c4023396609fb 2760 
libxml2_2.9.1+dfsg1-5+deb8u5.dsc
 01247e1947e2b52c4ef0e227fdd501038aa0840b8c889c26b6503a2dcd85a5d3 70784 
libxml2_2.9.1+dfsg1-5+deb8u5.debian.tar.xz
 5e3c6fc3559c5a11fd1d8fa82adc279a50e72aea8e1cfb737edb9ef56be62d56 815012 
libxml2-doc_2.9.1+dfsg1-5+deb8u5_all.deb
Files: 
 2a3af655cd7869b5c46d004574abc73e 2760 libs optional 
libxml2_2.9.1+dfsg1-5+deb8u5.dsc
 c3ad68eb36657f8205d46df58bbef1cb 70784 libs optional 
libxml2_2.9.1+dfsg1-5+deb8u5.debian.tar.xz
 20f7e4cd04c586dcebfc9d889ff8e926 815012 doc optional 
libxml2-doc_2.9.1+dfsg1-5+deb8u5_all.deb

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlmYWvlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EE0oP/0lQVfaWpw3IFFPpnuyFZE60cbGVBvkm
xcqxfQ2JakMYi9ad2l2zt/OzuH3kgXVuQq7PYQmXbTsRSETqszVjG403m4aIkIht
HrtH8JmilAtNMKmvYpuNoUpVpPHT6JERQv9PU4B4gFqgS2tPG0iwzLZvivnuoPwH
8nlHugB0eIbyudk51YP3Swh5qx3Hx6VWGxAlcPnduA8PyFRV++fRu0oriEtaff+G
hqHWnA5ZgQBUMTiClCYrjwWaYK00tIkq44l+ceoyjBusix43xoDkoQ0iekPnUMmQ
CXSLke7/pxAqp7iakQNljm6Hd8LABXMRDAeyPYGiQPa4l8z9ad5kQnJ2Hz2Inx4s
UMH/JFqFLk0FinXyYZ2gKERcwheaNGQh9nbWhWgvAdmNC8KnXBNpCSs2qk2KwmqP
TO1n3Rw7EUEulaSJwomuDz6/h8u2Kkzo2RZPkcwRfEE0pmZAIuoVChr4zJpdUQ+E
ed0kRX5m5t50csgzWpMnfbu5mRn3p0SMzdiBlAQZUHQXGNzkEsXqD5pnCAw0lFnM
kiac5oDW/7n/v/8yR9jgN6CqcGtEjtmGf+I89Nuf91ZXazjEZJW9w+caIqfbJAnB
YAGCQFYD5Mvc8d2h5LtTUINca5RZH4QL46pz7gIeGBKCmkW71CVW7CS4DpIaeC9Q
x2pYxo5jonEM
=1LfP
-----END PGP SIGNATURE-----

--- End Message ---