Bug#1002994: marked as done (expat: CVE-2021-45960: A large number of prefixed XML attributes on a single tag can crash libexpat (troublesome left shifts by >=29 bits in function storeAtts))

[Debian Bug Tracking System]

Your message dated Mon, 17 Jan 2022 07:17:50 +0100
with message-id <yeukdu8nluekw...@eldamar.lan>
and subject line ftpmas...@ftp-master.debian.org: Accepted expat 2.4.3-1 
(source) into unstable
has caused the Debian Bug report #1002994,
regarding expat: CVE-2021-45960: A large number of prefixed XML attributes on a 
single tag can crash libexpat (troublesome left shifts by >=29 bits in function 
storeAtts)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1002994: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002994
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: expat
Version: 2.4.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/libexpat/libexpat/issues/531
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 2.2.10-2
Control: found -1 2.2.6-2+deb10u1
Control: found -1 2.2.6-2

Hi,

The following vulnerability was published for expat.

CVE-2021-45960[0]:
| In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more)
| places in the storeAtts function in xmlparse.c can lead to realloc
| misbehavior (e.g., allocating too few bytes, or only freeing memory).


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-45960
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960
[1] https://github.com/libexpat/libexpat/issues/531

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: expat
Source-Version: 2.4.3-1

----- Forwarded message from Debian FTP Masters 
<ftpmas...@ftp-master.debian.org> -----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 16 Jan 2022 21:48:09 +0100
Source: expat
Architecture: source
Version: 2.4.3-1
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <g...@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <g...@debian.org>
Changes:
 expat (2.4.3-1) unstable; urgency=high
 .
   * New upstream release:
     - fixes CVE-2021-45960: left shifts by >=29 places resulting in realloc
       acting as free, realloc allocating too few bytes, undefined behavior
       depending on architecture,
     - fixes CVE-2021-46143: integer overflow leading to realloc acting
       as free,
     - fixes CVE-2022-22822: integer overflow in function addBinding,
     - fixes CVE-2022-22823: integer overflow in function build_model,
     - fixes CVE-2022-22824: integer overflow in function defineAttribute,
     - fixes CVE-2022-22825: integer overflow in function lookup,
     - fixes CVE-2022-22826: integer overflow in function nextScaffoldPart,
     - fixes CVE-2022-22827: integer overflow in function storeAtts.
Checksums-Sha1:
 34a78e57ed280a482cf8611234594e4fc734fbcc 1981 expat_2.4.3-1.dsc
 5983dfbff19b3eca57cf5785e1daccc6b8534a90 8311959 expat_2.4.3.orig.tar.gz
 9c3977803c171ad10beef715b3f393b1cf1d4838 12188 expat_2.4.3-1.debian.tar.xz
Checksums-Sha256:
 30122d6411559157415dcb26ece0a49d6c5ecc2cb54ae52424d2204cdf9dbd24 1981 
expat_2.4.3-1.dsc
 edd734dbc54668839185f95f530f45e2221c478929eb47ca9647c5ec803c1417 8311959 
expat_2.4.3.orig.tar.gz
 73058dee32607be8e8cb9df740f4b215b3229d6766fa86705b1b7fefe92a53cf 12188 
expat_2.4.3-1.debian.tar.xz
Files:
 7327579a0e92f0c00244caee015976b1 1981 text optional expat_2.4.3-1.dsc
 0e81bfaafdd60524f7b0d09c8aae8cd0 8311959 text optional expat_2.4.3.orig.tar.gz
 b86ef868cc6a5f27906335e501574f2b 12188 text optional 
expat_2.4.3-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmHkkk8ACgkQ3OMQ54ZM
yL+wIBAAnVY9LLvpKg4WRqxAVwM7MXeBaogVkmwAqTRdr9HVOnjRX84vNcgVpwKb
RphiIT9K86BChR2S1HXS28lX5oeHQp97QrXpB7fQd92oMoZr3F/4cBDuFVcm0GGB
ZK0gaEbkmAjA4WFcpqPlTwHe/+nrWYWI5GmSM6GsGXE59uXHNmeEf/tRv5jjWSAc
GlW55m2Qa8fYTGi2DjvpwHj/dJ25EfzzCgW2w3BclpJJIhgrupO5/nQoWEsPDicM
m+NevV6nkCEnUIPZg9Zljiuo7A3Z1xyKq7ObstOESkWskyNmnWrHT7Y514TgE/+u
708VR8vHWyuVszgmcq3CsJH+5m+gIObhc9QU/U8BTsyJr7LrQ/VdRx4AdYEwqFAL
t/6FaYJnXPwkvLrZREgjznjIJhdsfjYqjKwM4q5fUL4T7p9TAx3W9AxhlSzx3i3l
HxpXyww7BK5vW8oAziPeRj3Cf/ePUsOIawSHVoV4AIfkid4GNx9deIPsKnt+PL+j
C3L2l1ti1IJkudxE0AUrwKaSbxiTdac+QU+aQzKuWhGHlXUGq2hJpOp3WH2VIncY
3R6vPQ5MvQ4wi8sdvSyIqmsH4DKI/yGTNVL/DAjlfuMuHTiAIZrpxZl2WA1r/17/
s2KwNL5Z7dtKMCVo0calEF8MSVf5dsZZwm37OO0xqQDaOZ8Svcg=
=ptIs
-----END PGP SIGNATURE-----


----- End forwarded message -----

--- End Message ---