Your message dated Sat, 21 Mar 2026 09:18:52 +0000
with message-id <[email protected]>
and subject line Bug#378412: fixed in libxml-parser-perl 2.47-2
has caused the Debian Bug report #378412,
regarding Buffer overflow in XML::Parser::Expat triggered by deep nesting
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
378412: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=378412
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libxml-parser-perl
Version: 2.34-4
Severity: grave
A heap overflow in the Expat library wrapper can be triggered by
XML input with deeply nested elements. This bug has also been reported
to CPAN: http://rt.cpan.org/Ticket/Display.html?id=19860
The error is caused at libxml-parser-perl-2.34/Expat/Expat.xs, line 498:
if (cbv->st_serial_stackptr >= cbv->st_serial_stacksize) {
unsigned int newsize = cbv->st_serial_stacksize + 512;
Renew(cbv->st_serial_stack, newsize, unsigned int);
cbv->st_serial_stacksize = newsize;
}
cbv->st_serial_stack[++cbv->st_serial_stackptr] = cbv->st_serial;
Note that in the case that stackptr == stacksize-1, this code
decides to NOT expand the stack and subsequently writes a value
just outside the allocated buffer.
Because the buffer is overflowed by only 4 bytes, this does not cause
a segmentation fault. But the overflow is detected by Valgrind when
parsing an XML file with elements nested deeper than 512 levels.
Since it involves an input-triggered heap overflow, this is technically
a security vulnerability.
Joris.
--- End Message ---
--- Begin Message ---
Source: libxml-parser-perl
Source-Version: 2.47-2
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libxml-parser-perl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated
libxml-parser-perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 21 Mar 2026 07:34:12 +0100
Source: libxml-parser-perl
Architecture: source
Version: 2.47-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 378412
Changes:
libxml-parser-perl (2.47-2) unstable; urgency=medium
.
* Team upload.
* Fix buffer overflow in parse_stream when filehandle has :utf8 layer.
This improves the fix for CVE-2006-10002.
* fix: off-by-one heap buffer overflow in st_serial_stack growth check
(CVE-2006-10003) (Closes: #378412)
Checksums-Sha1:
0e2bb1d00c47d4dea6ce4ba63d0a491f99325c4d 2360 libxml-parser-perl_2.47-2.dsc
b75f80305ccc0b566253fa452f37f01fa955d7f3 61112
libxml-parser-perl_2.47-2.debian.tar.xz
Checksums-Sha256:
639ba59de9cc7ced282859e29a2ce55b06b7694e00e2dc2632499be56cca50f2 2360
libxml-parser-perl_2.47-2.dsc
5dab3a3ac4f29e5d9a811c0f44aec2853f6746cc466de0601c3a06b3a810f7f6 61112
libxml-parser-perl_2.47-2.debian.tar.xz
Files:
e31cac64fd714be9231d3284e42fc052 2360 perl optional
libxml-parser-perl_2.47-2.dsc
0ed718efe672d55558cdc036741aa377 61112 perl optional
libxml-parser-perl_2.47-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmm+XP9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ErZcP/iiLsfLfcJpEhYbUo+MwBm51kR/pdfI+
DlSrHCkM6P2YGnITMMA8/jHE/OdRFTpJV3Ei293nszfa3lTkZgyUAfADbcrUpUcD
ntQnNDgdd8b/3c+KlHcByyI7iCcukFqZllN5PpYrMjABLY2nUYLkeWzHywP+oWrW
DDkC7KNWb6ifI/eTW2kXafA1Bd1TLNJijvKMn/nv0QZdbwI0euyCjN8WpguyXd7e
af2Hajb039l/gfI07VwbTsAkf6wq71F/MdsmMIDkbga5m8MNUfCKLpbfK48FFOZb
Pqo1iLl/6izEaRBWra0x/TUf79nyfWHOfLAkuhwPRdETqdxRmbXYDdLqA01EWmzV
xoJ04esxQspJdglR52i3UEMQd5VxjJmIerAOUS/FnFyZEJTnpyM136zjMmdN/1aR
gEwg/JYJPT450JyIrtY+TCsIacqKgoH/9CoEtz0eTKVFmVtmYNi68lRvtDiel8eV
9f+ljDBAKPXCV8qPF8Ui+QKONtaLXsPp5XT688+ux0keS0yCJ0svckGdcYoVYdGz
hJpjDIWQDHXxmKUxOUN/E9hvvzsooKpJcCq2lSza7XA0S/H7iOw2mUq74PZN0Wll
lQ0oDvNT5cDsanZUviLnArtadpFEMUilGR69+nK+vJhAzQyl6kA06rDQKo9PbvmA
7K5utHELKKdh
=LrVT
-----END PGP SIGNATURE-----
pgpXrtZnEwV_b.pgp
Description: PGP signature
--- End Message ---
