Your message dated Sat, 08 Feb 2020 14:23:35 +0000
with message-id
<a894a0233c2d264936953d7a69507573c4a5742a.ca...@adam-barratt.org.uk>
and subject line Closing bugs included in 9.12
has caused the Debian Bug report #946159,
regarding stretch-pu: package libxslt/1.1.29-2.1+deb9u2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
946159: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946159
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: [email protected]
Usertags: pu
Hi
This update adresses CVE-2019-18197 as well for stretch (was alredy
done for buster in the last point release). Attaching the resulting
debdiff.
Regards,
Salvatore
diff -Nru libxslt-1.1.29/debian/changelog libxslt-1.1.29/debian/changelog
--- libxslt-1.1.29/debian/changelog 2019-08-24 14:04:13.000000000 +0200
+++ libxslt-1.1.29/debian/changelog 2019-12-04 15:41:16.000000000 +0100
@@ -1,3 +1,10 @@
+libxslt (1.1.29-2.1+deb9u2) stretch; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix dangling pointer in xsltCopyText (CVE-2019-18197) (Closes: #942646)
+
+ -- Salvatore Bonaccorso <[email protected]> Wed, 04 Dec 2019 15:41:16 +0100
+
libxslt (1.1.29-2.1+deb9u1) stretch; urgency=medium
* Non-maintainer upload.
diff -Nru
libxslt-1.1.29/debian/patches/0012-Fix-dangling-pointer-in-xsltCopyText.patch
libxslt-1.1.29/debian/patches/0012-Fix-dangling-pointer-in-xsltCopyText.patch
---
libxslt-1.1.29/debian/patches/0012-Fix-dangling-pointer-in-xsltCopyText.patch
1970-01-01 01:00:00.000000000 +0100
+++
libxslt-1.1.29/debian/patches/0012-Fix-dangling-pointer-in-xsltCopyText.patch
2019-12-04 15:41:16.000000000 +0100
@@ -0,0 +1,35 @@
+From: Nick Wellnhofer <[email protected]>
+Date: Sat, 17 Aug 2019 16:51:53 +0200
+Subject: Fix dangling pointer in xsltCopyText
+Origin:
https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-18197
+Bug-Debian: https://bugs.debian.org/942646
+Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746
+Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768
+Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914
+
+xsltCopyText didn't reset ctxt->lasttext in some cases which could
+lead to various memory errors in relation with CDATA sections in input
+documents.
+
+Found by OSS-Fuzz.
+---
+ libxslt/transform.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libxslt/transform.c b/libxslt/transform.c
+index 95ebd0732f95..d7ab0b6677cc 100644
+--- a/libxslt/transform.c
++++ b/libxslt/transform.c
+@@ -1094,6 +1094,8 @@ xsltCopyText(xsltTransformContextPtr ctxt, xmlNodePtr
target,
+ if ((copy->content = xmlStrdup(cur->content)) == NULL)
+ return NULL;
+ }
++
++ ctxt->lasttext = NULL;
+ } else {
+ /*
+ * normal processing. keep counters to extend the text node
+--
+2.20.1
+
diff -Nru libxslt-1.1.29/debian/patches/series
libxslt-1.1.29/debian/patches/series
--- libxslt-1.1.29/debian/patches/series 2019-08-24 14:04:13.000000000
+0200
+++ libxslt-1.1.29/debian/patches/series 2019-12-04 15:41:16.000000000
+0100
@@ -9,3 +9,4 @@
0009-Fix-security-framework-bypass.patch
0010-Fix-uninitialized-read-of-xsl-number-token.patch
0011-Fix-uninitialized-read-with-UTF-8-grouping-chars.patch
+0012-Fix-dangling-pointer-in-xsltCopyText.patch
--- End Message ---
--- Begin Message ---
Package: release.debian.org
Version: 9.12
Hi,
Each of the uploads referred to by these bugs was included in today's
oldstable point release.
Regards,
Adam
--- End Message ---
