Hello community, here is the log from the commit of package libxslt for openSUSE:Factory checked in at 2017-03-16 09:34:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libxslt (Old) and /work/SRC/openSUSE:Factory/.libxslt.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libxslt" Thu Mar 16 09:34:26 2017 rev:49 rq:479026 version:1.1.29 Changes: -------- --- /work/SRC/openSUSE:Factory/libxslt/libxslt.changes 2016-06-20 10:55:12.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libxslt.new/libxslt.changes 2017-03-16 09:34:27.266908559 +0100 @@ -1,0 +2,10 @@ +Mon Mar 13 12:43:04 UTC 2017 - pmonrealgonza...@suse.com + +- Added patch libxslt-CVE-2016-4738.patch + * Fix heap overread in xsltFormatNumberConversion: An empty + decimal-separator could cause a heap overread. This can be + exploited to leak a couple of bytes after the buffer that holds + the pattern string. + * bsc#1005591 CVE-2016-4738 + +------------------------------------------------------------------- New: ---- libxslt-CVE-2016-4738.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libxslt-python.spec ++++++ --- /var/tmp/diff_new_pack.JROMt7/_old 2017-03-16 09:34:27.982807192 +0100 +++ /var/tmp/diff_new_pack.JROMt7/_new 2017-03-16 09:34:27.982807192 +0100 @@ -1,7 +1,7 @@ # # spec file for package libxslt-python # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++++++ libxslt.spec ++++++ --- /var/tmp/diff_new_pack.JROMt7/_old 2017-03-16 09:34:28.002804360 +0100 +++ /var/tmp/diff_new_pack.JROMt7/_new 2017-03-16 09:34:28.002804360 +0100 @@ -1,7 +1,7 @@ # # spec file for package libxslt # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -31,6 +31,7 @@ Patch0: %{name}-1.1.24-no-net-autobuild.patch Patch1: libxslt-config-fixes.patch Patch2: 0009-Make-generate-id-deterministic.patch +Patch3: libxslt-CVE-2016-4738.patch BuildRequires: libgcrypt-devel BuildRequires: libgpg-error-devel BuildRequires: libtool @@ -99,6 +100,7 @@ %patch0 %patch1 %patch2 -p1 +%patch3 -p1 %build autoreconf -fvi ++++++ libxslt-CVE-2016-4738.patch ++++++ >From eb1030de31165b68487f288308f9d1810fed6880 Mon Sep 17 00:00:00 2001 From: Nick Wellnhofer <wellnho...@aevum.de> Date: Fri, 10 Jun 2016 14:23:58 +0200 Subject: Fix heap overread in xsltFormatNumberConversion An empty decimal-separator could cause a heap overread. This can be exploited to leak a couple of bytes after the buffer that holds the pattern string. Found with afl-fuzz and ASan. --- libxslt/numbers.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libxslt/numbers.c b/libxslt/numbers.c index d1549b4..e78c46b 100644 --- a/libxslt/numbers.c +++ b/libxslt/numbers.c @@ -1090,7 +1090,8 @@ xsltFormatNumberConversion(xsltDecimalFormatPtr self, } /* We have finished the integer part, now work on fraction */ - if (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) { + if ( (*the_format != 0) && + (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) ) { format_info.add_decimal = TRUE; the_format += xsltUTF8Size(the_format); /* Skip over the decimal */ } -- cgit v0.12