Hello community, here is the log from the commit of package libxslt for openSUSE:Factory checked in at 2019-10-22 15:43:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libxslt (Old) and /work/SRC/openSUSE:Factory/.libxslt.new.2352 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libxslt" Tue Oct 22 15:43:52 2019 rev:60 rq:741568 version:1.1.33 Changes: -------- --- /work/SRC/openSUSE:Factory/libxslt/libxslt.changes 2019-10-05 16:17:44.197838534 +0200 +++ /work/SRC/openSUSE:Factory/.libxslt.new.2352/libxslt.changes 2019-10-22 15:43:55.769613035 +0200 @@ -1,0 +2,7 @@ +Mon Oct 21 13:55:37 UTC 2019 - Pedro Monreal Gonzalez <[email protected]> + +- Security fix [bsc#1154609, CVE-2019-18197] + * Fix dangling pointer in xsltCopyText + * Add libxslt-CVE-2019-18197.patch + +------------------------------------------------------------------- New: ---- libxslt-CVE-2019-18197.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libxslt.spec ++++++ --- /var/tmp/diff_new_pack.Hrjzt9/_old 2019-10-22 15:43:56.369613720 +0200 +++ /var/tmp/diff_new_pack.Hrjzt9/_new 2019-10-22 15:43:56.369613720 +0200 @@ -40,6 +40,8 @@ Patch5: libxslt-CVE-2019-13117.patch # PATCH-FIX-UPSTREAM bsc#1140101 CVE-2019-13118 Fix uninitialized read with UTF-8 grouping chars Patch6: libxslt-CVE-2019-13118.patch +# PATCH-FIX-UPSTREAM bsc#1154609 CVE-2019-18197 Fix dangling pointer in xsltCopyText +Patch7: libxslt-CVE-2019-18197.patch BuildRequires: libgcrypt-devel BuildRequires: libgpg-error-devel BuildRequires: libtool @@ -112,6 +114,7 @@ %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 %build autoreconf -fvi ++++++ libxslt-CVE-2019-18197.patch ++++++ >From 2232473733b7313d67de8836ea3b29eec6e8e285 Mon Sep 17 00:00:00 2001 From: Nick Wellnhofer <[email protected]> Date: Sat, 17 Aug 2019 16:51:53 +0200 Subject: [PATCH] Fix dangling pointer in xsltCopyText xsltCopyText didn't reset ctxt->lasttext in some cases which could lead to various memory errors in relation with CDATA sections in input documents. Found by OSS-Fuzz. --- libxslt/transform.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libxslt/transform.c b/libxslt/transform.c index 95ebd073..d7ab0b66 100644 --- a/libxslt/transform.c +++ b/libxslt/transform.c @@ -1094,6 +1094,8 @@ xsltCopyText(xsltTransformContextPtr ctxt, xmlNodePtr target, if ((copy->content = xmlStrdup(cur->content)) == NULL) return NULL; } + + ctxt->lasttext = NULL; } else { /* * normal processing. keep counters to extend the text node -- 2.22.0
