Bug#1059315: tinyxml: CVE-2023-34194 CVE-2023-40462 CVE-2023-40458

2024-01-22 Thread Salvatore Bonaccorso
Hi, On Sun, Jan 14, 2024 at 05:48:54PM +0100, Salvatore Bonaccorso wrote: > Hi, > > On Sun, Jan 14, 2024 at 04:41:00PM +, Bastien Roucari?s wrote: > > On Sun, 31 Dec 2023 07:14:26 +0100 Salvatore Bonaccorso > > wrote: > > Hi Guilhem, hi Moritz, > > > Hi Guilhem, hi Moritz, > > > > > > On

Bug#1059315: tinyxml: CVE-2023-34194 CVE-2023-40462 CVE-2023-40458

2024-01-14 Thread Salvatore Bonaccorso
Hi, On Sun, Jan 14, 2024 at 04:41:00PM +, Bastien Roucariès wrote: > On Sun, 31 Dec 2023 07:14:26 +0100 Salvatore Bonaccorso > wrote: > Hi Guilhem, hi Moritz, > > Hi Guilhem, hi Moritz, > > > > On Sat, Dec 30, 2023 at 11:26:02PM +0100, Guilhem Moulin wrote: > > > On Sat, 30 Dec 2023 at

Bug#1059315: tinyxml: CVE-2023-34194 CVE-2023-40462 CVE-2023-40458

2024-01-14 Thread Bastien Roucariès
On Sun, 31 Dec 2023 07:14:26 +0100 Salvatore Bonaccorso wrote: Hi Guilhem, hi Moritz, > Hi Guilhem, hi Moritz, > > On Sat, Dec 30, 2023 at 11:26:02PM +0100, Guilhem Moulin wrote: > > On Sat, 30 Dec 2023 at 21:02:16 +0100, Felix Geyer wrote: > > > There are some minor changes staged in the salsa

Bug#1059315: tinyxml: CVE-2023-34194 CVE-2023-40462 CVE-2023-40458

2023-12-30 Thread Salvatore Bonaccorso
Hi Guilhem, hi Moritz, On Sat, Dec 30, 2023 at 11:26:02PM +0100, Guilhem Moulin wrote: > On Sat, 30 Dec 2023 at 21:02:16 +0100, Felix Geyer wrote: > > There are some minor changes staged in the salsa git repo. It would be good > > to include them as well. Feel free to push the patch to git and

Bug#1059315: tinyxml: CVE-2023-34194 CVE-2023-40462 CVE-2023-40458

2023-12-30 Thread Guilhem Moulin
On Sat, 30 Dec 2023 at 21:02:16 +0100, Felix Geyer wrote: > There are some minor changes staged in the salsa git repo. It would be good > to include them as well. Feel free to push the patch to git and upload. > Alternatively a merge request works as well of course. Thanks for the fast response!

Bug#1059315: tinyxml: CVE-2023-34194 CVE-2023-40462 CVE-2023-40458

2023-12-30 Thread Felix Geyer
Hi, On 30.12.23 16:06, Guilhem Moulin wrote: Control: tag -1 + patch Hi, I had a look at these issues for Buster (LTS). Unfortunately the upstream project appears to be inactive. On Fri, 22 Dec 2023 at 14:50:57 +0100, Moritz Mühlenhoff wrote: CVE-2023-34194[0]: | StringEqual in

Bug#1059315: tinyxml: CVE-2023-34194 CVE-2023-40462 CVE-2023-40458

2023-12-30 Thread Guilhem Moulin
Control: tag -1 + patch Hi, I had a look at these issues for Buster (LTS). Unfortunately the upstream project appears to be inactive. On Fri, 22 Dec 2023 at 14:50:57 +0100, Moritz Mühlenhoff wrote: > CVE-2023-34194[0]: > | StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in > |

Bug#1059315: tinyxml: CVE-2023-34194 CVE-2023-40462 CVE-2023-40458

2023-12-22 Thread Moritz Mühlenhoff
Source: tinyxml X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, https://www.forescout.com/resources/sierra21-vulnerabilities mentions three security issues in Tinyxml: CVE-2023-34194[0]: | StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in | TinyXML