Debian Bug report logs -
#602609
CVE-2010-4008: does not well process a malformed XPATH
Reported by: Giuseppe Iuculano <iuculano@debian.org>
Date: Sat, 6 Nov 2010 13:24:01 UTC
Severity: serious
Tags: security
Found in versions libxml2/2.6.32.dfsg-5+lenny1, libxml2/2.7.7.dfsg-4
Fixed in versions 2.6.32.dfsg-5+lenny2, libxml2/2.7.8.dfsg-1
Done: Mike Hommey <mh@glandium.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#602609; Package libxml2.
(Sat, 06 Nov 2010 13:24:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Giuseppe Iuculano <iuculano@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(Sat, 06 Nov 2010 13:24:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libxml2
Version: 2.7.7.dfsg-4
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
it was discovered that libxml2 does not well process a malformed XPATH,
causing crash and allowing arbitrary code execution.
Patch:
http://git.gnome.org/browse/libxml2/commit/?id=91d19754d46acd4a639a8b9e31f50f31c78f8c9c
http://git.gnome.org/browse/libxml2/commit/?id=ea90b894146030c214a7df6d8375310174f134b9
Cheers,
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkzVVoYACgkQNxpp46476arbpwCeK9pEIv7u4PC+3YAfUO67eADI
Ls0An045V3eap6+bhfM88as/0hq+tEqw
=ymuH
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#602609; Package libxml2.
(Sat, 06 Nov 2010 13:36:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Giuseppe Iuculano <iuculano@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(Sat, 06 Nov 2010 13:36:03 GMT) (full text, mbox, link).
Message #10 received at 602609@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
fixed 602609 2.7.8.dfsg-1
thanks
It was fixed in 2.7.8
Cheers,
Giuseppe
[signature.asc (application/pgp-signature, attachment)]
Bug Marked as fixed in versions libxml2/2.7.8.dfsg-1.
Request was from Giuseppe Iuculano <iuculano@debian.org>
to control@bugs.debian.org.
(Sat, 06 Nov 2010 13:36:05 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#602609; Package libxml2.
(Sat, 06 Nov 2010 15:33:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Mike Hommey <mh@glandium.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(Sat, 06 Nov 2010 15:33:09 GMT) (full text, mbox, link).
Message #17 received at 602609@bugs.debian.org (full text, mbox, reply):
On Sat, Nov 06, 2010 at 02:22:18PM +0100, Giuseppe Iuculano wrote:
> Package: libxml2
> Version: 2.7.7.dfsg-4
> Severity: serious
> Tags: security
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> it was discovered that libxml2 does not well process a malformed XPATH,
> causing crash and allowing arbitrary code execution.
>
> Patch:
> http://git.gnome.org/browse/libxml2/commit/?id=91d19754d46acd4a639a8b9e31f50f31c78f8c9c
> http://git.gnome.org/browse/libxml2/commit/?id=ea90b894146030c214a7df6d8375310174f134b9
Interestingly none of the above commits talk about crash and arbitrary
code execution. Is there a working test case available somewhere?
Anyways, that would need a backport for stable, and maybe testing,
depending how the release team feels about 2.7.8.
Mike
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#602609; Package libxml2.
(Thu, 11 Nov 2010 16:09:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Julien Cristau <jcristau@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(Thu, 11 Nov 2010 16:09:02 GMT) (full text, mbox, link).
Message #22 received at 602609@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Sat, Nov 6, 2010 at 15:49:00 +0100, Mike Hommey wrote:
> Anyways, that would need a backport for stable, and maybe testing,
> depending how the release team feels about 2.7.8.
>
2.7.8-1 unblocked.
Cheers,
Julien
[signature.asc (application/pgp-signature, inline)]
Bug Marked as found in versions libxml2/2.6.32.dfsg-5+lenny1.
Request was from Mike Hommey <glandium@debian.org>
to control@bugs.debian.org.
(Thu, 02 Dec 2010 08:34:33 GMT) (full text, mbox, link).
Bug Marked as fixed in versions 2.6.32.dfsg-5+lenny2.
Request was from Mike Hommey <glandium@debian.org>
to control@bugs.debian.org.
(Thu, 02 Dec 2010 08:34:33 GMT) (full text, mbox, link).
Reply sent
to Mike Hommey <mh@glandium.org>:
You have taken responsibility.
(Thu, 02 Dec 2010 08:34:41 GMT) (full text, mbox, link).
Notification sent
to Giuseppe Iuculano <iuculano@debian.org>:
Bug acknowledged by developer.
(Thu, 02 Dec 2010 08:34:41 GMT) (full text, mbox, link).
Message #31 received at 602609-done@bugs.debian.org (full text, mbox, reply):
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 23 Jan 2011 07:30:47 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:27:19 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon