Debian Bug report logs -
#643648
CVE-2011-2834 and CVE-2011-2821
Reported by: Giuseppe Iuculano <iuculano@debian.org>
Date: Wed, 28 Sep 2011 10:57:18 UTC
Severity: serious
Tags: security
Fixed in version libxml2/2.7.8.dfsg-5
Done: Mike Hommey <glandium@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#643648; Package libxml2.
(Wed, 28 Sep 2011 10:57:21 GMT) (full text, mbox, link).
Acknowledgement sent
to Giuseppe Iuculano <iuculano@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(Wed, 28 Sep 2011 10:57:24 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libxml2
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
two libxml2 issues were fixed in the latest chrome updates:
CVE-2011-2821
Double free vulnerability in libxml2, as used in Google Chrome before
13.0.782.215, allows remote attackers to cause a denial of service or
possibly have unspecified other impact via a crafted XPath expression.
Patch:
http://git.gnome.org/browse/libxml2/commit/?id=fec31bcd452e77c10579467ca87a785b41115de6
CVE-2011-2834
Double free vulnerability in libxml2, as used in Google Chrome before
14.0.835.163, allows remote attackers to cause a denial of service or
possibly have unspecified other impact via vectors related to XPath
handling.
Patch: http://src.chromium.org/viewvc/chrome?view=rev&revision=98359
Cheers,
Giuseppe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk6C/OYACgkQNxpp46476apt2ACdHKTvWjo4WoxEWsVD6Z7a9elU
AFgAn2ml9iJvUDCXczdrJcVH1PIknJFT
=EMJW
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#643648; Package libxml2.
(Fri, 07 Oct 2011 07:06:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Mike Hommey <mh@glandium.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(Fri, 07 Oct 2011 07:06:03 GMT) (full text, mbox, link).
Message #10 received at 643648@bugs.debian.org (full text, mbox, reply):
On Wed, Sep 28, 2011 at 12:54:33PM +0200, Giuseppe Iuculano wrote:
> Package: libxml2
> Severity: serious
> Tags: security
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> two libxml2 issues were fixed in the latest chrome updates:
>
> CVE-2011-2821
> Double free vulnerability in libxml2, as used in Google Chrome before
> 13.0.782.215, allows remote attackers to cause a denial of service or
> possibly have unspecified other impact via a crafted XPath expression.
>
> Patch:
> http://git.gnome.org/browse/libxml2/commit/?id=fec31bcd452e77c10579467ca87a785b41115de6
>
>
> CVE-2011-2834
> Double free vulnerability in libxml2, as used in Google Chrome before
> 14.0.835.163, allows remote attackers to cause a denial of service or
> possibly have unspecified other impact via vectors related to XPath
> handling.
>
> Patch: http://src.chromium.org/viewvc/chrome?view=rev&revision=98359
I'm going to push that to unstable, do we want stable/oldstable
backports?
Mike
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#643648; Package libxml2.
(Fri, 07 Oct 2011 07:24:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Mike Hommey <mh@glandium.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(Fri, 07 Oct 2011 07:24:06 GMT) (full text, mbox, link).
Message #15 received at 643648@bugs.debian.org (full text, mbox, reply):
On Fri, Oct 07, 2011 at 09:02:00AM +0200, Mike Hommey wrote:
> On Wed, Sep 28, 2011 at 12:54:33PM +0200, Giuseppe Iuculano wrote:
> > Package: libxml2
> > Severity: serious
> > Tags: security
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hi,
> >
> > two libxml2 issues were fixed in the latest chrome updates:
> >
> > CVE-2011-2821
> > Double free vulnerability in libxml2, as used in Google Chrome before
> > 13.0.782.215, allows remote attackers to cause a denial of service or
> > possibly have unspecified other impact via a crafted XPath expression.
> >
> > Patch:
> > http://git.gnome.org/browse/libxml2/commit/?id=fec31bcd452e77c10579467ca87a785b41115de6
As a matter of fact, this one was fixed with CVE-2010-4494.
CVE-2011-2821 is actually
http://git.gnome.org/browse/libxml2/commit/?id=f5048b3e71fc30ad096970b8df6e7af073bae4cb
Mike
Reply sent
to Mike Hommey <glandium@debian.org>:
You have taken responsibility.
(Fri, 07 Oct 2011 07:51:06 GMT) (full text, mbox, link).
Notification sent
to Giuseppe Iuculano <iuculano@debian.org>:
Bug acknowledged by developer.
(Fri, 07 Oct 2011 07:51:06 GMT) (full text, mbox, link).
Message #20 received at 643648-close@bugs.debian.org (full text, mbox, reply):
Source: libxml2
Source-Version: 2.7.8.dfsg-5
We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive:
libxml2-dbg_2.7.8.dfsg-5_amd64.deb
to main/libx/libxml2/libxml2-dbg_2.7.8.dfsg-5_amd64.deb
libxml2-dev_2.7.8.dfsg-5_amd64.deb
to main/libx/libxml2/libxml2-dev_2.7.8.dfsg-5_amd64.deb
libxml2-doc_2.7.8.dfsg-5_all.deb
to main/libx/libxml2/libxml2-doc_2.7.8.dfsg-5_all.deb
libxml2-utils_2.7.8.dfsg-5_amd64.deb
to main/libx/libxml2/libxml2-utils_2.7.8.dfsg-5_amd64.deb
libxml2_2.7.8.dfsg-5.diff.gz
to main/libx/libxml2/libxml2_2.7.8.dfsg-5.diff.gz
libxml2_2.7.8.dfsg-5.dsc
to main/libx/libxml2/libxml2_2.7.8.dfsg-5.dsc
libxml2_2.7.8.dfsg-5_amd64.deb
to main/libx/libxml2/libxml2_2.7.8.dfsg-5_amd64.deb
python-libxml2-dbg_2.7.8.dfsg-5_amd64.deb
to main/libx/libxml2/python-libxml2-dbg_2.7.8.dfsg-5_amd64.deb
python-libxml2_2.7.8.dfsg-5_amd64.deb
to main/libx/libxml2/python-libxml2_2.7.8.dfsg-5_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 643648@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mike Hommey <glandium@debian.org> (supplier of updated libxml2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 07 Oct 2011 09:31:14 +0200
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg
Architecture: source amd64 all
Version: 2.7.8.dfsg-5
Distribution: unstable
Urgency: low
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Mike Hommey <glandium@debian.org>
Description:
libxml2 - GNOME XML library
libxml2-dbg - Debugging symbols for the GNOME XML library
libxml2-dev - Development files for the GNOME XML library
libxml2-doc - Documentation for the GNOME XML library
libxml2-utils - XML utilities
python-libxml2 - Python bindings for the GNOME XML library
python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension)
Closes: 643648
Changes:
libxml2 (2.7.8.dfsg-5) unstable; urgency=low
.
* xpath.c, xpointer.c, include/libxml/xpath.h: Hardening of XPath evaluation.
CVE-2011-2821.
* xpath.c: Fix for undefined namespaces. CVE-2011-2834.
* Both closes: #643648.
Checksums-Sha1:
5f196d9e6bae1def9f7e2ea08e45bbe12245d09f 2370 libxml2_2.7.8.dfsg-5.dsc
81cf9777f6339d771ea9335c325d9cc289f79b70 117912 libxml2_2.7.8.dfsg-5.diff.gz
c89b1f557605095094eed7522bde6e15d2cfd78d 891938 libxml2_2.7.8.dfsg-5_amd64.deb
678105173f175c18b5c6fee453c8aa909af9065b 92564 libxml2-utils_2.7.8.dfsg-5_amd64.deb
83ea6720cc08390ed63b51140f7876d5367c9096 854392 libxml2-dev_2.7.8.dfsg-5_amd64.deb
bf4cad70e9451a4cfee9124eb786a17717b2cfa0 1118050 libxml2-dbg_2.7.8.dfsg-5_amd64.deb
40321fb296dba8af0aba852395bc8cebc69d8a2d 1377374 libxml2-doc_2.7.8.dfsg-5_all.deb
51466633578ebab5a830be5837d762e4b644a268 339494 python-libxml2_2.7.8.dfsg-5_amd64.deb
6efb0c1385d038ee725eac2b81d0305e5bbc02d8 855508 python-libxml2-dbg_2.7.8.dfsg-5_amd64.deb
Checksums-Sha256:
47335864adb55c9111a06e966df333c0f848e377606ef4688c122886c530635c 2370 libxml2_2.7.8.dfsg-5.dsc
2f96c0ae319c9a518db05b342a967eeb4113e6fb93e3723ad3e668b588a87fd3 117912 libxml2_2.7.8.dfsg-5.diff.gz
fee426571bccbd9838584261be2063063e6cf9aca13f5aded51878df28950f75 891938 libxml2_2.7.8.dfsg-5_amd64.deb
365d5034f841527118855e56d273f94d95343d1920775157e32841e54dfad903 92564 libxml2-utils_2.7.8.dfsg-5_amd64.deb
65448c7386ad2e6c59327e6add82b5911d53e79825f31bba3a63c9ea2bf9ebf9 854392 libxml2-dev_2.7.8.dfsg-5_amd64.deb
5e6f698d4281091c8f5fb8630050eda89dd9d616bbd067bb414fb0219afe5ba4 1118050 libxml2-dbg_2.7.8.dfsg-5_amd64.deb
bd1d0dfd774da14132b5cd83c0724b34dc46f9053fc417d910bd4f97f7efe9b9 1377374 libxml2-doc_2.7.8.dfsg-5_all.deb
67218d7cb3d83d0df2d00be4bce77e588e6c8ec4de24fb2dcd221d85f8ea0e8d 339494 python-libxml2_2.7.8.dfsg-5_amd64.deb
4a9ef7fb5433bc071a6fd9e2525d03d64bfd85db570ddef028968cdc632f67e0 855508 python-libxml2-dbg_2.7.8.dfsg-5_amd64.deb
Files:
b50b1eefb84c9cdc759bbf503cb998a5 2370 libs optional libxml2_2.7.8.dfsg-5.dsc
f94d9e94e2b04c0b5f0646d82f339c09 117912 libs optional libxml2_2.7.8.dfsg-5.diff.gz
0082ff7ec655477678174db912129884 891938 libs standard libxml2_2.7.8.dfsg-5_amd64.deb
d7d1c423991ae187f377655eda5e954a 92564 text optional libxml2-utils_2.7.8.dfsg-5_amd64.deb
176d2b30c570564e7ab5f2be7c9ae2be 854392 libdevel optional libxml2-dev_2.7.8.dfsg-5_amd64.deb
9bb16ebc850599eb5811510ae31002cd 1118050 debug extra libxml2-dbg_2.7.8.dfsg-5_amd64.deb
a509f1a2a2b2f48fd8eaadc6799b6b27 1377374 doc optional libxml2-doc_2.7.8.dfsg-5_all.deb
5dfe849c3286faa0086d8a4a85692b9e 339494 python optional python-libxml2_2.7.8.dfsg-5_amd64.deb
6bcab857662a8c2b8d5898f1b7f0bb5b 855508 debug extra python-libxml2-dbg_2.7.8.dfsg-5_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIVAwUBTo6tIuQqoE+mqoxyAQjAEg//U1+CIE+2EVv+09Kw32VfKqexTT642uau
72hlYTQYKzbegQDWTAwSa/k1xBb5mkXriySX+NI3ZGd5fWSyoSJEDF5qfZRU3NzS
vbVehMmrsfyO78vVyTV74ULcdLGFalzBYry+AKPs8wryOSTpGm6rZhh4TDlx1Uqu
RCnFHL/CEZxuF06uH6q3g4n2BtsMR66nB+LTMWbfei6/ZMdqqvm43RnIGst1H1cD
5vFhnGFnLDoeksvcFXLb8RGFHQJl8Js2KtNHzdwBqEmxEuiOhL0Z3aK2M8OP+05h
maRKGxWYCTjqDVC639F+yByOxLzELWzzsH0n9wL3Bds5rqxB7HNFolxdEp6bqtBK
bG326M77aqnMD0xj0qqOw2slbHkHJr6zR/LjYGOngyFGRWcweZr6+tyZljgi5D4i
sjKhkv/ZEdQvR39mXDeuDt0SobVFWJSNwGGPKE24ysd8Wvhx8jaiFGY9EJirpqLO
XCTtJJwL7N0shrfKX4cmaPI+iAz2jAoTL7K/Hd3tK2U1slX+8RzQNAYeLLZ3VytS
drzgjcaHvpL8AvXShElez1jEwVPpMZ0bui+ov6XemRixQ44wEF5reSfq+NsmF06n
1FesfYxPlz5J8Sh4+sOT/Q596gQlmIAtUEJYEXnPT+kfeQPfwSRaQWi1rQEuy+DH
ddNd22/SxLs=
=zJXR
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#643648; Package libxml2.
(Mon, 10 Oct 2011 16:27:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Mühlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(Mon, 10 Oct 2011 16:27:03 GMT) (full text, mbox, link).
Message #25 received at 643648@bugs.debian.org (full text, mbox, reply):
On Fri, Oct 07, 2011 at 09:02:00AM +0200, Mike Hommey wrote:
> On Wed, Sep 28, 2011 at 12:54:33PM +0200, Giuseppe Iuculano wrote:
> > Package: libxml2
> > Severity: serious
> > Tags: security
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hi,
> >
> > two libxml2 issues were fixed in the latest chrome updates:
> >
> > CVE-2011-2821
> > Double free vulnerability in libxml2, as used in Google Chrome before
> > 13.0.782.215, allows remote attackers to cause a denial of service or
> > possibly have unspecified other impact via a crafted XPath expression.
> >
> > Patch:
> > http://git.gnome.org/browse/libxml2/commit/?id=fec31bcd452e77c10579467ca87a785b41115de6
> >
> >
> > CVE-2011-2834
> > Double free vulnerability in libxml2, as used in Google Chrome before
> > 14.0.835.163, allows remote attackers to cause a denial of service or
> > possibly have unspecified other impact via vectors related to XPath
> > handling.
> >
> > Patch: http://src.chromium.org/viewvc/chrome?view=rev&revision=98359
>
> I'm going to push that to unstable, do we want stable/oldstable
> backports?
This doesn't allow code injection. Let's stack it up until a more severe
issue arises in libxml2. (Alternative we can fix it in a point update)
Cheers,
Moritz
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 14 Nov 2011 07:35:34 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:46:31 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon