Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2012-2807

Related Vulnerabilities: CVE-2012-2807  

Source

Debian Bug report logs - #679280
CVE-2012-2807

version graph

Package: libxml2; Maintainer for libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>; Source for libxml2 is src:libxml2 (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>

Date: Wed, 27 Jun 2012 15:18:01 UTC

Severity: grave

Tags: moreinfo, security

Fixed in version libxml2/2.8.0+dfsg1-5

Done: Aron Xu <aron@debian.org>

Bug is archived. No further changes may be made.

Forwarded to https://bugzilla.gnome.org/show_bug.cgi?id=679475

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#679280; Package libxml2. (Wed, 27 Jun 2012 15:18:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>. (Wed, 27 Jun 2012 15:18:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <muehlenhoff@univention.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2012-2807
Date: Wed, 27 Jun 2012 17:15:50 +0200
Package: libxml2
Severity: grave
Tags: security

The Chrome developers found an integer overflow in the embedded copy of
libxml, which has been assigned CVE-2012-2807:

http://googlechromereleases.blogspot.de/2012/06/stable-channel-update_26.html:

[64-bit Linux only] [$3000] [129930] High CVE-2012-2807: Integer overflows in libxml. Credit to Jüri Aedla.

This is fixed by the following commit:
http://git.chromium.org/gitweb/?p=chromium/src.git;a=patch;h=f183580d61c054f7f6bb35cfe29e1b342390fbeb

Cheers,
        Moritz

Information forwarded to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#679280; Package libxml2. (Thu, 28 Jun 2012 06:48:08 GMT) (full text, mbox, link).

Acknowledgement sent to Aron Xu <happyaron.xu@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>. (Thu, 28 Jun 2012 06:48:08 GMT) (full text, mbox, link).

Message #10 received at 679280@bugs.debian.org (full text, mbox, reply):

From: Aron Xu <happyaron.xu@gmail.com>
To: Moritz Muehlenhoff <muehlenhoff@univention.de>, 679280@bugs.debian.org, Debian Bug Tracking System <control@bugs.debian.org>
Subject: Re: [xml/sgml-pkgs] Bug#679280: CVE-2012-2807
Date: Thu, 28 Jun 2012 14:45:41 +0800
tags 679280 + moreinfo
thanks

Hi,

I'm still investigating the problem and more details about it are
welcomed, please don't NMU for either unstable or stable.



-- 
Regards,
Aron Xu

Added tag(s) moreinfo. Request was from Aron Xu <happyaron.xu@gmail.com> to control@bugs.debian.org. (Thu, 28 Jun 2012 06:48:10 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#679280; Package libxml2. (Sat, 30 Jun 2012 21:24:04 GMT) (full text, mbox, link).

Acknowledgement sent to Michael Gilbert <mgilbert@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>. (Sat, 30 Jun 2012 21:24:04 GMT) (full text, mbox, link).

Message #17 received at 679280@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <mgilbert@debian.org>
To: 679280@bugs.debian.org
Subject: re: CVE-2012-2807
Date: Sat, 30 Jun 2012 17:20:31 -0400
> I'm still investigating the problem and more details about it are
> welcomed, please don't NMU for either unstable or stable.

Why?  This kind of statement requires some kind of justification (such
as the proposed commit is incomplete or wrong or something like that).
 Otherwise, why slow down others trying to help?

Best wishes,
Mike

Information forwarded to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#679280; Package libxml2. (Sun, 01 Jul 2012 07:57:03 GMT) (full text, mbox, link).

Acknowledgement sent to Aron Xu <happyaron.xu@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>. (Sun, 01 Jul 2012 07:57:03 GMT) (full text, mbox, link).

Message #22 received at 679280@bugs.debian.org (full text, mbox, reply):

From: Aron Xu <happyaron.xu@gmail.com>
To: 679280@bugs.debian.org, Michael Gilbert <mgilbert@debian.org>
Subject: Re: [xml/sgml-pkgs] Bug#679280: CVE-2012-2807
Date: Sun, 1 Jul 2012 15:55:18 +0800
[Message part 1 (text/plain, inline)]
On Jul 1, 2012 5:24 AM, "Michael Gilbert" <mgilbert@debian.org> wrote:
>
> > I'm still investigating the problem and more details about it are
> > welcomed, please don't NMU for either unstable or stable.
>
> Why?  This kind of statement requires some kind of justification (such
> as the proposed commit is incomplete or wrong or something like that).
>  Otherwise, why slow down others trying to help?
>
> Best wishes,
> Mike
>

Actually I am not very willing to apply random patch without upstream
acknowledgement or a clear statement of what problem it tries to fix. For
this very issue, the solution is not clear to me about what problem it's
trying to mitigate, and at the same time looks ugly on hard coding a magic
size of 1024*1024*512 without a proper description. So I ask people don't
NMU and give me more time to investigate.

[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#679280; Package libxml2. (Mon, 02 Jul 2012 21:39:05 GMT) (full text, mbox, link).

Acknowledgement sent to Michael Gilbert <mgilbert@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>. (Mon, 02 Jul 2012 21:39:05 GMT) (full text, mbox, link).

Message #27 received at 679280@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <mgilbert@debian.org>
To: 679280@bugs.debian.org
Subject: Re: [xml/sgml-pkgs] Bug#679280: CVE-2012-2807
Date: Mon, 2 Jul 2012 17:08:01 -0400
On Sun, Jul 1, 2012 at 3:55 AM, Aron Xu wrote:
>
> On Jul 1, 2012 5:24 AM, "Michael Gilbert" <mgilbert@debian.org> wrote:
>>
>> > I'm still investigating the problem and more details about it are
>> > welcomed, please don't NMU for either unstable or stable.
>>
>> Why?  This kind of statement requires some kind of justification (such
>> as the proposed commit is incomplete or wrong or something like that).
>>  Otherwise, why slow down others trying to help?
>>
>> Best wishes,
>> Mike
>>
>
> Actually I am not very willing to apply random patch without upstream
> acknowledgement or a clear statement of what problem it tries to fix. For
> this very issue, the solution is not clear to me about what problem it's
> trying to mitigate, and at the same time looks ugly on hard coding a magic
> size of 1024*1024*512 without a proper description. So I ask people don't
> NMU and give me more time to investigate.

As the new maintainer, you should probably request access to the
chromium security mailing list since they tend to find a lot of the
security issues disclosed for libxml2.

Best wishes,
Mike

Information forwarded to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#679280; Package libxml2. (Tue, 03 Jul 2012 05:12:03 GMT) (full text, mbox, link).

Acknowledgement sent to YunQiang Su <wzssyqa@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>. (Tue, 03 Jul 2012 05:12:03 GMT) (full text, mbox, link).

Message #32 received at 679280@bugs.debian.org (full text, mbox, reply):

From: YunQiang Su <wzssyqa@gmail.com>
To: Michael Gilbert <mgilbert@debian.org>, 679280@bugs.debian.org
Subject: Re: [xml/sgml-pkgs] Bug#679280: Bug#679280: CVE-2012-2807
Date: Tue, 3 Jul 2012 13:08:37 +0800
Frankly, I can't understand what the patch did.

On Tue, Jul 3, 2012 at 5:08 AM, Michael Gilbert <mgilbert@debian.org> wrote:
> On Sun, Jul 1, 2012 at 3:55 AM, Aron Xu wrote:
>>
>> On Jul 1, 2012 5:24 AM, "Michael Gilbert" <mgilbert@debian.org> wrote:
>>>
>>> > I'm still investigating the problem and more details about it are
>>> > welcomed, please don't NMU for either unstable or stable.
>>>
>>> Why?  This kind of statement requires some kind of justification (such
>>> as the proposed commit is incomplete or wrong or something like that).
>>>  Otherwise, why slow down others trying to help?
>>>
>>> Best wishes,
>>> Mike
>>>
>>
>> Actually I am not very willing to apply random patch without upstream
>> acknowledgement or a clear statement of what problem it tries to fix. For
>> this very issue, the solution is not clear to me about what problem it's
>> trying to mitigate, and at the same time looks ugly on hard coding a magic
>> size of 1024*1024*512 without a proper description. So I ask people don't
>> NMU and give me more time to investigate.
>
> As the new maintainer, you should probably request access to the
> chromium security mailing list since they tend to find a lot of the
> security issues disclosed for libxml2.
>
> Best wishes,
> Mike
>
>
>
> _______________________________________________
> debian-xml-sgml-pkgs mailing list
> debian-xml-sgml-pkgs@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/debian-xml-sgml-pkgs



-- 
YunQiang Su

Set Bug forwarded-to-address to 'https://bugzilla.gnome.org/show_bug.cgi?id=679475'. Request was from Michael Gilbert <michael.s.gilbert@gmail.com> to control@bugs.debian.org. (Thu, 05 Jul 2012 22:39:02 GMT) (full text, mbox, link).

Reply sent to Aron Xu <aron@debian.org>:
You have taken responsibility. (Sun, 22 Jul 2012 13:06:08 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer. (Sun, 22 Jul 2012 13:06:08 GMT) (full text, mbox, link).

Message #39 received at 679280-close@bugs.debian.org (full text, mbox, reply):

From: Aron Xu <aron@debian.org>
To: 679280-close@bugs.debian.org
Subject: Bug#679280: fixed in libxml2 2.8.0+dfsg1-5
Date: Sun, 22 Jul 2012 13:03:28 +0000
Source: libxml2
Source-Version: 2.8.0+dfsg1-5

We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 679280@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aron Xu <aron@debian.org> (supplier of updated libxml2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 19 Jul 2012 17:11:09 +0800
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg
Architecture: source amd64 all
Version: 2.8.0+dfsg1-5
Distribution: unstable
Urgency: low
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Aron Xu <aron@debian.org>
Description: 
 libxml2    - GNOME XML library
 libxml2-dbg - Debugging symbols for the GNOME XML library
 libxml2-dev - Development files for the GNOME XML library
 libxml2-doc - Documentation for the GNOME XML library
 libxml2-utils - XML utilities
 libxml2-utils-dbg - XML utilities (debug extension)
 python-libxml2 - Python bindings for the GNOME XML library
 python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension)
Closes: 679280
Changes: 
 libxml2 (2.8.0+dfsg1-5) unstable; urgency=low
 .
   [ Daniel Veillard ]
   * Fix parser local buffers size problems
   * Fix entities local buffers size problems
   CVE-2012-2807, Closes: #679280.
Checksums-Sha1: 
 71dcc1997232c10ca140876d31990f07bfe795ae 2137 libxml2_2.8.0+dfsg1-5.dsc
 cfa3607971766c1fad0a4093156ee4ef175eadba 31732 libxml2_2.8.0+dfsg1-5.debian.tar.gz
 a1eeb90cdf0c12ec618451857c47191690186438 902868 libxml2_2.8.0+dfsg1-5_amd64.deb
 42962cf2d53a4eeee3f95dbfdad31db747ca3a13 96084 libxml2-utils_2.8.0+dfsg1-5_amd64.deb
 b2bce6fa1eecff4e29db9ac59b4141ee36644d09 126608 libxml2-utils-dbg_2.8.0+dfsg1-5_amd64.deb
 76e3476dce56a327a73c11c86746e996ef7cc5c2 899162 libxml2-dev_2.8.0+dfsg1-5_amd64.deb
 48a58bb74c124a2e1b5d6d8655a40283b8f61676 1399146 libxml2-dbg_2.8.0+dfsg1-5_amd64.deb
 a37fae7cf64e97979bc125c88ec3e5d06e4f72ff 1355630 libxml2-doc_2.8.0+dfsg1-5_all.deb
 70ca8272af9813bf9dbf1a189b488c0f7369e3c1 345030 python-libxml2_2.8.0+dfsg1-5_amd64.deb
 96e4c8425108396971dadd6dc3a6855cfdf013ed 726816 python-libxml2-dbg_2.8.0+dfsg1-5_amd64.deb
Checksums-Sha256: 
 1f4587ad5ee32eea2b1bf02ed6ff27da885a00a7083d815e20c4e31fc61bfedf 2137 libxml2_2.8.0+dfsg1-5.dsc
 3fe8bc675b88322758ee2aea12a96c1831bce234dfa79ca6840e57497d6c2bcc 31732 libxml2_2.8.0+dfsg1-5.debian.tar.gz
 739972eaeccf9eb619b3dc06f9f35abdef305c2b2ff214e2ec77efd8dd9837f5 902868 libxml2_2.8.0+dfsg1-5_amd64.deb
 48c50f600627277c75b8d20e6e080214f75e744bfa3048977335914a02f72c6b 96084 libxml2-utils_2.8.0+dfsg1-5_amd64.deb
 76b510b145a4fe3333d9586c1c911cb0de43c2fa4889ee797768d2dbab653942 126608 libxml2-utils-dbg_2.8.0+dfsg1-5_amd64.deb
 98caadd25e99b5a729c93e2a9ccaa37599b782ef0d50b8d4008a7b294d5534b3 899162 libxml2-dev_2.8.0+dfsg1-5_amd64.deb
 a55c755e50c0efc2ca2499d4317416c732c2c6e8fac5d7695660c583bb71883f 1399146 libxml2-dbg_2.8.0+dfsg1-5_amd64.deb
 617091a8d44720b014b1a3f1a3c8e4897fad48a790098df49cf707bc4bc38993 1355630 libxml2-doc_2.8.0+dfsg1-5_all.deb
 1e5cb8ddb0135e7fdc6dffba1d2e0378a26cb0f7f1f24ee3ea5bf92fd8c3402c 345030 python-libxml2_2.8.0+dfsg1-5_amd64.deb
 d826dea66276dc28d2154472a4c879cef24359d3c0ed9e0be55915636b0bae8c 726816 python-libxml2-dbg_2.8.0+dfsg1-5_amd64.deb
Files: 
 66757617254ab03ec422ca07c6f3c904 2137 libs optional libxml2_2.8.0+dfsg1-5.dsc
 0951506ff8342e74c3fe3333ee0c1f65 31732 libs optional libxml2_2.8.0+dfsg1-5.debian.tar.gz
 21808c80ed12de76a24312819c342653 902868 libs standard libxml2_2.8.0+dfsg1-5_amd64.deb
 3c13a96d37b392367425147671cc38b6 96084 text optional libxml2-utils_2.8.0+dfsg1-5_amd64.deb
 bd94bd3799b70c634986372b2a5d03bd 126608 debug extra libxml2-utils-dbg_2.8.0+dfsg1-5_amd64.deb
 b03baf01273c79ecc838e67ba44a71d0 899162 libdevel optional libxml2-dev_2.8.0+dfsg1-5_amd64.deb
 170b55c029490df6aa763a299986f94a 1399146 debug extra libxml2-dbg_2.8.0+dfsg1-5_amd64.deb
 c29bbe8abdb9835b0997b93a5254bedd 1355630 doc optional libxml2-doc_2.8.0+dfsg1-5_all.deb
 33ebf550b18cdbd81f6d78edfe7ea452 345030 python optional python-libxml2_2.8.0+dfsg1-5_amd64.deb
 208712f77d5a0fdc9cc45fd17c3b6471 726816 debug extra python-libxml2-dbg_2.8.0+dfsg1-5_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAEBAgAGBQJQC/iOAAoJEIAhAkTu07wNWo0H/3VS3dafoIKuMWDjzDSfam6Z
CGgrgMFTWKdpW3zreX1NO8W5vLeIt224wflCSjiycpeL/kpvoaBDrBKuS4l4XXAw
Hpl2C05ZkeArOatsZALHnxl6d/8AzTvVclsQdF/siv2I8uwO6bKrsXYQDSQL1MIH
RYqO/xe5sipweuJFGW0wlrWjaQZ0nzpc63nesMgLiOnnwTZgasoUFyI5zHNrd13o
SsvxfXDy0YJAXRzgSD9ZV1cR63k8f1iaMEJFAsqKrESQmb/yAhu5SRzuaPNBziid
i6Ev++4tUz+PXfrBODSg7za16ZuorNZV+h479LFPD5AIQiL9QZ73hi37/SvuDG8=
=n00+
-----END PGP SIGNATURE-----

Information forwarded to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#679280; Package libxml2. (Wed, 01 Aug 2012 08:24:03 GMT) (full text, mbox, link).

Acknowledgement sent to shawn <shawnlandden@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>. (Wed, 01 Aug 2012 08:24:03 GMT) (full text, mbox, link).

Message #44 received at 679280@bugs.debian.org (full text, mbox, reply):

From: shawn <shawnlandden@gmail.com>
To: YunQiang Su <wzssyqa@gmail.com>, 679280@bugs.debian.org
Subject: libxml2 security patch
Date: Wed, 01 Aug 2012 01:22:00 -0700
the patch limits malloc to asking for a maximum of 512MB in one call, if
the call is larger it pretends that the call failed. This is probably to
mask some part of the code that isn't safe with >32 bit buffers, which
have been possible since linux2.6 and the introduction of mmap2(), which
takes sizes in pages instead of bytes, allowing allocations larger than
4GB.

See mmap(2)
-- 
-Shawn Landden

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 30 Aug 2012 07:28:40 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 17:50:57 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started