Debian Bug report logs -
#493162
libxslt1.1: buffer overflow [CVE-2008-2935]
Reported by: "brian m. carlson" <sandals@crustytoothpaste.ath.cx>
Date: Thu, 31 Jul 2008 20:48:01 UTC
Severity: grave
Tags: patch, security
Found in version libxslt/1.1.24-1
Fixed in version libxslt/1.1.24-2
Done: Mike Hommey <glandium@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#493162; Package libxslt1.1.
(full text, mbox, link).
Acknowledgement sent to "brian m. carlson" <sandals@crustytoothpaste.ath.cx>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: libxslt1.1
Version: 1.1.24-1
Severity: grave
Tags: security
According to DSA 1624-1:
Chris Evans discovered that a buffer overflow in the RC4 functions of
libexslt may lead to the execution of arbitrary code.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libxslt1.1 depends on:
ii libc6 2.7-13 GNU C Library: Shared libraries
ii libgcrypt11 1.4.1-1 LGPL Crypto library - runtime libr
ii libxml2 2.6.32.dfsg-2 GNOME XML library
libxslt1.1 recommends no packages.
libxslt1.1 suggests no packages.
-- no debconf information
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only
troff on top of XML: http://crustytoothpaste.ath.cx/~bmc/code/thwack
OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
[signature.asc (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#493162; Package libxslt1.1.
(full text, mbox, link).
Acknowledgement sent to Thijs Kinkhorst <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(full text, mbox, link).
Message #10 received at 493162@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tags 493162 patch
thanks
[493162.patch (text/x-diff, attachment)]
[Message part 3 (application/pgp-signature, inline)]
Tags added: patch
Request was from Thijs Kinkhorst <thijs@debian.org>
to control@bugs.debian.org.
(Fri, 01 Aug 2008 07:12:06 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#493162; Package libxslt1.1.
(full text, mbox, link).
Acknowledgement sent to Mike Hommey <mh@glandium.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(full text, mbox, link).
Message #17 received at 493162@bugs.debian.org (full text, mbox, reply):
On Fri, Aug 01, 2008 at 09:11:05AM +0200, Thijs Kinkhorst <thijs@debian.org> wrote:
> tags 493162 patch
> thanks
Wouldn't a lot of the strings in this patch be better off allocated
on the stack?
Mike
Information forwarded to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#493162; Package libxslt1.1.
(full text, mbox, link).
Acknowledgement sent to Thijs Kinkhorst <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(full text, mbox, link).
Message #22 received at 493162@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Friday 1 August 2008 10:09, you wrote:
> On Fri, Aug 01, 2008 at 09:11:05AM +0200, Thijs Kinkhorst <thijs@debian.org>
wrote:
> > tags 493162 patch
> > thanks
>
> Wouldn't a lot of the strings in this patch be better off allocated
> on the stack?
Sorry, I should have made it clearer that I was just forwarding information we
got through vendor-sec and that has been applied to the upstream repository.
I've got no personal involvement with it.
cheers,
Thijs
[Message part 2 (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#493162; Package libxslt1.1.
(full text, mbox, link).
Acknowledgement sent to Mike Hommey <mh@glandium.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(full text, mbox, link).
Message #27 received at 493162@bugs.debian.org (full text, mbox, reply):
On Fri, Aug 01, 2008 at 10:19:32AM +0200, Thijs Kinkhorst <thijs@debian.org> wrote:
> On Friday 1 August 2008 10:09, you wrote:
> > On Fri, Aug 01, 2008 at 09:11:05AM +0200, Thijs Kinkhorst <thijs@debian.org>
> wrote:
> > > tags 493162 patch
> > > thanks
> >
> > Wouldn't a lot of the strings in this patch be better off allocated
> > on the stack?
>
> Sorry, I should have made it clearer that I was just forwarding information we
> got through vendor-sec and that has been applied to the upstream repository.
> I've got no personal involvement with it.
If that's what has been applied in upstream, then I'm not surprised.
Upstream likes to use heap.
Mike
Reply sent to Mike Hommey <glandium@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to "brian m. carlson" <sandals@crustytoothpaste.ath.cx>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #32 received at 493162-close@bugs.debian.org (full text, mbox, reply):
Source: libxslt
Source-Version: 1.1.24-2
We believe that the bug you reported is fixed in the latest version of
libxslt, which is due to be installed in the Debian FTP archive:
libxslt1-dbg_1.1.24-2_amd64.deb
to pool/main/libx/libxslt/libxslt1-dbg_1.1.24-2_amd64.deb
libxslt1-dev_1.1.24-2_amd64.deb
to pool/main/libx/libxslt/libxslt1-dev_1.1.24-2_amd64.deb
libxslt1.1_1.1.24-2_amd64.deb
to pool/main/libx/libxslt/libxslt1.1_1.1.24-2_amd64.deb
libxslt_1.1.24-2.diff.gz
to pool/main/libx/libxslt/libxslt_1.1.24-2.diff.gz
libxslt_1.1.24-2.dsc
to pool/main/libx/libxslt/libxslt_1.1.24-2.dsc
python-libxslt1_1.1.24-2_amd64.deb
to pool/main/libx/libxslt/python-libxslt1_1.1.24-2_amd64.deb
xsltproc_1.1.24-2_amd64.deb
to pool/main/libx/libxslt/xsltproc_1.1.24-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 493162@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mike Hommey <glandium@debian.org> (supplier of updated libxslt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 03 Aug 2008 09:03:42 +0200
Source: libxslt
Binary: libxslt1.1 libxslt1-dev libxslt1-dbg xsltproc python-libxslt1
Architecture: source amd64
Version: 1.1.24-2
Distribution: unstable
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Mike Hommey <glandium@debian.org>
Description:
libxslt1-dbg - XSLT processing library - debugging symbols
libxslt1-dev - XSLT processing library - development kit
libxslt1.1 - XSLT processing library - runtime library
python-libxslt1 - Python bindings for libxslt1
xsltproc - XSLT command line processor
Closes: 493162
Changes:
libxslt (1.1.24-2) unstable; urgency=high
.
* libexslt/crypto.c: Apply upstream fix for CVE-2008-2935. Closes: #493162.
Checksums-Sha1:
3db0e9c552e7348403d33db064e17a238c9e184a 1232 libxslt_1.1.24-2.dsc
72607bab3e3c2c800e486fe33d4e982d48090dba 75826 libxslt_1.1.24-2.diff.gz
40386cbd706bdeedb5e6402f16240c63600f8d32 237372 libxslt1.1_1.1.24-2_amd64.deb
1d8236f11aa5e092c1a2c37fd7cc54bac79ed3c1 645604 libxslt1-dev_1.1.24-2_amd64.deb
7faf50ba3f8005c10404c03c9061dd28c017d954 368028 libxslt1-dbg_1.1.24-2_amd64.deb
87342d4c95b09f5be6cf303e714cff165aea1fe5 111620 xsltproc_1.1.24-2_amd64.deb
1e18169d081ba46a160db15f0883b2c59ec8d5cd 164688 python-libxslt1_1.1.24-2_amd64.deb
Checksums-Sha256:
0e757bf6a46f671a5d121707fab5098976ddd932f612e63ec02ab686c3b26978 1232 libxslt_1.1.24-2.dsc
92e8cc530ce1aa1bdce3087c9190e6b1326a473b021516ec79b473785e73d9cd 75826 libxslt_1.1.24-2.diff.gz
504340bbcdd4d0c43ea5f6374cc4f466f6a63431e493fbd60de4037408303eb3 237372 libxslt1.1_1.1.24-2_amd64.deb
f68a93c97a57e193033061dd0da67bf6e713ff59b003e400fcb8d2e508fec6a9 645604 libxslt1-dev_1.1.24-2_amd64.deb
4a3e479c81250ed664f3c982a189a0fa5707a3f5a656dd04941bed0e3e52900a 368028 libxslt1-dbg_1.1.24-2_amd64.deb
e7df3f017604bebb822d86e97714391a1498861033f402a5cfa71502a1a6500b 111620 xsltproc_1.1.24-2_amd64.deb
1da28769b09fa9247e0d34ef101e4572b3000360919d65d3bb9a978668b5497e 164688 python-libxslt1_1.1.24-2_amd64.deb
Files:
11fe9a2590b41cb184ff9498bb79d23a 1232 text optional libxslt_1.1.24-2.dsc
d78aab20d0206a90d30c65beead53d9e 75826 text optional libxslt_1.1.24-2.diff.gz
eb108d285293804f989b269a182968f1 237372 libs optional libxslt1.1_1.1.24-2_amd64.deb
c34e264e540c103f170884428ffcb571 645604 libdevel optional libxslt1-dev_1.1.24-2_amd64.deb
296b16b0a317bb3780be88fe32187a7c 368028 libdevel extra libxslt1-dbg_1.1.24-2_amd64.deb
ade4dd2d638cddf03a1dd1f7b3136999 111620 text optional xsltproc_1.1.24-2_amd64.deb
a841a1d044464122c9c9cccde8dd017f 164688 python optional python-libxslt1_1.1.24-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIlVrM3kvaLFT9KlgRAqMlAJkBEDZZQcpojDc1IMVLBw/mzSW0ugCfdviY
wuke6pKVDSqW5HmfzgOYIFU=
=R22p
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 01 Sep 2008 07:37:47 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:28:21 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon