Debian Bug report logs -
#607922
CVE-2010-4494: memory corruption (double-free) in XPath processing code
Reported by: Giuseppe Iuculano <iuculano@debian.org>
Date: Fri, 24 Dec 2010 12:21:01 UTC
Severity: serious
Tags: patch, security
Fixed in versions libxml2/2.7.8.dfsg-2, libxml2/2.6.32.dfsg-5+lenny3
Done: Mike Hommey <glandium@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#607922; Package libxml2.
(Fri, 24 Dec 2010 12:21:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Giuseppe Iuculano <iuculano@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(Fri, 24 Dec 2010 12:21:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libxml2
Severity: serious
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libxml2.
CVE-2010-4494[0]:
| Double free vulnerability in Google Chrome before 8.0.552.215 allows
| remote attackers to cause a denial of service or possibly have
| unspecified other impact via vectors related to XPath handling.
Patch: http://git.gnome.org/browse/libxml2/commit/?id=df83c17e5a2646bd923f75e5e507bc80d73c9722
http://git.gnome.org/browse/libxml2/commit/?id=fec31bcd452e77c10579467ca87a785b41115de6
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4494
http://security-tracker.debian.org/tracker/CVE-2010-4494
http://code.google.com/p/chromium/issues/detail?id=63444
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk0Ujz4ACgkQNxpp46476aolzACfaHIcOhuivzJBkMyY7RJnx2eF
lsEAnRb/JFF6MetVtL68wbKMWpZAMWP1
=cbLo
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#607922; Package libxml2.
(Fri, 24 Dec 2010 18:21:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Jonathan Wiltshire <jmw@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(Fri, 24 Dec 2010 18:21:03 GMT) (full text, mbox, link).
Message #10 received at 607922@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tags 607922 + pending
thanks
Dear maintainer,
I've prepared an NMU for libxml2 (versioned as 2.7.8.dfsg-1.1) and
uploaded it to DELAYED/5. Please feel free to tell me if I
should delay it longer.
Regards.
--
Jonathan Wiltshire jmw@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
[libxml2-2.7.8.dfsg-1.1-nmu.diff (text/x-diff, attachment)]
[signature.asc (application/pgp-signature, inline)]
Added tag(s) pending.
Request was from Jonathan Wiltshire <jmw@debian.org>
to control@bugs.debian.org.
(Fri, 24 Dec 2010 18:21:05 GMT) (full text, mbox, link).
Reply sent
to Mike Hommey <glandium@debian.org>:
You have taken responsibility.
(Sat, 25 Dec 2010 10:33:07 GMT) (full text, mbox, link).
Notification sent
to Giuseppe Iuculano <iuculano@debian.org>:
Bug acknowledged by developer.
(Sat, 25 Dec 2010 10:33:07 GMT) (full text, mbox, link).
Message #17 received at 607922-close@bugs.debian.org (full text, mbox, reply):
Source: libxml2
Source-Version: 2.7.8.dfsg-2
We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive:
libxml2-dbg_2.7.8.dfsg-2_amd64.deb
to main/libx/libxml2/libxml2-dbg_2.7.8.dfsg-2_amd64.deb
libxml2-dev_2.7.8.dfsg-2_amd64.deb
to main/libx/libxml2/libxml2-dev_2.7.8.dfsg-2_amd64.deb
libxml2-doc_2.7.8.dfsg-2_all.deb
to main/libx/libxml2/libxml2-doc_2.7.8.dfsg-2_all.deb
libxml2-utils_2.7.8.dfsg-2_amd64.deb
to main/libx/libxml2/libxml2-utils_2.7.8.dfsg-2_amd64.deb
libxml2_2.7.8.dfsg-2.diff.gz
to main/libx/libxml2/libxml2_2.7.8.dfsg-2.diff.gz
libxml2_2.7.8.dfsg-2.dsc
to main/libx/libxml2/libxml2_2.7.8.dfsg-2.dsc
libxml2_2.7.8.dfsg-2_amd64.deb
to main/libx/libxml2/libxml2_2.7.8.dfsg-2_amd64.deb
python-libxml2-dbg_2.7.8.dfsg-2_amd64.deb
to main/libx/libxml2/python-libxml2-dbg_2.7.8.dfsg-2_amd64.deb
python-libxml2_2.7.8.dfsg-2_amd64.deb
to main/libx/libxml2/python-libxml2_2.7.8.dfsg-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 607922@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mike Hommey <glandium@debian.org> (supplier of updated libxml2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 25 Dec 2010 10:48:27 +0100
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg
Architecture: source amd64 all
Version: 2.7.8.dfsg-2
Distribution: unstable
Urgency: low
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Mike Hommey <glandium@debian.org>
Description:
libxml2 - GNOME XML library
libxml2-dbg - Debugging symbols for the GNOME XML library
libxml2-dev - Development files for the GNOME XML library
libxml2-doc - Documentation for the GNOME XML library
libxml2-utils - XML utilities
python-libxml2 - Python bindings for the GNOME XML library
python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension)
Closes: 607922
Changes:
libxml2 (2.7.8.dfsg-2) unstable; urgency=low
.
* xpath.c: Fix a double-freeing error in XPath processing code.
(CVE-2010-4494). Closes: #607922.
Checksums-Sha1:
4b50bf865de835ce9ad07e67f2e805a54ee2527e 2150 libxml2_2.7.8.dfsg-2.dsc
54e6d9c593ec6d062319e445e9defe513f4e72b6 110946 libxml2_2.7.8.dfsg-2.diff.gz
745e9b9ed82e7fe7b9bb39bf21df4568012af2ea 872724 libxml2_2.7.8.dfsg-2_amd64.deb
36eaf121287b88300dc58b4ecae557fdbe460b95 93276 libxml2-utils_2.7.8.dfsg-2_amd64.deb
16332af5aed87d79f272e21dea9fbc298d1c6eb0 830156 libxml2-dev_2.7.8.dfsg-2_amd64.deb
e3b13ce870b2a58562ebfda94a782d15e5d60cc4 987618 libxml2-dbg_2.7.8.dfsg-2_amd64.deb
7c2981b80bd69aa152734faaba6f760737408c30 1346940 libxml2-doc_2.7.8.dfsg-2_all.deb
f9167585aaa4951212074b2ba8934b3202027aed 337656 python-libxml2_2.7.8.dfsg-2_amd64.deb
4084b7deba4efd9644e41978804bde6c53c050d0 870136 python-libxml2-dbg_2.7.8.dfsg-2_amd64.deb
Checksums-Sha256:
bf2505b563cabd932b6722a006f52cecfec23a1d614c2e46d7c2a7bf6f97ebfa 2150 libxml2_2.7.8.dfsg-2.dsc
11311675f86081e7e820c9aa8d9f6bcccc20eed15dfa9696421baf7c284a9383 110946 libxml2_2.7.8.dfsg-2.diff.gz
eee4dfc1127d031810de2a2fb7ba8a4db8c49e49be7eaa55f083110aa226b70c 872724 libxml2_2.7.8.dfsg-2_amd64.deb
64fc7e8bbc892db82373e8778efdaa9073aefca6a88a092b0cd692a3cdd31286 93276 libxml2-utils_2.7.8.dfsg-2_amd64.deb
e0b7c89ca8a51aaf1d4a38c44cfa731bd25949f3e0c50b78d60c545f6d08f74a 830156 libxml2-dev_2.7.8.dfsg-2_amd64.deb
fbe09130b350e01a1c3113fd8150b6952326a923c6da867e034df6d1b0e5d69b 987618 libxml2-dbg_2.7.8.dfsg-2_amd64.deb
224bfc0384a35779225b76cff30afebda42331a7b8a4b56a62053effead824b9 1346940 libxml2-doc_2.7.8.dfsg-2_all.deb
f8d56b1ab442847ad892b9582ea8f78ea3deaca7c5102a9260e122f4f0e091c1 337656 python-libxml2_2.7.8.dfsg-2_amd64.deb
87a7bca3ec249dc886c15d61ba4e4230db5da1427fd216972173ad79041bbd56 870136 python-libxml2-dbg_2.7.8.dfsg-2_amd64.deb
Files:
17ad546ec67e277faa012b1ce79151ac 2150 libs optional libxml2_2.7.8.dfsg-2.dsc
d076fc7807d2b1c5fd6721968834663b 110946 libs optional libxml2_2.7.8.dfsg-2.diff.gz
65ac8e1208f34fb42dbbd211f893f4e1 872724 libs standard libxml2_2.7.8.dfsg-2_amd64.deb
f894db7b0d28baad4eb1c06fa9afeab2 93276 text optional libxml2-utils_2.7.8.dfsg-2_amd64.deb
1070151ad04919c45ab1ab12de5f67ac 830156 libdevel optional libxml2-dev_2.7.8.dfsg-2_amd64.deb
12346f21798bb4fe5c5534b60ecb44f8 987618 debug extra libxml2-dbg_2.7.8.dfsg-2_amd64.deb
14665eae8304816569b179b295b08fce 1346940 doc optional libxml2-doc_2.7.8.dfsg-2_all.deb
51446f5de43ccd6392336554c06410d4 337656 python optional python-libxml2_2.7.8.dfsg-2_amd64.deb
67a602741662179daac003ed4411aead 870136 debug extra python-libxml2-dbg_2.7.8.dfsg-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIVAwUBTRXBMuQqoE+mqoxyAQiSCQ/9FDaD8a6hQBp4C9p8ZUkfMDpAV2caCQnW
S8vLQRheqZ7ZgvpEu4sJIq45ua6Uq4E1WNkiTavenUYUd+jjUnITP0ys5bhbfTpB
0BKQ77/DalYciELcSCHVCNeU+a8u1F9PKyp6CFivGVriUBNTNBmOGMS8tCV+x8SG
7BYCTOZXcszch8uc7RslGWc5S/GbqJGP2dmVARQVTfTx9YmPGzvZCTyjGW+egljS
d5eEoB5JI7YEe5D04MKTlpXw4PaYsYfh8dEiKtLy7mvwQERn5tbWXHYmAhdZGXVJ
Eatj9s/J4bMlC6/b5/Skp+VAF607IqWUwU/Gv6iBTYRzZuMg4dVGywR23WkJORdr
nVC0jARdtYSkMr07ZJRKt5QUeGM21GjFpyWDTb0PC7ypj4+xj3QVz48JeJaEKMqS
T1qzHu4GzXMKssV3cVw/gKgfgn/lyAm6M9IzvhOX40rItvtI124Wls7jaghzb8Yp
5hCacJYazoPHdAePRqUgk1Jupi5XahncaL/x18ekB3X42ShyN/VGa1OD1Vwr9T73
roCrkO0POHe9NKWlqm1SMmkwPAC+ljhp+bEztODSJ9Qv2n0oCmhpF/AcggzBde5o
YRsuZnaYSdl48wqEu422FVREBEZdo/56oljjnN4EBacMU22CayLMELGd7zxvWWkR
8ioqQxDG++8=
=rsXG
-----END PGP SIGNATURE-----
Reply sent
to Mike Hommey <glandium@debian.org>:
You have taken responsibility.
(Sun, 26 Dec 2010 19:57:08 GMT) (full text, mbox, link).
Notification sent
to Giuseppe Iuculano <iuculano@debian.org>:
Bug acknowledged by developer.
(Sun, 26 Dec 2010 19:57:08 GMT) (full text, mbox, link).
Message #22 received at 607922-close@bugs.debian.org (full text, mbox, reply):
Source: libxml2
Source-Version: 2.6.32.dfsg-5+lenny3
We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive:
libxml2-dbg_2.6.32.dfsg-5+lenny3_amd64.deb
to main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny3_amd64.deb
libxml2-dev_2.6.32.dfsg-5+lenny3_amd64.deb
to main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny3_amd64.deb
libxml2-doc_2.6.32.dfsg-5+lenny3_all.deb
to main/libx/libxml2/libxml2-doc_2.6.32.dfsg-5+lenny3_all.deb
libxml2-utils_2.6.32.dfsg-5+lenny3_amd64.deb
to main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny3_amd64.deb
libxml2_2.6.32.dfsg-5+lenny3.diff.gz
to main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny3.diff.gz
libxml2_2.6.32.dfsg-5+lenny3.dsc
to main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny3.dsc
libxml2_2.6.32.dfsg-5+lenny3_amd64.deb
to main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny3_amd64.deb
python-libxml2_2.6.32.dfsg-5+lenny3_amd64.deb
to main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny3_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 607922@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mike Hommey <glandium@debian.org> (supplier of updated libxml2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 25 Dec 2010 10:48:27 +0100
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc python-libxml2
Architecture: source all amd64
Version: 2.6.32.dfsg-5+lenny3
Distribution: stable-security
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Mike Hommey <glandium@debian.org>
Description:
libxml2 - GNOME XML library
libxml2-dbg - Debugging symbols for the GNOME XML library
libxml2-dev - Development files for the GNOME XML library
libxml2-doc - Documentation for the GNOME XML library
libxml2-utils - XML utilities
python-libxml2 - Python bindings for the GNOME XML library
Closes: 607922
Changes:
libxml2 (2.6.32.dfsg-5+lenny3) stable-security; urgency=high
.
* xpath.c: Fix a double-freeing error in XPath processing code.
(CVE-2010-4494). Closes: #607922.
Checksums-Sha1:
d62bf78e632021a0fb83c27500c42d08a95fc8d7 1985 libxml2_2.6.32.dfsg-5+lenny3.dsc
3263b429e037eabd511ce0c92f43fe5c6f2dfb0f 83834 libxml2_2.6.32.dfsg-5+lenny3.diff.gz
d5460ebffb943f01dd99c0426a463ac8a03a3642 1307018 libxml2-doc_2.6.32.dfsg-5+lenny3_all.deb
abb233d73bd073e762a268509181c4ab1bde8588 860420 libxml2_2.6.32.dfsg-5+lenny3_amd64.deb
1214a6923ed8f497ee39e557498ee441d3a1a652 37400 libxml2-utils_2.6.32.dfsg-5+lenny3_amd64.deb
8ee7e3b5bf5d699ae560ded80cefdf70364e40af 774226 libxml2-dev_2.6.32.dfsg-5+lenny3_amd64.deb
db26a069fbd8b9cad50c2630c06a9ade613ea6e6 987446 libxml2-dbg_2.6.32.dfsg-5+lenny3_amd64.deb
6945bbd5ac694a8f6d5931ef812732a2a7dc701a 294578 python-libxml2_2.6.32.dfsg-5+lenny3_amd64.deb
Checksums-Sha256:
912d025d7f6355a1fac3cf202b146e2798314cd899d744f68e65699bca3e32e5 1985 libxml2_2.6.32.dfsg-5+lenny3.dsc
d4b88a29c1df368490da8cd288df02cef2f5ba17422164113d8c961bef7f58f9 83834 libxml2_2.6.32.dfsg-5+lenny3.diff.gz
257f4f34c66a3b3319cd6e34a1d76c1ed0ed3df53fff44920a77239efcb8eb7b 1307018 libxml2-doc_2.6.32.dfsg-5+lenny3_all.deb
4a364e5ccfcecd515eacaa444a56aa5479d9ba19f997882ecff42c3cce6f31c8 860420 libxml2_2.6.32.dfsg-5+lenny3_amd64.deb
52018aea17bfd95c519f2b5bd19067c3ad234258fe21e4de8bb1366e67b9f32e 37400 libxml2-utils_2.6.32.dfsg-5+lenny3_amd64.deb
0464ea44e3da7dc313a6eda506452d237e0f4b1347ab47d4ef1afc4208c4d9d5 774226 libxml2-dev_2.6.32.dfsg-5+lenny3_amd64.deb
f48d8c6db591db19d5b093c0e5926d3de25c0bc9da64b4cb575a5824aed62b11 987446 libxml2-dbg_2.6.32.dfsg-5+lenny3_amd64.deb
fcd6512b83ce39e6454fdca3ef14b83329461607573a1d6e356f5ac4d5b71da9 294578 python-libxml2_2.6.32.dfsg-5+lenny3_amd64.deb
Files:
f42227ce90e7d0e5fb787168a8a7007d 1985 libs optional libxml2_2.6.32.dfsg-5+lenny3.dsc
70ba3e766175e52be697f9675a1a6320 83834 libs optional libxml2_2.6.32.dfsg-5+lenny3.diff.gz
120cc49364903ed2908bdb677d0da494 1307018 doc optional libxml2-doc_2.6.32.dfsg-5+lenny3_all.deb
5a0eebeca3865141c94c4dfc6edf7a94 860420 libs optional libxml2_2.6.32.dfsg-5+lenny3_amd64.deb
753b813b3136b497013d014e9a2e8884 37400 text optional libxml2-utils_2.6.32.dfsg-5+lenny3_amd64.deb
819f5afccd765abf9951a8f7efa85daf 774226 libdevel optional libxml2-dev_2.6.32.dfsg-5+lenny3_amd64.deb
c39577c66f78d54835d63ac84bef1311 987446 libdevel extra libxml2-dbg_2.6.32.dfsg-5+lenny3_amd64.deb
e3499b10d3044ffdf33fe31480c51ee3 294578 python optional python-libxml2_2.6.32.dfsg-5+lenny3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIVAwUBTRXBNuQqoE+mqoxyAQim0w/+MIUxxtckPcKTKoGGYfZZJCie6a1CT0tB
N14KPFUSCggpuW1q/+1DebzjimsTYecTPqOpazrABgWjtm+JN9cbt93k2wFhU//A
V6VKZN1IV1ZLpXg/1a2wds4BPqeHG/8XtRWI0HIk1AkVgNvFq/RNoCjzZM1GaYNd
IDi69rYftXliDSo9Nn75L2CyNH5x0CbloZy8kK+cXSpqSHtgEM2FiW+54y2/KZvF
MiM8ztf3pYVZTB1pCXz/Yi8SXdZ1nv8i+dJ61AqkJ4Go4rsrPLygSLBlOy1oZpcB
DyGt0SSyiIPGWqRn8PdjXOfdvU/nQ4hyeMYNrdah409zL3pNvnhNLqALa7BZhHpa
CN7KNHvswMMwehCou+LJ8IDQKJ4iej51OlygF+1sTvt+7Pvv6dk3vh8bhNA48AHU
zNcT+baUv59KCLJkJ3BpSgwV91NyuHOeyCE30aif+AUi/rVlwQr0zwteoIO360PG
fIskCVL6z5iCcg9XtXX0X+SP84M39bP2LRFF4ANy/+nvbdAhKDAdhpWSPsvrSmP8
G1xnG2mEcWhiAwJV1GqwVWcLKAf62mMstcAhgWI8B/Gp0tm2diG/oSxDR+u/VskA
ZHCXVDIGbZvtDWleRgqgdIdqg9IRHU0SuU1H67GnujJSBbSh0D+6jWoLAi0vxBLj
9zOLuGt7Cig=
=2RkR
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 25 Jan 2011 07:31:53 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:51:53 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon