missing patch in USN-2834-1 security updates

Bug #1525996 reported by Marc Deslauriers on 2015-12-14
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libxml2 (Ubuntu)
Undecided
Marc Deslauriers
Precise
Undecided
Marc Deslauriers
Trusty
Undecided
Marc Deslauriers
Vivid
Undecided
Marc Deslauriers
Wily
Undecided
Marc Deslauriers
Xenial
Undecided
Marc Deslauriers

Bug Description

USN-2834-1 contained a fix for CVE-2015-7499, but did not contain the following subsequent commit:

https://git.gnome.org/browse/libxml2/commit/?id=ce0b0d0d81fdbb5f722a890432b52d363e4de57b

See post from Tom Lane here:

http://<email address hidden>

CVE References

Changed in libxml2 (Ubuntu Precise):
status: New → Confirmed
Changed in libxml2 (Ubuntu Trusty):
status: New → Confirmed
Changed in libxml2 (Ubuntu Vivid):
status: New → Confirmed
Changed in libxml2 (Ubuntu Wily):
status: New → Confirmed
Changed in libxml2 (Ubuntu Xenial):
status: New → Confirmed
Changed in libxml2 (Ubuntu Precise):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in libxml2 (Ubuntu Trusty):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in libxml2 (Ubuntu Vivid):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in libxml2 (Ubuntu Wily):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in libxml2 (Ubuntu Xenial):
assignee: nobody → Marc Deslauriers (mdeslaur)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libxml2 - 2.9.2+zdfsg1-4ubuntu3

---------------
libxml2 (2.9.2+zdfsg1-4ubuntu3) xenial; urgency=medium

  * SECURITY UPDATE: incomplete fix for out of bounds read in xmlGROW
    (LP: #1525996)
    - add extra commits to this previously-fixed CVE
    - debian/patches/CVE-2015-7499-3.patch: reuse xmlHaltParser() where it
      makes sense in parser.c.
    - debian/patches/CVE-2015-7499-4.patch: do not print error context when
      there is none in error.c.
    - CVE-2015-7499
  * SECURITY UPDATE: out of bounds memory access via unclosed html comment
    - debian/patches/CVE-2015-8710.patch: fix parsing short unclosed
      comment uninitialized access in HTMLparser.c.
    - CVE-2015-8710

 -- Marc Deslauriers <email address hidden> Thu, 14 Jan 2016 08:59:31 -0500

Changed in libxml2 (Ubuntu Xenial):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libxml2 - 2.9.2+zdfsg1-4ubuntu0.3

---------------
libxml2 (2.9.2+zdfsg1-4ubuntu0.3) wily-security; urgency=medium

  * SECURITY UPDATE: incomplete fix for out of bounds read in xmlGROW
    (LP: #1525996)
    - add extra commits to this previously-fixed CVE
    - debian/patches/CVE-2015-7499-3.patch: reuse xmlHaltParser() where it
      makes sense in parser.c.
    - debian/patches/CVE-2015-7499-4.patch: do not print error context when
      there is none in error.c.
    - CVE-2015-7499
  * SECURITY UPDATE: out of bounds memory access via unclosed html comment
    - debian/patches/CVE-2015-8710.patch: fix parsing short unclosed
      comment uninitialized access in HTMLparser.c.
    - CVE-2015-8710

 -- Marc Deslauriers <email address hidden> Thu, 14 Jan 2016 13:11:43 -0500

Changed in libxml2 (Ubuntu Wily):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libxml2 - 2.9.2+dfsg1-3ubuntu0.3

---------------
libxml2 (2.9.2+dfsg1-3ubuntu0.3) vivid-security; urgency=medium

  * SECURITY UPDATE: incomplete fix for out of bounds read in xmlGROW
    (LP: #1525996)
    - add extra commits to this previously-fixed CVE
    - debian/patches/CVE-2015-7499-3.patch: reuse xmlHaltParser() where it
      makes sense in parser.c.
    - debian/patches/CVE-2015-7499-4.patch: do not print error context when
      there is none in error.c.
    - CVE-2015-7499
  * SECURITY UPDATE: out of bounds memory access via unclosed html comment
    - debian/patches/CVE-2015-8710.patch: fix parsing short unclosed
      comment uninitialized access in HTMLparser.c.
    - CVE-2015-8710

 -- Marc Deslauriers <email address hidden> Thu, 14 Jan 2016 13:12:24 -0500

Changed in libxml2 (Ubuntu Vivid):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libxml2 - 2.7.8.dfsg-5.1ubuntu4.14

---------------
libxml2 (2.7.8.dfsg-5.1ubuntu4.14) precise-security; urgency=medium

  * SECURITY UPDATE: incomplete fix for out of bounds read in xmlGROW
    (LP: #1525996)
    - add extra commits to this previously-fixed CVE
    - parser.c: reuse xmlHaltParser() where it makes sense.
    - e3b1597421ad7cbeb5939fc3b54f43f141c82366
    - error.c: do not print error context when there is none.
    - ce0b0d0d81fdbb5f722a890432b52d363e4de57b
    - CVE-2015-7499
  * SECURITY UPDATE: out of bounds memory access via unclosed html comment
    - HTMLparser.c: fix parsing short unclosed comment uninitialized
      access.
    - e724879d964d774df9b7969fc846605aa1bac54c
    - CVE-2015-8710

 -- Marc Deslauriers <email address hidden> Thu, 14 Jan 2016 13:16:09 -0500

Changed in libxml2 (Ubuntu Precise):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libxml2 - 2.9.1+dfsg1-3ubuntu4.7

---------------
libxml2 (2.9.1+dfsg1-3ubuntu4.7) trusty-security; urgency=medium

  * SECURITY UPDATE: incomplete fix for out of bounds read in xmlGROW
    (LP: #1525996)
    - add extra commits to this previously-fixed CVE
    - debian/patches/CVE-2015-7499-3.patch: reuse xmlHaltParser() where it
      makes sense in parser.c.
    - debian/patches/CVE-2015-7499-4.patch: do not print error context when
      there is none in error.c.
    - CVE-2015-7499
  * SECURITY UPDATE: out of bounds memory access via unclosed html comment
    - debian/patches/CVE-2015-8710.patch: fix parsing short unclosed
      comment uninitialized access in HTMLparser.c.
    - CVE-2015-8710

 -- Marc Deslauriers <email address hidden> Thu, 14 Jan 2016 13:13:10 -0500

Changed in libxml2 (Ubuntu Trusty):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers