[Git][security-tracker-team/security-tracker][master] CVE-2023-45322/libxml2 suggested patch is broken
Tobias Frost (@tobi)
tobi at debian.org
Sat Oct 26 16:45:56 BST 2024
Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8f06f248 by Tobias Frost at 2024-10-26T17:45:48+02:00
CVE-2023-45322/libxml2 suggested patch is broken
The mentioned fix, https://gitlab.gnome.org/GNOME/libxml2/-/commit/d39f78069dff496ec865c73aa44d7110e429bce9
caused a regression and has been reverted in https://gitlab.gnome.org/GNOME/libxml2/-/commit/de3f70146dc531a1f2c0976dc1c2bff84529f161
(https://gitlab.gnome.org/GNOME/libxml2/-/issues/634)
The issue has than been fixed again with https://gitlab.gnome.org/GNOME/libxml2/-/commit/8707838e69f9c6e729c1d1d46bb3681d9e622be5,
first seen in tag 2.13.0
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -96428,7 +96428,7 @@ CVE-2023-45322 (libxml2 through 2.11.5 has a use-after-free that can only occur
[bullseye] - libxml2 <no-dsa> (Minor issue)
[buster] - libxml2 <postponed> (Minor issue, very hard/unlikely to trigger)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/583
- NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/d39f78069dff496ec865c73aa44d7110e429bce9 (v2.12.0)
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8707838e69f9c6e729c1d1d46bb3681d9e622be5 (v2.13.0)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/344
NOTE: http://www.openwall.com/lists/oss-security/2023/10/06/5
CVE-2023-45199 (Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f06f2489b0b01741db325d51e58b32d8348c3c9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f06f2489b0b01741db325d51e58b32d8348c3c9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241026/182e5b3c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list