[xml/sgml-pkgs] Bug#1040818: bookworm-pu: package libxml2/2.9.14+dfsg-1.3~deb12u1

Salvatore Bonaccorso carnil at debian.org
Tue Jul 11 05:42:06 BST 2023 

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org at packages.debian.org
Usertags: pu
X-Debbugs-Cc: libxml2 at packages.debian.org, carnil at debian.org
Control: affects -1 + src:libxml2

Hi stable release managers,

[ Reason ]
libxml2 in bookworm and older is affected by CVE-2022-2309.
The issue does not warrant a DSA, so I prepared an update to be
included in the next point release.

[ Impact ]
CVE-2022-2309 remains open for bookworm.

[ Tests ]
None specifically.

[ Risks ]
The two commits are isolated.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
The two commits from upstream do reset ctxt->nsNr to 0 in xmlCtxtReset
(the original report) and as well in htmlCtxtReset to address the
issue in libxml2.

[ Other info ]
None.

Thanks for considering accepting the update as well for bookworm. I'm
aiming as well to do the same for bullseye-pu, but this has not been
done yet.

Regards,
Salvatore
-------------- next part --------------
diff -Nru libxml2-2.9.14+dfsg/debian/changelog libxml2-2.9.14+dfsg/debian/changelog
--- libxml2-2.9.14+dfsg/debian/changelog	2023-04-15 16:25:06.000000000 +0200
+++ libxml2-2.9.14+dfsg/debian/changelog	2023-07-10 21:58:07.000000000 +0200
@@ -1,3 +1,17 @@
+libxml2 (2.9.14+dfsg-1.3~deb12u1) bookworm; urgency=medium
+
+  * Rebuild for bookworm
+
+ -- Salvatore Bonaccorso <carnil at debian.org>  Mon, 10 Jul 2023 21:58:07 +0200
+
+libxml2 (2.9.14+dfsg-1.3) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Reset nsNr in xmlCtxtReset (CVE-2022-2309) (Closes: #1039991)
+  * Also reset nsNr in htmlCtxtReset (CVE-2022-2309) (Closes: #1039991)
+
+ -- Salvatore Bonaccorso <carnil at debian.org>  Sat, 08 Jul 2023 21:18:29 +0200
+
 libxml2 (2.9.14+dfsg-1.2) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru libxml2-2.9.14+dfsg/debian/patches/Also-reset-nsNr-in-htmlCtxtReset.patch libxml2-2.9.14+dfsg/debian/patches/Also-reset-nsNr-in-htmlCtxtReset.patch
--- libxml2-2.9.14+dfsg/debian/patches/Also-reset-nsNr-in-htmlCtxtReset.patch	1970-01-01 01:00:00.000000000 +0100
+++ libxml2-2.9.14+dfsg/debian/patches/Also-reset-nsNr-in-htmlCtxtReset.patch	2023-07-10 21:58:07.000000000 +0200
@@ -0,0 +1,27 @@
+From: Nick Wellnhofer <wellnhofer at aevum.de>
+Date: Thu, 28 Jul 2022 21:35:17 +0200
+Subject: Also reset nsNr in htmlCtxtReset
+origin: https://gitlab.gnome.org/GNOME/libxml2/-/commit/a82ea25fc83f563c574ddb863d6c17d9c5abdbd2
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2022-2309
+Bug-Debian: https://bugs.debian.org/1039991
+
+---
+ HTMLparser.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/HTMLparser.c b/HTMLparser.c
+index 9079fa8aa52d..1520663ba2af 100644
+--- a/HTMLparser.c
++++ b/HTMLparser.c
+@@ -6743,6 +6743,8 @@ htmlCtxtReset(htmlParserCtxtPtr ctxt)
+     ctxt->nameNr = 0;
+     ctxt->name = NULL;
+ 
++    ctxt->nsNr = 0;
++
+     DICT_FREE(ctxt->version);
+     ctxt->version = NULL;
+     DICT_FREE(ctxt->encoding);
+-- 
+2.40.1
+
diff -Nru libxml2-2.9.14+dfsg/debian/patches/Reset-nsNr-in-xmlCtxtReset.patch libxml2-2.9.14+dfsg/debian/patches/Reset-nsNr-in-xmlCtxtReset.patch
--- libxml2-2.9.14+dfsg/debian/patches/Reset-nsNr-in-xmlCtxtReset.patch	1970-01-01 01:00:00.000000000 +0100
+++ libxml2-2.9.14+dfsg/debian/patches/Reset-nsNr-in-xmlCtxtReset.patch	2023-07-10 21:58:07.000000000 +0200
@@ -0,0 +1,27 @@
+From: Nick Wellnhofer <wellnhofer at aevum.de>
+Date: Mon, 18 Jul 2022 20:59:45 +0200
+Subject: Reset nsNr in xmlCtxtReset
+origin: https://gitlab.gnome.org/GNOME/libxml2/-/commit/5930fe01963136ab92125feec0c6204d9c9225dc
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2022-2309
+Bug-Debian: https://bugs.debian.org/1039991
+
+---
+ parser.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/parser.c b/parser.c
+index d278638dd6d4..e660b0a7d499 100644
+--- a/parser.c
++++ b/parser.c
+@@ -14820,6 +14820,8 @@ xmlCtxtReset(xmlParserCtxtPtr ctxt)
+     ctxt->nameNr = 0;
+     ctxt->name = NULL;
+ 
++    ctxt->nsNr = 0;
++
+     DICT_FREE(ctxt->version);
+     ctxt->version = NULL;
+     DICT_FREE(ctxt->encoding);
+-- 
+2.40.1
+
diff -Nru libxml2-2.9.14+dfsg/debian/patches/series libxml2-2.9.14+dfsg/debian/patches/series
--- libxml2-2.9.14+dfsg/debian/patches/series	2023-04-15 16:25:06.000000000 +0200
+++ libxml2-2.9.14+dfsg/debian/patches/series	2023-07-10 21:58:07.000000000 +0200
@@ -6,3 +6,5 @@
 schemas-Fix-null-pointer-deref-in-xmlSchemaCheckCOSS.patch
 CVE-2023-28484-Fix-null-deref-in-xmlSchemaFixupCompl.patch
 CVE-2023-29469-Hashing-of-empty-dict-strings-isn-t-d.patch
+Reset-nsNr-in-xmlCtxtReset.patch
+Also-reset-nsNr-in-htmlCtxtReset.patch

More information about the debian-xml-sgml-pkgs mailing list