Bug#1014389: mapcache: CVE-2022-30045 incorrect memory handling leading to a heap out-of-bounds read
Neil Williams
codehelp at debian.org
Wed Jul 6 09:22:47 BST 2022
On Tue, 5 Jul 2022 11:58:12 +0200
Sebastiaan Couwenberg <sebastic at xs4all.nl> wrote:
> On 7/5/22 11:14, Neil Williams wrote:
> > CVE-2022-30045[0]:
> > | An issue was discovered in libezxml.a in ezXML 0.8.6. The function
> > | ezxml_decode() performs incorrect memory handling while parsing
> > | crafted XML files, leading to a heap out-of-bounds read.
>
> How is this different from #989363?
Only in that it's a different change within ezXML and a different CVE
identifier. Typically each separate vulnerability gets a unique CVE id.
If those CVEs are created as a batch, then a Debian bug can be filed
for multiple similar CVEs in a package. When one CVE turns up
much later, it needs it's own Debian bug report.
> It's another ezxml bug that needs to be fixed by updating the
> embedded copy of switching to something else.
>
> I'm tempted to merge these two issues.
Merging the Debian bugs will be fine. Please ensure that both CVE
identifiers are mentioned in the debian/changelog of the upload to
unstable that fixes the merged bug.
--
Neil Williams
=============
https://linux.codehelp.co.uk/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-grass-devel/attachments/20220706/b31b4da2/attachment-0001.sig>
More information about the Pkg-grass-devel
mailing list