[ubuntu/plucky-proposed] libxmltok 1.2-4.1ubuntu4 (Accepted)

Bruce Cable bruce.cable at canonical.com
Thu Feb 27 00:15:20 UTC 2025 

libxmltok (1.2-4.1ubuntu4) plucky; urgency=medium

  * SECURITY UPDATE: integer overflow
    - xmlparse/xmlparse.c: add integer overflow checks and signed
      arthimetic
    - CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825,
    - CVE-2022-22826, CVE-2022-22827, CVE-2015-1283, CVE-2016-4472
  * SECURITY UPDATE: buffer overflow and integer overflow
    - xmlparse/xmlparse.c: assign a result for XmlConvert calls and verify
      if it matches with the expected XML_Convert_Result enum values.
      Add an integer overflow check and proper signed arithmetic
      overflow for blockSize in poolGrow().
    - xmltok/xmltok.c: add XML_Convert_Result return value for utf8_toUtf8,
      utf8_toUtf16, latin1_toUtf8, latin1_toUtf16, ascii_toUtf8, toUtf8,
      toUtf16, unknown_toUtf8 and unknown_toUtf16 methods.
    - xmltok/xmltok.h: add XML_Convert_Result enum values and return values
      for the above methods definitions.
    - xmltok/xmltok_impl.c: change if statement for ptr pointer when
      comparing to end pointer.
    - CVE-2016-0718
  * SECURITY UPDATE: denial of service
    - xmlparse/xmlparse.c: add a break statement in setElementTypePrefix().
    - CVE-2018-20843
  * SECURITY UPDATE: Heap-based buffer over-read
    - xmlparse/xmlparse.c: add a new parameter, allowClosingDoctype,
      to doProlog() and when in case XML_ROLE_DOCTYPE_CLOSE, verify if
      this parameter is not true and return an error. When invoking
      doProlog from prologProcessor(), passes allowClosingDoctype as true,
      and when invoking from processInternalParamEntity() passes
      allowClosingDoctype as false.
    - CVE-2019-15903
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2021-46143.patch: add an integer overflow check
      for groupSize variable at doProlog() in xmlparse/xmlparse.c.
    - CVE-2021-46143
  * SECURITY UPDATE: Memory leak
    - xmlparse/xmlparse.c: create a temporary variable to handle possible
      errors for pool->blocks realloc invocation in poolGrow().
    - CVE-2012-1148

Date: Wed, 26 Feb 2025 10:26:51 +1100
Changed-By: Bruce Cable <bruce.cable at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Alex Murray <alex.murray at canonical.com>
https://launchpad.net/ubuntu/+source/libxmltok/1.2-4.1ubuntu4
-------------- next part --------------
Format: 1.8
Date: Wed, 26 Feb 2025 10:26:51 +1100
Source: libxmltok
Built-For-Profiles: noudeb
Architecture: source
Version: 1.2-4.1ubuntu4
Distribution: plucky
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Bruce Cable <bruce.cable at canonical.com>
Changes:
 libxmltok (1.2-4.1ubuntu4) plucky; urgency=medium
 .
   * SECURITY UPDATE: integer overflow
     - xmlparse/xmlparse.c: add integer overflow checks and signed
       arthimetic
     - CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825,
     - CVE-2022-22826, CVE-2022-22827, CVE-2015-1283, CVE-2016-4472
   * SECURITY UPDATE: buffer overflow and integer overflow
     - xmlparse/xmlparse.c: assign a result for XmlConvert calls and verify
       if it matches with the expected XML_Convert_Result enum values.
       Add an integer overflow check and proper signed arithmetic
       overflow for blockSize in poolGrow().
     - xmltok/xmltok.c: add XML_Convert_Result return value for utf8_toUtf8,
       utf8_toUtf16, latin1_toUtf8, latin1_toUtf16, ascii_toUtf8, toUtf8,
       toUtf16, unknown_toUtf8 and unknown_toUtf16 methods.
     - xmltok/xmltok.h: add XML_Convert_Result enum values and return values
       for the above methods definitions.
     - xmltok/xmltok_impl.c: change if statement for ptr pointer when
       comparing to end pointer.
     - CVE-2016-0718
   * SECURITY UPDATE: denial of service
     - xmlparse/xmlparse.c: add a break statement in setElementTypePrefix().
     - CVE-2018-20843
   * SECURITY UPDATE: Heap-based buffer over-read
     - xmlparse/xmlparse.c: add a new parameter, allowClosingDoctype,
       to doProlog() and when in case XML_ROLE_DOCTYPE_CLOSE, verify if
       this parameter is not true and return an error. When invoking
       doProlog from prologProcessor(), passes allowClosingDoctype as true,
       and when invoking from processInternalParamEntity() passes
       allowClosingDoctype as false.
     - CVE-2019-15903
   * SECURITY UPDATE: Integer overflow
     - debian/patches/CVE-2021-46143.patch: add an integer overflow check
       for groupSize variable at doProlog() in xmlparse/xmlparse.c.
     - CVE-2021-46143
   * SECURITY UPDATE: Memory leak
     - xmlparse/xmlparse.c: create a temporary variable to handle possible
       errors for pool->blocks realloc invocation in poolGrow().
     - CVE-2012-1148
Checksums-Sha1:
 21276f0ab6cc780c26cd4d7351c188df1560d92e 1689 libxmltok_1.2-4.1ubuntu4.dsc
 4dd18c8faf887745dc686db42ce825866b421269 17416 libxmltok_1.2-4.1ubuntu4.debian.tar.xz
 4c2ce73e39dbc366240df71b6d3482664b8c99c9 5738 libxmltok_1.2-4.1ubuntu4_source.buildinfo
Checksums-Sha256:
 43cf5dce581033367ac1ec5434929a3ce235533e75d4b83881de8f10e51892a0 1689 libxmltok_1.2-4.1ubuntu4.dsc
 bf86f4161bf875801d1b954ad77604783a009ab67c01793a3cff5c9291af372c 17416 libxmltok_1.2-4.1ubuntu4.debian.tar.xz
 91d11638ad953f9937639e1cffd09f6dce08cc83aa73ae04e6cdcba1185bf083 5738 libxmltok_1.2-4.1ubuntu4_source.buildinfo
Files:
 b5fa40bee1aa15cf30ed5b573f643e1c 1689 libs optional libxmltok_1.2-4.1ubuntu4.dsc
 0df72b90b697b98d80b7926fdc40f7b1 17416 libs optional libxmltok_1.2-4.1ubuntu4.debian.tar.xz
 edec3f358c3eafedd67956a649cd30d6 5738 libs optional libxmltok_1.2-4.1ubuntu4_source.buildinfo
Original-Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs at lists.alioth.debian.org>

More information about the plucky-changes mailing list