Package: raptor-utils Version: 2.0.15-4 Severity: critical
CVE-2024-57823:there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path(). Upstream Fix https://github.com/dajobe/raptor/commit/da7a79976bd0314c23cce55d22495e7d29301c44 Reference: https://security-tracker.debian.org/tracker/CVE-2024-57823 https://nvd.nist.gov/vuln/detail/CVE-2024-57823 Test Procedures 1. set sourcelist cat /etc/apt/sources.list deb http://deb.debian.org/debian bookworm main deb-src http://deb.debian.org/debian bookworm main 2. "apt-get source raptor2" to get source code "raptor2-2.0.15" 3. copy the Tests-for-Github-issue-70.patch to debian/patch and update the series, then "quilt push -a" 4. run the testcase, the test case raptor_issue70a_test failed as expected. "./autogen.sh", and then "make && make test" make[4]: Entering directory '/home/raptor_cve/raptor2-2.0.15-build/tests/bugs' CC issue70a.o CCLD raptor_issue70a_test ../../build/test-driver: line 112: 3282723 Segmentation fault "$@" >> "$log_file" 2>&1 FAIL: raptor_issue70a_test CC issue70b.o CCLD raptor_issue70b_test PASS: raptor_issue70b_test ============================================================================ Testsuite summary for Raptor RDF Parser and Serializer library 2.0.15 ============================================================================ # TOTAL: 2 # PASS: 1 # SKIP: 0 # XFAIL: 0 # FAIL: 1 # XPASS: 0 # ERROR: 0 5. copy the CVE-2024-57823-Fix-Github-issue-70-A-Integer-Underflow-in-raptor_ur.patch to debian/patch and update the series, then "quilt push debian/patches/CVE-2024-57823-Fix-Github-issue-70-A-Integer-Underflow-in-raptor_ur.patch" the test case raptor_issue70a_test pass as expected. make[4]: Entering directory '/home/raptor_cve/raptor2-2.0.15-build/tests/bugs' CC issue70a.o CCLD raptor_issue70a_test PASS: raptor_issue70a_test CC issue70b.o CCLD raptor_issue70b_test PASS: raptor_issue70b_test ============================================================================ Testsuite summary for Raptor RDF Parser and Serializer library 2.0.15 ============================================================================ # TOTAL: 2 # PASS: 2 # SKIP: 0 # XFAIL: 0 # FAIL: 0 # XPASS: 0 # ERROR: 0 Thanks, RongFu
Tests-for-Github-issue-70.patch
Description: Tests-for-Github-issue-70.patch
CVE-2024-57823-Fix-Github-issue-70-A-Integer-Underflow-in-raptor_ur.patch
Description: CVE-2024-57823-Fix-Github-issue-70-A-Integer-Underflow-in-raptor_ur.patch
