Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Hi, Please unblock package xerces-c, it fixes CVE-2015-0252, reported as #780827 in the BTS: > xerces-c (3.1.1-5.1) unstable; urgency=high > > * Non-maintainer upload. > * Add CVE-2015-0252.patch patch. > CVE-2015-0252: Apache Xerces-C XML parser crashes on malformed input. > (Closes: #780827) > > -- Salvatore Bonaccorso <car...@debian.org> Fri, 20 Mar 2015 19:40:31 +0100 We have already released as well a DSA for it as 3.1.1-3+deb7u1. unblock xerces-c/3.1.1-5.1 Regards, Salvatore
diff -Nru xerces-c-3.1.1/debian/changelog xerces-c-3.1.1/debian/changelog --- xerces-c-3.1.1/debian/changelog 2014-01-08 21:48:52.000000000 +0100 +++ xerces-c-3.1.1/debian/changelog 2015-03-20 19:43:44.000000000 +0100 @@ -1,3 +1,12 @@ +xerces-c (3.1.1-5.1) unstable; urgency=high + + * Non-maintainer upload. + * Add CVE-2015-0252.patch patch. + CVE-2015-0252: Apache Xerces-C XML parser crashes on malformed input. + (Closes: #780827) + + -- Salvatore Bonaccorso <car...@debian.org> Fri, 20 Mar 2015 19:40:31 +0100 + xerces-c (3.1.1-5) unstable; urgency=medium * Apply upstream patch for PATH_MAX to enable compilation on GNU hurd. diff -Nru xerces-c-3.1.1/debian/patches/CVE-2015-0252.patch xerces-c-3.1.1/debian/patches/CVE-2015-0252.patch --- xerces-c-3.1.1/debian/patches/CVE-2015-0252.patch 1970-01-01 01:00:00.000000000 +0100 +++ xerces-c-3.1.1/debian/patches/CVE-2015-0252.patch 2015-03-20 19:43:44.000000000 +0100 @@ -0,0 +1,66 @@ +Description: CVE-2015-0252: Apache Xerces-C XML Parser Crashes on Malformed Input + The Xerces-C XML parser mishandles certain kinds of malformed input + documents, resulting in a segmentation fault during a parse operation. +Origin: upstream, http://svn.apache.org/viewvc?view=revision&revision=1667870 +Bug-Debian: https://bugs.debian.org/780827 +Forwarded: not-needed +Author: Salvatore Bonaccorso <car...@debian.org> +Last-Update: 2015-03-12 +Applied-Upstream: 3.1.2 + +--- a/src/xercesc/internal/XMLReader.cpp ++++ b/src/xercesc/internal/XMLReader.cpp +@@ -1460,6 +1460,17 @@ void XMLReader::doInitDecode() + + while (fRawBufIndex < fRawBytesAvail) + { ++ // Security fix: make sure there are at least sizeof(UCS4Ch) bytes to consume. ++ if (fRawBufIndex + sizeof(UCS4Ch) > fRawBytesAvail) { ++ ThrowXMLwithMemMgr1 ++ ( ++ TranscodingException ++ , XMLExcepts::Reader_CouldNotDecodeFirstLine ++ , fSystemId ++ , fMemoryManager ++ ); ++ } ++ + // Get out the current 4 byte value and inc our raw buf index + UCS4Ch curVal = *asUCS++; + fRawBufIndex += sizeof(UCS4Ch); +@@ -1619,6 +1630,17 @@ void XMLReader::doInitDecode() + + while (fRawBufIndex < fRawBytesAvail) + { ++ // Security fix: make sure there are at least sizeof(UTF16Ch) bytes to consume. ++ if (fRawBufIndex + sizeof(UTF16Ch) > fRawBytesAvail) { ++ ThrowXMLwithMemMgr1 ++ ( ++ TranscodingException ++ , XMLExcepts::Reader_CouldNotDecodeFirstLine ++ , fSystemId ++ , fMemoryManager ++ ); ++ } ++ + // Get out the current 2 byte value + UTF16Ch curVal = *asUTF16++; + fRawBufIndex += sizeof(UTF16Ch); +@@ -1708,6 +1730,17 @@ void XMLReader::doInitDecode() + // + void XMLReader::refreshRawBuffer() + { ++ // Security fix: make sure we don't underflow on the subtraction. ++ if (fRawBufIndex > fRawBytesAvail) { ++ ThrowXMLwithMemMgr1 ++ ( ++ RuntimeException ++ , XMLExcepts::Str_StartIndexPastEnd ++ , fSystemId ++ , fMemoryManager ++ ); ++ } ++ + // + // If there are any bytes left, move them down to the start. There + // should only ever be (max bytes per char - 1) at the most. diff -Nru xerces-c-3.1.1/debian/patches/series xerces-c-3.1.1/debian/patches/series --- xerces-c-3.1.1/debian/patches/series 2014-01-08 21:48:52.000000000 +0100 +++ xerces-c-3.1.1/debian/patches/series 2015-03-20 19:43:44.000000000 +0100 @@ -1 +1,2 @@ hurd-path-max.patch +CVE-2015-0252.patch
