[ubuntu/oracular-security] libxmltok 1.2-4.1ubuntu3.1 (Accepted)
Bruce Cable
bruce.cable at canonical.com
Mon Jan 13 00:02:19 UTC 2025
libxmltok (1.2-4.1ubuntu3.1) oracular-security; urgency=medium
* SECURITY UPDATE: integer overflow
- xmlparse/xmlparse.c: add integer overflow checks and signed
arthimetic
- CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825,
- CVE-2022-22826, CVE-2022-22827, CVE-2015-1283, CVE-2016-4472
* SECURITY UPDATE: buffer overflow and integer overflow
- xmlparse/xmlparse.c: assign a result for XmlConvert calls and verify
if it matches with the expected XML_Convert_Result enum values.
Add an integer overflow check and proper signed arithmetic
overflow for blockSize in poolGrow().
- xmltok/xmltok.c: add XML_Convert_Result return value for utf8_toUtf8,
utf8_toUtf16, latin1_toUtf8, latin1_toUtf16, ascii_toUtf8, toUtf8,
toUtf16, unknown_toUtf8 and unknown_toUtf16 methods.
- xmltok/xmltok.h: add XML_Convert_Result enum values and return values
for the above methods definitions.
- xmltok/xmltok_impl.c: change if statement for ptr pointer when
comparing to end pointer.
- CVE-2016-0718
* SECURITY UPDATE: denial of service
- xmlparse/xmlparse.c: add a break statement in setElementTypePrefix().
- CVE-2018-20843
* SECURITY UPDATE: Heap-based buffer over-read
- xmlparse/xmlparse.c: add a new parameter, allowClosingDoctype,
to doProlog() and when in case XML_ROLE_DOCTYPE_CLOSE, verify if
this parameter is not true and return an error. When invoking
doProlog from prologProcessor(), passes allowClosingDoctype as true,
and when invoking from processInternalParamEntity() passes
allowClosingDoctype as false.
- CVE-2019-15903
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2021-46143.patch: add an integer overflow check
for groupSize variable at doProlog() in xmlparse/xmlparse.c.
- CVE-2021-46143
Date: 2025-01-06 06:47:11.068066+00:00
Changed-By: Bruce Cable <bruce.cable at canonical.com>
https://launchpad.net/ubuntu/+source/libxmltok/1.2-4.1ubuntu3.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the oracular-changes
mailing list