Univention Bugzilla – Bug 52328
raptor2: Multiple issues (4.4)
Last modified: 2020-11-11 17:03:51 CET
New Debian raptor2 2.0.14-1+deb9u1 fixes: This update addresses the following issue: * raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml). (CVE-2017-18926)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/raptor2_2.0.14-1.dsc +++ apt/ucs_4.4-0-errata4.4-6/source/raptor2_2.0.14-1+deb9u1.dsc @@ -1,3 +1,8 @@ +2.0.14-1+deb9u1 [Sat, 07 Nov 2020 12:52:26 +0000] Chris Lamb <lamby@debian.org>: + + * CVE-2017-18926: Prevent two heap overflow vulnerabilities in the XML + writer. (Closes: #973889) + 2.0.14-1 [Mon, 05 May 2014 11:15:00 -0700] Dave Beckett <dajobe@debian.org>: * New upstream release <http://10.200.17.11/4.4-6/#8653917181829500533>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-6] 7a48658b6e Bug #52328: yaml doc/errata/staging/raptor2.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x802>