1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1094238: libxml2: CVE-2022-49043

    From Salvatore Bonaccorso@21:1/5 to All on Sun Jan 26 13:20:01 2025
    Source: libxml2
    Version: 2.12.7+dfsg+really2.9.14-0.2
    Severity: grave
    Tags: security upstream
    Justification: user security hole
    X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
    Control: found -1 2.9.14+dfsg-1.3~deb12u1
    Control: found -1 2.9.14+dfsg-1.3

    Hi,

    The following vulnerability was published for libxml2.

    CVE-2022-49043[0]:
    | xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-
    | after-free.


    If you fix the vulnerability please also make sure to include the
    CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

    For further information see:

    [0] https://security-tracker.debian.org/tracker/CVE-2022-49043
    https://www.cve.org/CVERecord?id=CVE-2022-49043
    [1] https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b

    Please adjust the affected versions in the BTS as needed.

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Sun Jan 26 13:20:01 2025
    Processing control commands:

    found -1 2.9.14+dfsg-1.3~deb12u1
    Bug #1094238 [src:libxml2] libxml2: CVE-2022-49043
    Marked as found in versions libxml2/2.9.14+dfsg-1.3~deb12u1.
    found -1 2.9.14+dfsg-1.3
    Bug #1094238 [src:libxml2] libxml2: CVE-2022-49043
    Marked as found in versions libxml2/2.9.14+dfsg-1.3.

    --
    1094238: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094238
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Mon Feb 24 20:20:01 2025
    Processing control commands:

    fixed -1 2.9.10+dfsg-6.7+deb11u6
    Bug #1094238 [src:libxml2] libxml2: CVE-2022-49043
    The source 'libxml2' and version '2.9.10+dfsg-6.7+deb11u6' do not appear to match any binary packages
    Marked as fixed in versions libxml2/2.9.10+dfsg-6.7+deb11u6.

    --
    1094238: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094238
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Thu Mar 27 12:40:01 2025
    This is a multi-part message in MIME format...

    Your message dated Thu, 27 Mar 2025 11:34:43 +0000
    with message-id <E1txlVT-00CgdW-AK@fasolo.debian.org>
    and subject line Bug#1094238: fixed in libxml2 2.12.7+dfsg+really2.9.14-0.4
    has caused the Debian Bug report #1094238,
    regarding libxml2: CVE-2022-49043
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org
    immediately.)


    --
    1094238: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094238
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    Received: (at submit) by bugs.debian.org; 26 Jan 2025 12:08:48 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
    (2021-04-09) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-9.6 required=4.0 tests=BAYES_00,FROMDEVELOPER,
    KHOP_HELO_FCRDNS,MD5_SHA1_SUM,RDNS_DYNAMIC,SPF_HELO_NONE,SPF_NONE,
    T_SCC_BODY_TEXT_LINE,XMAILER_REPORTBUG autolearn=ham
    autolearn_force=no version=3.4.6-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 22; hammy, 138; neutral, 35; spammy,
    1. spammytokens:0.944-+--H*r:bugs.debian.org
    hammytokens:0.000-+--H*F:U*carnil, 0.000-+--XDebbugsCc,
    0.000-+--X-Debbugs-Cc, 0.000-+--H*M:reportbug, 0.000-+--H*MI:reportbug Return-path: <carnil@debian.org>
    Received: from c-82-192-244-13.customer.ggaweb.ch ([82.192.244.13]:39648 helo=eldamar.lan)
    by buxtehude.debian.org with esmtp (Ex