Bug#1061472: bullseye-pu: package tinyxml/2.6.2-4+deb11u2

To: 1061472@bugs.debian.org
Subject: Bug#1061472: bullseye-pu: package tinyxml/2.6.2-4+deb11u2
From: Guilhem Moulin <guilhem@debian.org>
Date: Tue, 30 Jan 2024 14:47:34 +0100
Message-id: <[🔎] Zbj99sBA34W8rFn5@debian.org>
Reply-to: Guilhem Moulin <guilhem@debian.org>, 1061472@bugs.debian.org
In-reply-to: <[🔎] ZbHZDGVANduiCwyM@debian.org>
References: <[🔎] ZbHZDGVANduiCwyM@debian.org> <[🔎] ZbHZDGVANduiCwyM@debian.org>

On Thu, 25 Jan 2024 at 04:44:12 +0100, Guilhem Moulin wrote:
> [ Changes ]
>
> Fix CVE-2023-34194: Reachable assertion (and application exit) via a
> crafted XML document with a '\0' located after whitespace.

Per https://bugs.debian.org/1061473#12 I guess you'd like CVE-2023-40462
to be removed from d/changelog for bullseye-pu as well.  New debdiff
attached.

-- 
Guilhem.

diffstat for tinyxml-2.6.2 tinyxml-2.6.2

 changelog                    |    9 +++++++++
 patches/CVE-2023-34194.patch |   27 +++++++++++++++++++++++++++
 patches/series               |    1 +
 3 files changed, 37 insertions(+)

diff -Nru tinyxml-2.6.2/debian/changelog tinyxml-2.6.2/debian/changelog
--- tinyxml-2.6.2/debian/changelog	2022-10-20 16:32:51.000000000 +0200
+++ tinyxml-2.6.2/debian/changelog	2024-01-25 04:12:05.000000000 +0100
@@ -1,3 +1,12 @@
+tinyxml (2.6.2-4+deb11u2) bullseye; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix CVE-2023-34194: Reachable assertion (and application exit) via a
+    crafted XML document with a '\0' located after whitespace.
+    (Closes: #1059315)
+
+ -- Guilhem Moulin <guilhem@debian.org>  Thu, 25 Jan 2024 04:12:05 +0100
+
 tinyxml (2.6.2-4+deb11u1) bullseye; urgency=medium
 
   * Import fix for CVE-2021-42260.
diff -Nru tinyxml-2.6.2/debian/patches/CVE-2023-34194.patch tinyxml-2.6.2/debian/patches/CVE-2023-34194.patch
--- tinyxml-2.6.2/debian/patches/CVE-2023-34194.patch	1970-01-01 01:00:00.000000000 +0100
+++ tinyxml-2.6.2/debian/patches/CVE-2023-34194.patch	2024-01-25 04:12:05.000000000 +0100
@@ -0,0 +1,27 @@
+From: Guilhem Moulin <guilhem@debian.org>
+Date: Sat, 30 Dec 2023 14:15:54 +0100
+Subject: Avoid reachable assertion via crafted XML document with a '\0'
+ located after whitespace
+
+Bug: https://www.forescout.com/resources/sierra21-vulnerabilities
+Bug-Debian: https://bugs.debian.org/1059315
+Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2023-34194
+---
+ tinyxmlparser.cpp | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/tinyxmlparser.cpp b/tinyxmlparser.cpp
+index 8aa0dfa..1601962 100644
+--- a/tinyxmlparser.cpp
++++ b/tinyxmlparser.cpp
+@@ -1606,6 +1606,10 @@ const char* TiXmlDeclaration::Parse( const char* p, TiXmlParsingData* data, TiXm
+ 		}
+ 
+ 		p = SkipWhiteSpace( p, _encoding );
++		if ( !p || !*p )
++		{
++			break;
++		}
+ 		if ( StringEqual( p, "version", true, _encoding ) )
+ 		{
+ 			TiXmlAttribute attrib;
diff -Nru tinyxml-2.6.2/debian/patches/series tinyxml-2.6.2/debian/patches/series
--- tinyxml-2.6.2/debian/patches/series	2022-10-20 16:32:49.000000000 +0200
+++ tinyxml-2.6.2/debian/patches/series	2024-01-25 04:12:05.000000000 +0100
@@ -1,3 +1,4 @@
 enforce-use-stl.patch
 entity-encoding.patch
 CVE-2021-42260.patch
+CVE-2023-34194.patch

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Bug#1061472: bullseye-pu: package tinyxml/2.6.2-4+deb11u2
  - From: Guilhem Moulin <guilhem@debian.org>

Prev by Date: Bug#1058615: bookworm-pu: package node-yarnpkg/1.22.19+~cs24.27.18-2+deb12u1
Next by Date: Processed: bullseye-pu: package debian-security-support/1:11+2024.01.30
Previous by thread: Processed: bullseye-pu: package tinyxml/2.6.2-4+deb11u2
Next by thread: Bug#1061473: bookworm-pu: package tinyxml/2.6.2-6+deb12u1
Index(es):
- Date
- Thread