[go: up one dir, main page]
Menu

#537 CVE-2016-0718

Feature Request
closed-fixed
nobody
Vulnerability (1)
1
2016-05-28
2016-05-27
David Dillard
No

CVE-2016-0718: Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

Patch used for Debian can be found here.

Discussion

  • Sebastian Pipping

    Sebastian Pipping - 2016-05-27
    • status: open --> closed-fixed
     

  • Sebastian Pipping

    Sebastian Pipping - 2016-05-27

    Hello David!
    We made those very patches and they are in Git by now, as well. Please re-open if this is a misunderstanding.

     

  • David Dillard

    David Dillard - 2016-05-28

    My apologies, I looked for an issue logged for this by CVE ID, didn't realize it was already fixed.

    Is there an expected release date for an update with the fix in it? I've been looking through the updates trying to figure out exactly which one(s) were used to fix the issue and I'm having trouble figuring it out. It seems multiple checkins were done. I also see some other interesting changes that seem worthy of pushing out in a release.

    Thanks

     

  • Sebastian Pipping

    Sebastian Pipping - 2016-05-28

    For a next release maybe two weeks or so. I see worth in a new release, too.

    On the related commits, it's a squash of these eight trivially rebased against tag R_2_1_1:

    # git --no-pager log be4b1c06daba1849b8ff5e00bae5caf47f6c39fd^2 --oneline -8
a1bc009 Do not compare an out-of-bounds pointer. [..]
5c9cc0e Avoid undefined behavior when computing larger blockSize. [..]
e375ac8 Complete XmlConvert return value handling
9ff1d64 Do not grow pool to out-of-memory for incomplete input
a9b80b4 Make converters tell state on termination (v3)
e18829b Prevent out-of-bounds access in text conversion
2cac066 Fix two integer overflows
bb1fd81 Fix overflow (v2)
     

Log in to post a comment.