diff --git a/backport-CVE-2024-34459.patch b/backport-CVE-2024-34459.patch new file mode 100644 index 0000000000000000000000000000000000000000..d959e51cb29874fe02b740109de2745d8c34e34b --- /dev/null +++ b/backport-CVE-2024-34459.patch @@ -0,0 +1,26 @@ +From 2876ac5392a4e891b81e40e592c3ac6cb46016ce Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Tue, 14 May 2024 08:50:50 +0800 +Subject: [PATCH] [CVE-2024-34459] Fix buffer overread with `xmllint --htmlout` + +Add a missing bounds check. +--- + xmllint.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/xmllint.c b/xmllint.c +index 398670b..3f4bfb2 100644 +--- a/xmllint.c ++++ b/xmllint.c +@@ -559,7 +559,7 @@ xmlHTMLPrintFileContext(xmlParserInputPtr input) { + len = strlen(buffer); + snprintf(&buffer[len], sizeof(buffer) - len, "\n"); + cur = input->cur; +- while ((*cur == '\n') || (*cur == '\r')) ++ while ((cur > base) && ((*cur == '\n') || (*cur == '\r'))) + cur--; + n = 0; + while ((cur != base) && (n++ < 80)) { +-- +2.33.0 + diff --git a/libxml2.spec b/libxml2.spec index 295ab9982274d82c21a71d562a804fa992e8e480..1cdc431cc1688639954c0c3fc27b44befa0c313c 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -1,7 +1,7 @@ Summary: Library providing XML and HTML support Name: libxml2 Version: 2.11.5 -Release: 2 +Release: 3 License: MIT Group: Development/Libraries Source: https://download.gnome.org/sources/%{name}/2.11/%{name}-%{version}.tar.xz @@ -11,6 +11,7 @@ Patch1: backport-CVE-2023-45322.patch Patch2: backport-xpath-Remove-remaining-references-to-valueFrame.patch Patch3: backport-examples-Don-t-call-xmlCleanupParser-and-xmlMemoryDu.patch Patch4: backport-CVE-2024-25062.patch +Patch5: backport-CVE-2024-34459.patch BuildRoot: %{_tmppath}/%{name}-%{version}-root BuildRequires: python3-devel @@ -162,6 +163,12 @@ rm -fr %{buildroot} %changelog +* Tue May 14 2024 cenhuilin - 2.11.5-3 +- Type:CVE +- CVE:CVE-2024-34459 +- SUG:NA +- DESC:fix CVE-2024-34459 + * Mon Feb 05 2024 Paul Thomas - 2.11.5-2 - Type:CVE - CVE:CVE-2024-25062