Bug 833508 (CVE-2021-30560)

Summary:	<dev-libs/libxslt-1.1.35: use-after-free in xsltApplyTemplates
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	base-system, sam
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://bugs.chromium.org/p/chromium/issues/detail?id=1219209
Whiteboard:	A3 [glsa+]
Package list:		Runtime testing required:	---
Bug Depends on:	833586, 834457
Bug Blocks:

Description John Helmert III archtester

2022-02-17 02:27:22 UTC

"There's a bug in libxslt which can result in use-after-free in connection with the <xsl:strip-space> feature. Under certain circumstances, function xsltApplyTemplates can delete text nodes which are still referenced from variables, keys or possibly other data structures."

Fix in 1.1.35: https://gitlab.gnome.org/GNOME/libxslt/-/commit/50f9c9cd3b7dfe9b3c8c795247752d1fdcadcac8

Comment 1 Larry the Git Cow gentoo-dev

2022-02-17 22:52:44 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=49e51187a6e928f9ac156a757be6301b61141d5d

commit 49e51187a6e928f9ac156a757be6301b61141d5d
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-02-17 22:51:32 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-02-17 22:52:29 +0000

    dev-libs/libxslt: add 1.1.35
    
    Note that maintainership has officially changed and verify-sig is
    therefore dropped for now as upstream aren't offering PGP signatures
    for now: https://gitlab.gnome.org/GNOME/libxml2/-/issues/313#note_1387405.
    
    Closes: https://bugs.gentoo.org/833508
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/libxslt/Manifest              |  1 +
 dev-libs/libxslt/libxslt-1.1.35.ebuild | 63 ++++++++++++++++++++++++++++++++++
 2 files changed, 64 insertions(+)

Comment 2 Larry the Git Cow gentoo-dev

2022-02-18 03:54:17 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad676814872917af7dc098f47b0ebb8a106f5d30

commit ad676814872917af7dc098f47b0ebb8a106f5d30
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-02-18 03:53:29 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-02-18 03:53:29 +0000

    profiles: mask =dev-libs/libxslt-1.1.35
    
    Too strict parsing? Needs more investigation.
    
    Bug: https://bugs.gentoo.org/833586
    Bug: https://bugs.gentoo.org/833508
    Signed-off-by: Sam James <sam@gentoo.org>

 profiles/package.mask | 5 +++++
 1 file changed, 5 insertions(+)

Comment 3 Hans de Graaff gentoo-dev

2023-10-01 09:08:31 UTC

commit a3e404dae37843c593b242981ea4e5c17b26e656
Author: Sam James <sam@gentoo.org>
Date:   Sat Jan 1 09:34:54 2022 +0000

    dev-libs/libxslt: drop 1.1.34-r1

Comment 4 Larry the Git Cow gentoo-dev

2023-10-31 12:54:32 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=49515c936bcad95017ac696eb33dd49f6f28e9b5

commit 49515c936bcad95017ac696eb33dd49f6f28e9b5
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-10-31 12:53:57 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-10-31 12:54:25 +0000

    [ GLSA 202310-23 ] libxslt: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/820722
    Bug: https://bugs.gentoo.org/833508
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202310-23.xml | 43 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)