Bug 878271 (CVE-2022-43680)

Summary:	<dev-libs/expat-2.5.0: use-after free caused by overeager destruction of a shared DTD in out-of-memory situations
Product:	Gentoo Security	Reporter:	Sebastian Pipping <sping>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	freedesktop-bugs, mgorny, sping
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://github.com/libexpat/libexpat/issues/649
Whiteboard:	B3 [glsa+]
Package list:		Runtime testing required:	---
Bug Depends on:	878275
Bug Blocks:

Description Sebastian Pipping gentoo-dev

2022-10-25 16:23:12 UTC

Comment 1 John Helmert III archtester

2022-10-25 16:26:42 UTC

Thanks for reporting!

Comment 2 Michał Górny archtester

2022-10-28 08:17:35 UTC

cleanup don

Comment 3 John Helmert III archtester

2022-10-30 03:26:25 UTC

Thanks!

Comment 4 John Helmert III archtester

2022-10-31 15:21:55 UTC

GLSA request filed

Comment 5 Larry the Git Cow gentoo-dev

2022-10-31 20:26:18 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=5f7a724017a6df6362f93b1d9b5115f952fc93d8

commit 5f7a724017a6df6362f93b1d9b5115f952fc93d8
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-10-31 20:22:43 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-10-31 20:25:50 +0000

    [ GLSA 202210-38 ] Expat: Denial of Service
    
    Bug: https://bugs.gentoo.org/878271
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202210-38.xml | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

Comment 6 John Helmert III archtester

2022-10-31 20:27:27 UTC

GLSA released, all done!