Summary: | <dev-libs/expat-2.5.0: use-after free caused by overeager destruction of a shared DTD in out-of-memory situations | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sebastian Pipping <sping> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | freedesktop-bugs, mgorny, sping |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/libexpat/libexpat/issues/649 | ||
Whiteboard: | B3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 878275 | ||
Bug Blocks: |
Description
Sebastian Pipping
2022-10-25 16:23:12 UTC
Thanks for reporting! cleanup don Thanks! GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=5f7a724017a6df6362f93b1d9b5115f952fc93d8 commit 5f7a724017a6df6362f93b1d9b5115f952fc93d8 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-31 20:22:43 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-31 20:25:50 +0000 [ GLSA 202210-38 ] Expat: Denial of Service Bug: https://bugs.gentoo.org/878271 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-38.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) GLSA released, all done! |