942969 – (CVE-2024-50602) <dev-libs/expat-2.6.4 - NULL pointer dereference through function XML_ResumeParser

Bug 942969 (CVE-2024-50602) - <dev-libs/expat-2.6.4 - NULL pointer dereference through function XML_ResumeParser

Summary: <dev-libs/expat-2.6.4 - NULL pointer dereference through function XML_ResumeP...

Status:	CONFIRMED

Alias:	CVE-2024-50602

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	https://nvd.nist.gov/vuln/detail/CVE-...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2024-11-07 02:03 UTC by Sebastian Pipping
Modified:	2024-11-07 02:05 UTC (History)
CC List:	0 users

See Also:	https://github.com/libexpat/libexpat/pull/915 https://github.com/libexpat/libexpat/pull/920
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian Pipping gentoo-dev

2024-11-07 02:03:02 UTC

Expat 2.6.4 ebuild with the fix coming up in a minute…

Comment 1 Larry the Git Cow gentoo-dev

2024-11-07 02:05:54 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7095ab195b38b062d3662884f64d7cb3d8c3bca3

commit 7095ab195b38b062d3662884f64d7cb3d8c3bca3
Author:     Sebastian Pipping <sping@gentoo.org>
AuthorDate: 2024-11-07 02:05:05 +0000
Commit:     Sebastian Pipping <sping@gentoo.org>
CommitDate: 2024-11-07 02:05:05 +0000

    dev-libs/expat: 2.6.4 with fix for CVE-2024-50602
    
    Bug: https://bugs.gentoo.org/942969
    Signed-off-by: Sebastian Pipping <sping@gentoo.org>

 dev-libs/expat/Manifest           |   1 +
 dev-libs/expat/expat-2.6.4.ebuild | 100 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 101 insertions(+)