Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 555642 (CVE-2015-1283) - <dev-libs/expat-2.1.0-r5: Heap-buffer-overflow (CVE-2015-1283)
Summary: <dev-libs/expat-2.1.0-r5: Heap-buffer-overflow (CVE-2015-1283)
Status: RESOLVED FIXED
Alias: CVE-2015-1283
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://googlechromereleases.blogspot....
Whiteboard: A2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-07-22 15:50 UTC by Agostino Sarubbo
Modified: 2017-01-11 12:13 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2015-07-22 15:50:02 UTC
A buffer overlow was found in the expat component of chromium:

From ${URL} :

[$TBD][492052] High CVE-2015-1283: Heap-buffer-overflow in expat. Credit to sidhpurwala.huzaifa.



@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Alexandre Rostovtsev (RETIRED) gentoo-dev 2015-07-26 02:33:23 UTC
Do you have the patch? There haven't been any commits to expat upstream since 2010 as far as I can tell, and I don't have permission to access the google bug at $URL...
Comment 2 Alexandre Rostovtsev (RETIRED) gentoo-dev 2015-07-26 02:47:45 UTC
@security, can you confirm, is this the patch in question: https://hg.mozilla.org/mozilla-central/rev/438d9e2a991a

(seems that mozilla guys noticed it first)
Comment 3 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2015-07-29 18:54:16 UTC
(In reply to Alexandre Rostovtsev from comment #2)
> @security, can you confirm, is this the patch in question:
> https://hg.mozilla.org/mozilla-central/rev/438d9e2a991a
> 
> (seems that mozilla guys noticed it first)

I have access to the Chromium bug in question and it's the same patch.

See https://codereview.chromium.org/1151263010 for the Chromium patch corresponding to the bug.
Comment 4 Alexandre Rostovtsev (RETIRED) gentoo-dev 2015-07-30 02:20:20 UTC
Thanks!

Fixed in expat-2.1.0-r5 - which is ready for stabilization.

+*expat-2.1.0-r5 (30 Jul 2015)
+
+  30 Jul 2015; Alexandre Rostovtsev <tetromino@gentoo.org>
+  -expat-2.1.0-r2.ebuild, -expat-2.1.0-r3.ebuild, expat-2.1.0-r4.ebuild,
+  +expat-2.1.0-r5.ebuild, +files/expat-2.1.0-mozilla-sanity-check-size.patch:
+  Fix buffer overflow (bug #555642, CVE-2015-1283, thanks to Agostino Sarubbo
+  and Paweł Hajdan, Jr.). Improve description. Clean out old ebuilds.
Comment 5 Kristian Fiskerstrand gentoo-dev Security 2015-07-30 07:49:05 UTC
(In reply to Alexandre Rostovtsev from comment #4)
> Thanks!
> 
> Fixed in expat-2.1.0-r5 - which is ready for stabilization.
> 

Thanks for the bump. Arches, please stabilize:
=dev-libs/expat-2.1.0-r5
Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Comment 6 Agostino Sarubbo gentoo-dev 2015-07-30 09:57:05 UTC
amd64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2015-07-30 09:58:54 UTC
x86 stable
Comment 8 Tobias Klausmann gentoo-dev 2015-07-30 11:32:42 UTC
Stable on alpha.
Comment 9 Agostino Sarubbo gentoo-dev 2015-07-30 15:19:26 UTC
sparc stable
Comment 10 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-07-30 18:47:16 UTC
ia64 stable
Comment 11 Jeroen Roovers gentoo-dev 2015-08-05 05:49:16 UTC
Stable for HPPA PPC64.
Comment 12 Markus Meier gentoo-dev 2015-08-06 04:55:05 UTC
arm stable
Comment 13 Agostino Sarubbo gentoo-dev 2015-08-26 07:30:01 UTC
ppc stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 14 Manuel Rüger gentoo-dev 2015-08-26 08:42:56 UTC
Removed vulnerable versions.
Comment 15 Yury German Gentoo Infrastructure gentoo-dev Security 2015-12-31 03:24:16 UTC
Arches and Maintainer(s), Thank you for your work.

New GLSA Request filed.
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2017-01-11 12:13:48 UTC
This issue was resolved and addressed in
 GLSA 201701-21 at https://security.gentoo.org/glsa/201701-21
by GLSA coordinator Aaron Bauman (b-man).