Ubuntu
libxml2 package

libxml2 security update regression

Bug #1201849 reported by Marc Deslauriers
274
This bug affects 5 people
Affects Status Importance Assigned to Milestone
libxml2 (Ubuntu)
Invalid
Undecided
Marc Deslauriers
Lucid
Fix Released
Undecided
Marc Deslauriers
Precise
Fix Released
Undecided
Marc Deslauriers
Quantal
Fix Released
Undecided
Marc Deslauriers
Raring
Fix Released
Undecided
Marc Deslauriers

Bug Description

USN-1904-1 seems to have introduced a regression.

See https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1194410/comments/5

Steps to reproduce:

>>> from io import BytesIO
>>> from lxml import etree
>>> xml='''<root>
... <child name='one' />
... <child name='two' />
... </root>
... '''
>>> document = etree.iterparse(BytesIO(xml), events=('end',), tag='root')
>>> for action, elem in document:
... print("%s: %s" % (action, elem.tag))
...
end: root
>>> file('/tmp/test.xml', 'w').write(xml)
>>> document = etree.iterparse('/tmp/test.xml', events=('end',), tag='root')
>>> for action, elem in document:
... print("%s: %s" % (action, elem.tag))
...
end: root
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "iterparse.pxi", line 478, in lxml.etree.iterparse.__next__ (src/lxml/lxml.etree.c:98432)
  File "iterparse.pxi", line 530, in lxml.etree.iterparse._read_more_events (src/lxml/lxml.etree.c:98953)
  File "parser.pxi", line 601, in lxml.etree._raiseParseError (src/lxml/lxml.etree.c:74863)
lxml.etree.XMLSyntaxError: None

Can reproduce on Precise and Quantal

Marc Deslauriers (mdeslaur)
Changed in libxml2 (Ubuntu):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in libxml2 (Ubuntu Lucid):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in libxml2 (Ubuntu Quantal):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in libxml2 (Ubuntu Raring):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in libxml2 (Ubuntu Precise):
assignee: nobody → Marc Deslauriers (mdeslaur)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libxml2 - 2.7.6.dfsg-1ubuntu1.10

---------------
libxml2 (2.7.6.dfsg-1ubuntu1.10) lucid-security; urgency=low

  * SECURITY REGRESSION: regression with lxml (LP: #1201849)
    - parser.c: revised to fix regression, and a couple of wrong return
      values.
    - CVE-2013-2877
 -- Marc Deslauriers <email address hidden> Tue, 16 Jul 2013 14:08:20 -0400

Changed in libxml2 (Ubuntu Lucid):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libxml2 - 2.8.0+dfsg1-5ubuntu2.4

---------------
libxml2 (2.8.0+dfsg1-5ubuntu2.4) quantal-security; urgency=low

  * SECURITY REGRESSION: regression with lxml (LP: #1201849)
    - debian/patches/CVE-2013-2877.patch: revised to fix regression, and a
      couple of wrong return values.
    - CVE-2013-2877
 -- Marc Deslauriers <email address hidden> Tue, 16 Jul 2013 13:53:52 -0400

Changed in libxml2 (Ubuntu Quantal):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libxml2 - 2.7.8.dfsg-5.1ubuntu4.6

---------------
libxml2 (2.7.8.dfsg-5.1ubuntu4.6) precise-security; urgency=low

  * SECURITY REGRESSION: regression with lxml (LP: #1201849)
    - parser.c: revised to fix regression, and a couple of wrong return
      values.
    - CVE-2013-2877
 -- Marc Deslauriers <email address hidden> Tue, 16 Jul 2013 14:05:24 -0400

Changed in libxml2 (Ubuntu Precise):
status: New → Fix Released
Marc Deslauriers (mdeslaur)
Changed in libxml2 (Ubuntu Raring):
status: New → Fix Released
Changed in libxml2 (Ubuntu):
status: New → Invalid
Revision history for this message
Daniel Dehennin (launchpad-baby-gnu) wrote :

Tested on lucid => OK
Tested on precise => OK

Thanks.

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.