CVE-2020-25713
(cherry picked from commit 63aec47d0b263cf3507458e0e5361787b56fdf15)
This commit is contained in:
emancipator
openeuler-sync-bot
parent
ff6951fe7b
commit
7d37934321
33
CVE-2020-25713.patch
Normal file
33
CVE-2020-25713.patch
Normal file
@ -0,0 +1,33 @@
|
||||
From a549457461874157c8c8e8e8a6e0eec06da4fbd0 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
|
||||
Date: Tue, 24 Nov 2020 10:30:20 +0000
|
||||
Subject: [PATCH] CVE-2020-25713 raptor2: malformed input file can lead to a
|
||||
segfault
|
||||
|
||||
due to an out of bounds array access in
|
||||
raptor_xml_writer_start_element_common
|
||||
|
||||
See:
|
||||
https://bugs.mageia.org/show_bug.cgi?id=27605
|
||||
https://www.openwall.com/lists/oss-security/2020/11/13/1
|
||||
https://gerrit.libreoffice.org/c/core/+/106249
|
||||
---
|
||||
src/raptor_xml_writer.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
|
||||
index 56993dc3..4426d38c 100644
|
||||
--- a/src/raptor_xml_writer.c
|
||||
+++ b/src/raptor_xml_writer.c
|
||||
@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
|
||||
|
||||
/* check it wasn't an earlier declaration too */
|
||||
for(j = 0; j < nspace_declarations_count; j++)
|
||||
- if(nspace_declarations[j].nspace == element->attributes[j]->nspace) {
|
||||
+ if(nspace_declarations[j].nspace == element->attributes[i]->nspace) {
|
||||
declare_me = 0;
|
||||
break;
|
||||
}
|
||||
--
|
||||
2.28.0
|
||||
|
||||
@ -1,10 +1,11 @@
|
||||
Name: raptor2
|
||||
Version: 2.0.15
|
||||
Release: 17
|
||||
Release: 18
|
||||
Summary: Raptor RDF parsing and serializing utility
|
||||
License: GPLv2+ or LGPLv2+ or ASL 2.0
|
||||
URL: http://librdf.org/raptor/
|
||||
Source: http://download.librdf.org/source/raptor2-%{version}.tar.gz
|
||||
Patch0: CVE-2020-25713.patch
|
||||
BuildRequires: gcc-c++ curl-devel gtk-doc libicu-devel pkgconfig(libxslt) yajl-devel
|
||||
Conflicts: raptor < 1.4.21-10
|
||||
|
||||
@ -67,5 +68,8 @@ make check
|
||||
%{_mandir}/man3/libraptor2*
|
||||
|
||||
%changelog
|
||||
* Wed Jul 20 2022 liangqifeng <liangqifeng@ncti-gba.com> - 2.0.15-18
|
||||
- Fix CVE-2020-25713
|
||||
|
||||
* Fri Dec 20 2019 shijian <shijian16@huawei.com> - 2.0.15-17
|
||||
- Package init
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user