Bug 250971 - textproc/raptor2 heap overflow
Summary: textproc/raptor2 heap overflow
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-kde (group)
URL: https://www.openwall.com/lists/oss-se...
Keywords: patch, security
Depends on:
Blocks:
 
Reported: 2020-11-09 01:39 UTC by Don Lewis
Modified: 2020-11-09 16:49 UTC (History)
2 users (show)

See Also:
tcberner: maintainer-feedback+

Attachments
patch to fix CVE-2017-18926 (2.70 KB, patch)
2020-11-09 01:53 UTC, Don Lewis 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Don Lewis freebsd_committer freebsd_triage 2020-11-09 01:39:55 UTC 
According to https://www.openwall.com/lists/oss-security/2017/06/07/1 there are two heap overflows in raptor 2.0.15.

A CVE has been assigned:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926

The upstream raptor github repo has a patch:
  https://github.com/dajobe/raptor/commit/590681e546cd9aa18d57dc2ea1858cb734a3863f.patch
Comment 1 Don Lewis freebsd_committer freebsd_triage 2020-11-09 01:53:14 UTC 
Created attachment 219478 [details]
patch to fix CVE-2017-18926
Comment 2 commit-hook freebsd_committer freebsd_triage 2020-11-09 05:28:48 UTC 
A commit references this bug:

Author: tcberner
Date: Mon Nov  9 05:28:06 UTC 2020
New revision: 554670
URL: https://svnweb.freebsd.org/changeset/ports/554670

Log:
  Document vulnerability in textproc/raptor2

  From [1], [2], [3]:
  raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF
  Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML
  writer, leading to heap-based buffer overflows (sometimes seen in
  raptor_qname_format_as_xml).

  [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926
  [2] https://www.debian.org/security/2020/dsa-4785
  [3] https://www.openwall.com/lists/oss-security/2017/06/07/1

  PR:		250971
  Security:	CVE-2017-18926

Changes:
  head/security/vuxml/vuln.xml
Comment 3 commit-hook freebsd_committer freebsd_triage 2020-11-09 05:30:50 UTC 
A commit references this bug:

Author: tcberner
Date: Mon Nov  9 05:30:11 UTC 2020
New revision: 554671
URL: https://svnweb.freebsd.org/changeset/ports/554671

Log:
  textproc/raptor2 heap overflow

  According to https://www.openwall.com/lists/oss-security/2017/06/07/1 there are
  two heap overflows in raptor 2.0.15.

  A CVE has been assigned:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926

  The upstream raptor github repo has a patch:
    https://github.com/dajobe/raptor/commit/590681e546cd9aa18d57dc2ea1858cb734a3863f.patch

  PR:		250971
  Submitted by:	truckman
  MFH:		2020Q4
  Security:	CVE-2017-18926

Changes:
  head/textproc/raptor2/Makefile
  head/textproc/raptor2/files/
  head/textproc/raptor2/files/patch-CVE-2017-18926
Comment 4 commit-hook freebsd_committer freebsd_triage 2020-11-09 16:48:28 UTC 
A commit references this bug:

Author: tcberner
Date: Mon Nov  9 16:47:47 UTC 2020
New revision: 554732
URL: https://svnweb.freebsd.org/changeset/ports/554732

Log:
  MFH: r554671

  textproc/raptor2 heap overflow

  According to https://www.openwall.com/lists/oss-security/2017/06/07/1 there are
  two heap overflows in raptor 2.0.15.

  A CVE has been assigned:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926

  The upstream raptor github repo has a patch:
    https://github.com/dajobe/raptor/commit/590681e546cd9aa18d57dc2ea1858cb734a3863f.patch

  PR:		250971
  Submitted by:	truckman
  Security:	CVE-2017-18926

  Approved by:	ports-secteam (riggs)

Changes:
_U  branches/2020Q4/
  branches/2020Q4/textproc/raptor2/Makefile
  branches/2020Q4/textproc/raptor2/files/
Comment 5 Tobias C. Berner freebsd_committer freebsd_triage 2020-11-09 16:49:56 UTC 
Committed, thanks for the patch.

mfg Tobias