Bug 250971

Summary:

textproc/raptor2 heap overflow

Product:

Ports & Packages

Reporter:

Don Lewis <truckman>

Component:

Individual Port(s)

Assignee:

freebsd-kde (group) <kde>

Status:

Closed FIXED

Severity:

Affects Many People

CC:

tcberner, truckman

Priority:

---

Keywords:

patch, security

Version:

Latest

Flags:

tcberner: maintainer-feedback+

Hardware:

Any

OS:

Any

URL:

https://www.openwall.com/lists/oss-security/2017/06/07/1

Attachments:

Description	Flags
patch to fix CVE-2017-18926	none

Description Don Lewis freebsd_committer

2020-11-09 01:39:55 UTC

According to https://www.openwall.com/lists/oss-security/2017/06/07/1 there are two heap overflows in raptor 2.0.15.

A CVE has been assigned:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926

The upstream raptor github repo has a patch:
  https://github.com/dajobe/raptor/commit/590681e546cd9aa18d57dc2ea1858cb734a3863f.patch

Comment 1 Don Lewis freebsd_committer

2020-11-09 01:53:14 UTC

Created attachment 219478 [details]
patch to fix CVE-2017-18926

Comment 2 commit-hook freebsd_committer

2020-11-09 05:28:48 UTC

A commit references this bug:

Author: tcberner
Date: Mon Nov  9 05:28:06 UTC 2020
New revision: 554670
URL: https://svnweb.freebsd.org/changeset/ports/554670

Log:
  Document vulnerability in textproc/raptor2

  From [1], [2], [3]:
  raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF
  Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML
  writer, leading to heap-based buffer overflows (sometimes seen in
  raptor_qname_format_as_xml).

  [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926
  [2] https://www.debian.org/security/2020/dsa-4785
  [3] https://www.openwall.com/lists/oss-security/2017/06/07/1

  PR:		250971
  Security:	CVE-2017-18926

Changes:
  head/security/vuxml/vuln.xml

Comment 3 commit-hook freebsd_committer

2020-11-09 05:30:50 UTC

A commit references this bug:

Author: tcberner
Date: Mon Nov  9 05:30:11 UTC 2020
New revision: 554671
URL: https://svnweb.freebsd.org/changeset/ports/554671

Log:
  textproc/raptor2 heap overflow

  According to https://www.openwall.com/lists/oss-security/2017/06/07/1 there are
  two heap overflows in raptor 2.0.15.

  A CVE has been assigned:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926

  The upstream raptor github repo has a patch:
    https://github.com/dajobe/raptor/commit/590681e546cd9aa18d57dc2ea1858cb734a3863f.patch

  PR:		250971
  Submitted by:	truckman
  MFH:		2020Q4
  Security:	CVE-2017-18926

Changes:
  head/textproc/raptor2/Makefile
  head/textproc/raptor2/files/
  head/textproc/raptor2/files/patch-CVE-2017-18926

Comment 4 commit-hook freebsd_committer

2020-11-09 16:48:28 UTC

A commit references this bug:

Author: tcberner
Date: Mon Nov  9 16:47:47 UTC 2020
New revision: 554732
URL: https://svnweb.freebsd.org/changeset/ports/554732

Log:
  MFH: r554671

  textproc/raptor2 heap overflow

  According to https://www.openwall.com/lists/oss-security/2017/06/07/1 there are
  two heap overflows in raptor 2.0.15.

  A CVE has been assigned:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926

  The upstream raptor github repo has a patch:
    https://github.com/dajobe/raptor/commit/590681e546cd9aa18d57dc2ea1858cb734a3863f.patch

  PR:		250971
  Submitted by:	truckman
  Security:	CVE-2017-18926

  Approved by:	ports-secteam (riggs)

Changes:
_U  branches/2020Q4/
  branches/2020Q4/textproc/raptor2/Makefile
  branches/2020Q4/textproc/raptor2/files/

Comment 5 Tobias C. Berner freebsd_committer

2020-11-09 16:49:56 UTC

Committed, thanks for the patch.

mfg Tobias