Skip to content
Snippets Groups Projects
Commit b1ff376e authored by omni's avatar omni Committed by Kevin Daudt
Browse files

community/tinyxml: patch CVE-2023-34194

parent 06a961c9
No related branches found
No related tags found
1 merge request!72711community/tinyxml: patch CVE-2023-34194
Pipeline #261865 skipped
......@@ -3,7 +3,7 @@
pkgname=tinyxml
pkgver=2.6.2
_realver=${pkgver//./_}
pkgrel=3
pkgrel=4
pkgdesc="A simple, small, C++ XML parser"
url="https://sourceforge.net/projects/tinyxml/"
arch="all"
......@@ -13,10 +13,13 @@ source="https://downloads.sourceforge.net/tinyxml/tinyxml_$_realver.tar.gz
tinyxml-2.6.2-defineSTL.patch
tinyxml-2.6.1-entity.patch
CVE-2021-42260.patch
CVE-2023-34194.patch
"
builddir=$srcdir/$pkgname
# secfixes:
# 2.6.2-r4:
# - CVE-2023-34194
# 2.6.2-r2:
# - CVE-2021-42260
......@@ -51,4 +54,5 @@ sha512sums="
52cd82ef9e8f1783b3d6042551342a8c592c447e1da352d5d017db4211144bc0a908ddbfe2a4641b3108fb8e02dc47f385a851f920532d94178314255904a6ef tinyxml-2.6.2-defineSTL.patch
47d582456c2e2ac51a186a4bd58ede4895586ed373b654b120b34bedc7c2e52ed291a3576a37420ea94a238a265d8e2d38de024e770144e465590718da245af3 tinyxml-2.6.1-entity.patch
3b56148d7be8f5b1a2db00ccef2f16ebafc287edec7a766f3f8591b4ed3e213dfccd7755d2973a0a9a4e82283aaf47a55884f67cc376349639b570041de76203 CVE-2021-42260.patch
9d052467df67fa62063a31faf83a35080b92e48d5258112c1fd5d0609b89ad579fe08089b1c2c9986ce8a8d2d4d450872af0a76775507adc0dbc73b5101484fc CVE-2023-34194.patch
"
From: Guilhem Moulin <guilhem@debian.org>
Date: Sat, 30 Dec 2023 14:15:54 +0100
Subject: Avoid reachable assertion via crafted XML document with a '\0'
located after whitespace
Bug: https://www.forescout.com/resources/sierra21-vulnerabilities
Bug-Debian: https://bugs.debian.org/1059315
Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2023-34194
Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2023-40462
---
tinyxmlparser.cpp | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tinyxmlparser.cpp b/tinyxmlparser.cpp
index 8aa0dfa..1601962 100644
--- a/tinyxmlparser.cpp
+++ b/tinyxmlparser.cpp
@@ -1606,6 +1606,10 @@ const char* TiXmlDeclaration::Parse( const char* p, TiXmlParsingData* data, TiXm
}
p = SkipWhiteSpace( p, _encoding );
+ if ( !p || !*p )
+ {
+ break;
+ }
if ( StringEqual( p, "version", true, _encoding ) )
{
TiXmlAttribute attrib;
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment