FreeBSD Mail Archives

Date:      Sat, 31 May 2025 19:31:23 +0200
From:      =?UTF-8?Q?Fernando_Apestegu=C3=ADa?= <fernando.apesteguia@gmail.com>
To:        Daniel Engberg <diizzy@freebsd.org>
Cc:        ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org,  dev-commits-ports-main@freebsd.org
Subject:   Re: git: 9a596e5a5345 - main - security/vuxml: Document libxml2 vulnerabilities
Message-ID:  <CAGwOe2Z6VSDmT7VWwyGFK4ngTayUGosL1pztCbQjpiB8sY-cgg@mail.gmail.com>
In-Reply-To: <202505311718.54VHISqo031288@gitrepo.freebsd.org>

index | next in thread | previous in thread | raw e-mail


[-- Attachment #1 --]
On Sat, May 31, 2025 at 7:18 PM Daniel Engberg <diizzy@freebsd.org> wrote:

> The branch main has been updated by diizzy:
>
> URL:
> https://cgit.FreeBSD.org/ports/commit/?id=9a596e5a5345db82dcf952243faa5e9d80d2ef1b
>
> commit 9a596e5a5345db82dcf952243faa5e9d80d2ef1b
> Author:     Daniel Engberg <diizzy@FreeBSD.org>
> AuthorDate: 2025-05-31 17:17:46 +0000
> Commit:     Daniel Engberg <diizzy@FreeBSD.org>
> CommitDate: 2025-05-31 17:17:49 +0000
>
>     security/vuxml: Document libxml2 vulnerabilities
>
>     Document CVE-2024-56171, CVE-2025-24928 and CVE-2025-32414
> ---
>  security/vuxml/vuln/2025.xml | 89
> ++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 89 insertions(+)
>
> diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
> index 4681d7869854..1cd062837b12 100644
> --- a/security/vuxml/vuln/2025.xml
> +++ b/security/vuxml/vuln/2025.xml
> @@ -1,3 +1,92 @@
> +  <vuln vid="2926c487-3e53-11f0-95d4-00a098b42aeb">
> +    <topic>libxml2 -- Out-of-bounds memory access</topic>
> +    <affects>
> +      <package>
> +       <name>xmlsoft</name>
>

^^^^^^^^^^^^^^^^^^^

What port is xmlsoft? Shouldn't this be libxml2?


> +       <range><lt>2.14.2</lt></range>
> +      </package>
> +    </affects>
> +    <description>
> +       <body xmlns="http://www.w3.org/1999/xhtml">;
> +       <p>cve@mitre.org reports:</p>
> +       <blockquote cite="
> https://gitlab.gnome.org/GNOME/libxml2/-/issues/889">;
> +         <p>In libxml2 before 2.13.8 and 2.14.x before 2.14.2,
> out-of-bounds
> +       memory access can occur in the Python API (Python bindings) because
> +       of an incorrect return value.  This occurs in xmlPythonFileRead and
> +       xmlPythonFileReadRaw because of a difference between bytes and
> +       characters.</p>
> +       </blockquote>
> +       </body>
> +    </description>
> +    <references>
> +      <cvename>CVE-2025-32414</cvename>
> +      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-32414</url>;
> +    </references>
> +    <dates>
> +      <discovery>2025-04-08</discovery>
> +      <entry>2025-05-31</entry>
> +    </dates>
> +  </vuln>
> +
> +  <vuln vid="fdd02be0-3e50-11f0-95d4-00a098b42aeb">
> +    <topic>libxml2 -- Stack-based Buffer Overflow</topic>
> +    <affects>
> +      <package>
> +       <name>libxml2</name>
> +       <range><lt>2.13.6</lt></range>
> +      </package>
> +    </affects>
> +    <description>
> +       <body xmlns="http://www.w3.org/1999/xhtml">;
> +       <p>cve@mitre.org reports:</p>
> +       <blockquote cite="
> https://gitlab.gnome.org/GNOME/libxml2/-/issues/847">;
> +         <p>libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a
> stack-based
> +       buffer overflow in xmlSnprintfElements in valid.c.  To exploit
> this,
> +       DTD validation must occur for an untrusted document or untrusted
> +       DTD.  NOTE: this is similar to CVE-2017-9047.</p>
> +       </blockquote>
> +       </body>
> +    </description>
> +    <references>
> +      <cvename>CVE-2025-24928</cvename>
> +      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-24928</url>;
> +    </references>
> +    <dates>
> +      <discovery>2025-02-18</discovery>
> +      <entry>2025-05-31</entry>
> +    </dates>
> +  </vuln>
> +
> +  <vuln vid="bd2af307-3e50-11f0-95d4-00a098b42aeb">
> +    <topic>libxml2 -- Use After Free</topic>
> +    <affects>
> +      <package>
> +       <name>libxml2</name>
> +       <range><lt>2.13.6</lt></range>
> +      </package>
> +    </affects>
> +    <description>
> +       <body xmlns="http://www.w3.org/1999/xhtml">;
> +       <p>cve@mitre.org reports:</p>
> +       <blockquote cite="
> https://gitlab.gnome.org/GNOME/libxml2/-/issues/828">;
> +         <p>libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a
> use-after-free
> +       in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in
> +       xmlschemas.c.  To exploit this, a crafted XML document must be
> +       validated against an XML schema with certain identity constraints,
> +       or a crafted XML schema must be used.</p>
> +       </blockquote>
> +       </body>
> +    </description>
> +    <references>
> +      <cvename>CVE-2024-56171</cvename>
> +      <url>https://nvd.nist.gov/vuln/detail/CVE-2024-56171</url>;
> +    </references>
> +    <dates>
> +      <discovery>2025-02-18</discovery>
> +      <entry>2025-05-31</entry>
> +    </dates>
> +  </vuln>
> +
>    <vuln vid="25acd603-3dde-11f0-8cb5-a8a1599412c6">
>      <topic>chromium -- multiple security fixes</topic>
>      <affects>
>

[-- Attachment #2 --]
<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Sat, May 31, 2025 at 7:18 PM Daniel Engberg &lt;<a href="mailto:diizzy@freebsd.org">diizzy@freebsd.org</a>&gt; wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">The branch main has been updated by diizzy:<br>
<br>
URL: <a href="https://cgit.FreeBSD.org/ports/commit/?id=9a596e5a5345db82dcf952243faa5e9d80d2ef1b" rel="noreferrer" target="_blank">https://cgit.FreeBSD.org/ports/commit/?id=9a596e5a5345db82dcf952243faa5e9d80d2ef1b</a><br>;
<br>
commit 9a596e5a5345db82dcf952243faa5e9d80d2ef1b<br>
Author:     Daniel Engberg &lt;diizzy@FreeBSD.org&gt;<br>
AuthorDate: 2025-05-31 17:17:46 +0000<br>
Commit:     Daniel Engberg &lt;diizzy@FreeBSD.org&gt;<br>
CommitDate: 2025-05-31 17:17:49 +0000<br>
<br>
    security/vuxml: Document libxml2 vulnerabilities<br>
<br>
    Document CVE-2024-56171, CVE-2025-24928 and CVE-2025-32414<br>
---<br>
 security/vuxml/vuln/2025.xml | 89 ++++++++++++++++++++++++++++++++++++++++++++<br>
 1 file changed, 89 insertions(+)<br>
<br>
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml<br>
index 4681d7869854..1cd062837b12 100644<br>
--- a/security/vuxml/vuln/2025.xml<br>
+++ b/security/vuxml/vuln/2025.xml<br>
@@ -1,3 +1,92 @@<br>
+  &lt;vuln vid=&quot;2926c487-3e53-11f0-95d4-00a098b42aeb&quot;&gt;<br>
+    &lt;topic&gt;libxml2 -- Out-of-bounds memory access&lt;/topic&gt;<br>
+    &lt;affects&gt;<br>
+      &lt;package&gt;<br>
+       &lt;name&gt;xmlsoft&lt;/name&gt;<br></blockquote><div><br></div><div>^^^^^^^^^^^^^^^^^^^</div><div><br></div><div>What port is xmlsoft? Shouldn&#39;t this be libxml2?</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
+       &lt;range&gt;&lt;lt&gt;2.14.2&lt;/lt&gt;&lt;/range&gt;<br>
+      &lt;/package&gt;<br>
+    &lt;/affects&gt;<br>
+    &lt;description&gt;<br>
+       &lt;body xmlns=&quot;<a href="http://www.w3.org/1999/xhtml" rel="noreferrer" target="_blank">http://www.w3.org/1999/xhtml</a>&quot;&gt;<br>;
+       &lt;p&gt;<a href="mailto:cve@mitre.org" target="_blank">cve@mitre.org</a> reports:&lt;/p&gt;<br>
+       &lt;blockquote cite=&quot;<a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/889" rel="noreferrer" target="_blank">https://gitlab.gnome.org/GNOME/libxml2/-/issues/889</a>&quot;&gt;<br>;
+         &lt;p&gt;In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds<br>
+       memory access can occur in the Python API (Python bindings) because<br>
+       of an incorrect return value.  This occurs in xmlPythonFileRead and<br>
+       xmlPythonFileReadRaw because of a difference between bytes and<br>
+       characters.&lt;/p&gt;<br>
+       &lt;/blockquote&gt;<br>
+       &lt;/body&gt;<br>
+    &lt;/description&gt;<br>
+    &lt;references&gt;<br>
+      &lt;cvename&gt;CVE-2025-32414&lt;/cvename&gt;<br>
+      &lt;url&gt;<a href="https://nvd.nist.gov/vuln/detail/CVE-2025-32414" rel="noreferrer" target="_blank">https://nvd.nist.gov/vuln/detail/CVE-2025-32414</a>&lt;/url&gt;<br>;
+    &lt;/references&gt;<br>
+    &lt;dates&gt;<br>
+      &lt;discovery&gt;2025-04-08&lt;/discovery&gt;<br>
+      &lt;entry&gt;2025-05-31&lt;/entry&gt;<br>
+    &lt;/dates&gt;<br>
+  &lt;/vuln&gt;<br>
+<br>
+  &lt;vuln vid=&quot;fdd02be0-3e50-11f0-95d4-00a098b42aeb&quot;&gt;<br>
+    &lt;topic&gt;libxml2 -- Stack-based Buffer Overflow&lt;/topic&gt;<br>
+    &lt;affects&gt;<br>
+      &lt;package&gt;<br>
+       &lt;name&gt;libxml2&lt;/name&gt;<br>
+       &lt;range&gt;&lt;lt&gt;2.13.6&lt;/lt&gt;&lt;/range&gt;<br>
+      &lt;/package&gt;<br>
+    &lt;/affects&gt;<br>
+    &lt;description&gt;<br>
+       &lt;body xmlns=&quot;<a href="http://www.w3.org/1999/xhtml" rel="noreferrer" target="_blank">http://www.w3.org/1999/xhtml</a>&quot;&gt;<br>;
+       &lt;p&gt;<a href="mailto:cve@mitre.org" target="_blank">cve@mitre.org</a> reports:&lt;/p&gt;<br>
+       &lt;blockquote cite=&quot;<a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/847" rel="noreferrer" target="_blank">https://gitlab.gnome.org/GNOME/libxml2/-/issues/847</a>&quot;&gt;<br>;
+         &lt;p&gt;libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based<br>
+       buffer overflow in xmlSnprintfElements in valid.c.  To exploit this,<br>
+       DTD validation must occur for an untrusted document or untrusted<br>
+       DTD.  NOTE: this is similar to CVE-2017-9047.&lt;/p&gt;<br>
+       &lt;/blockquote&gt;<br>
+       &lt;/body&gt;<br>
+    &lt;/description&gt;<br>
+    &lt;references&gt;<br>
+      &lt;cvename&gt;CVE-2025-24928&lt;/cvename&gt;<br>
+      &lt;url&gt;<a href="https://nvd.nist.gov/vuln/detail/CVE-2025-24928" rel="noreferrer" target="_blank">https://nvd.nist.gov/vuln/detail/CVE-2025-24928</a>&lt;/url&gt;<br>;
+    &lt;/references&gt;<br>
+    &lt;dates&gt;<br>
+      &lt;discovery&gt;2025-02-18&lt;/discovery&gt;<br>
+      &lt;entry&gt;2025-05-31&lt;/entry&gt;<br>
+    &lt;/dates&gt;<br>
+  &lt;/vuln&gt;<br>
+<br>
+  &lt;vuln vid=&quot;bd2af307-3e50-11f0-95d4-00a098b42aeb&quot;&gt;<br>
+    &lt;topic&gt;libxml2 -- Use After Free&lt;/topic&gt;<br>
+    &lt;affects&gt;<br>
+      &lt;package&gt;<br>
+       &lt;name&gt;libxml2&lt;/name&gt;<br>
+       &lt;range&gt;&lt;lt&gt;2.13.6&lt;/lt&gt;&lt;/range&gt;<br>
+      &lt;/package&gt;<br>
+    &lt;/affects&gt;<br>
+    &lt;description&gt;<br>
+       &lt;body xmlns=&quot;<a href="http://www.w3.org/1999/xhtml" rel="noreferrer" target="_blank">http://www.w3.org/1999/xhtml</a>&quot;&gt;<br>;
+       &lt;p&gt;<a href="mailto:cve@mitre.org" target="_blank">cve@mitre.org</a> reports:&lt;/p&gt;<br>
+       &lt;blockquote cite=&quot;<a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/828" rel="noreferrer" target="_blank">https://gitlab.gnome.org/GNOME/libxml2/-/issues/828</a>&quot;&gt;<br>;
+         &lt;p&gt;libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free<br>
+       in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in<br>
+       xmlschemas.c.  To exploit this, a crafted XML document must be<br>
+       validated against an XML schema with certain identity constraints,<br>
+       or a crafted XML schema must be used.&lt;/p&gt;<br>
+       &lt;/blockquote&gt;<br>
+       &lt;/body&gt;<br>
+    &lt;/description&gt;<br>
+    &lt;references&gt;<br>
+      &lt;cvename&gt;CVE-2024-56171&lt;/cvename&gt;<br>
+      &lt;url&gt;<a href="https://nvd.nist.gov/vuln/detail/CVE-2024-56171" rel="noreferrer" target="_blank">https://nvd.nist.gov/vuln/detail/CVE-2024-56171</a>&lt;/url&gt;<br>;
+    &lt;/references&gt;<br>
+    &lt;dates&gt;<br>
+      &lt;discovery&gt;2025-02-18&lt;/discovery&gt;<br>
+      &lt;entry&gt;2025-05-31&lt;/entry&gt;<br>
+    &lt;/dates&gt;<br>
+  &lt;/vuln&gt;<br>
+<br>
   &lt;vuln vid=&quot;25acd603-3dde-11f0-8cb5-a8a1599412c6&quot;&gt;<br>
     &lt;topic&gt;chromium -- multiple security fixes&lt;/topic&gt;<br>
     &lt;affects&gt;<br>
</blockquote></div></div>

home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGwOe2Z6VSDmT7VWwyGFK4ngTayUGosL1pztCbQjpiB8sY-cgg>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation