Bug 1224283

Summary: VUL-0: CVE-2024-34459: python-libxml2: libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c
Product: [Novell Products] SUSE Security Incidents Reporter: Camila Camargo de Matos <camila.matos>
Component: IncidentsAssignee: David Anes <david.anes>
Status: RESOLVED DUPLICATE QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P3 - Medium CC: camila.matos, security-team, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/405285/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1224281    

Description Camila Camargo de Matos 2024-05-15 11:05:00 UTC 
+++ This bug was initially created as a clone of Bug #1224281 +++

An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-34459
https://www.cve.org/CVERecord?id=CVE-2024-34459
https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7
https://bugzilla.redhat.com/show_bug.cgi?id=2280532
https://jira.suse.com/browse/CAR-3459
Comment 4 David Anes 2024-07-01 12:03:27 UTC 
Should be fixed everywhere, waiting for the updates to popup...
Comment 5 David Anes 2024-07-01 12:04:52 UTC 
Fixed via bsc#1224282 

Can we mark this as a duplicate of that one, Camila? They are effectively the same package.
Comment 6 Camila Camargo de Matos 2024-07-01 14:59:38 UTC 
(In reply to David Anes from comment #5)
> Fixed via bsc#1224282 
> 
> Can we mark this as a duplicate of that one, Camila? They are effectively
> the same package.

Yes. I will mark this as a duplicate. Thanks!

*** This bug has been marked as a duplicate of bug 1224282 ***