[Bug 1201849] [NEW] libxml2 security update regression

[Marc Deslauriers]

*** This bug is a security vulnerability ***

Public security bug reported:

USN-1904-1 seems to have introduced a regression.

See
https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1194410/comments/5

Steps to reproduce:

>>> from io import BytesIO
>>> from lxml import etree
>>> xml='''<root>
... <child name='one' />
... <child name='two' />
... </root>
... '''
>>> document = etree.iterparse(BytesIO(xml), events=('end',), tag='root')
>>> for action, elem in document:
... print("%s: %s" % (action, elem.tag))
...
end: root
>>> file('/tmp/test.xml', 'w').write(xml)
>>> document = etree.iterparse('/tmp/test.xml', events=('end',), tag='root')
>>> for action, elem in document:
... print("%s: %s" % (action, elem.tag))
...
end: root
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "iterparse.pxi", line 478, in lxml.etree.iterparse.__next__ 
(src/lxml/lxml.etree.c:98432)
  File "iterparse.pxi", line 530, in lxml.etree.iterparse._read_more_events 
(src/lxml/lxml.etree.c:98953)
  File "parser.pxi", line 601, in lxml.etree._raiseParseError 
(src/lxml/lxml.etree.c:74863)
lxml.etree.XMLSyntaxError: None

Can reproduce on Precise and Quantal

** Affects: libxml2 (Ubuntu)
     Importance: Undecided
     Assignee: Marc Deslauriers (mdeslaur)
         Status: New

** Affects: libxml2 (Ubuntu Lucid)
     Importance: Undecided
     Assignee: Marc Deslauriers (mdeslaur)
         Status: New

** Affects: libxml2 (Ubuntu Precise)
     Importance: Undecided
     Assignee: Marc Deslauriers (mdeslaur)
         Status: New

** Affects: libxml2 (Ubuntu Quantal)
     Importance: Undecided
     Assignee: Marc Deslauriers (mdeslaur)
         Status: New

** Affects: libxml2 (Ubuntu Raring)
     Importance: Undecided
     Assignee: Marc Deslauriers (mdeslaur)
         Status: New

** Also affects: libxml2 (Ubuntu Lucid)
   Importance: Undecided
       Status: New

** Also affects: libxml2 (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Also affects: libxml2 (Ubuntu Raring)
   Importance: Undecided
       Status: New

** Also affects: libxml2 (Ubuntu Quantal)
   Importance: Undecided
       Status: New

** Changed in: libxml2 (Ubuntu)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: libxml2 (Ubuntu Lucid)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: libxml2 (Ubuntu Quantal)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: libxml2 (Ubuntu Raring)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: libxml2 (Ubuntu Precise)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1201849

Title:
  libxml2 security update regression

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1201849/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs