[Bug 2112062] [NEW] Merge raptor2 from Debian Unstable for questing

Bryce Harrington Thu, 29 May 2025 01:36:38 -0700

Public bug reported:

Scheduled-For: ubuntu-25.06
Ubuntu: 2.0.16-4ubuntu2
Debian Unstable: 2.0.16-6


A new release of raptor2 is available for merging from Debian Unstable.

If it turns out this needs a sync rather than a merge, please change the
tag 'dcr-merge' to 'dcr-sync', and (optionally) update the title as
desired.

### New Debian Changes ###

raptor2 (2.0.16-6) unstable; urgency=medium

  * QA upload.
  * Integer Underflow in raptor_uri_normalize_path() (CVE-2024-57823)
    (Closes: #1067896)
  * Heap read buffer overflow in ntriples bnode (CVE-2024-57822)
    (Closes: #1067896)
  * Tests for Github issue 70

 -- Salvatore Bonaccorso <[email protected]>  Sat, 29 Mar 2025 15:33:08
+0100

raptor2 (2.0.16-5) unstable; urgency=medium

  * QA upload.
  * Make OpenSSL the primary curl backend.
  * Update Standards-Version to 4.7.1, no changes needed.
  * Add upstream signing key and check the signature.

 -- Simon Quigley <[email protected]>  Sat, 22 Feb 2025 17:04:28 -0600


### Old Ubuntu Delta ###

raptor2 (2.0.16-4ubuntu2) questing; urgency=medium

  * No-change rebuild for libxml2 soname change.

 -- Matthias Klose <[email protected]>  Wed, 21 May 2025 08:16:01 +0200

raptor2 (2.0.16-4ubuntu1) plucky; urgency=medium

  * SECURITY UPDATE: heap overread when parsing triples
    - debian/patches/CVE-2024-57822.patch: only allow looking at the last
      character of a bnode ID only if bnode length >0 in
      src/raptor_ntriples.c.
    - debian/patches/CVE-2024-5782x-tests.patch: added test in
      configure.ac, tests/Makefile.am, tests/bugs/Makefile.am,
      tests/bugs/issue70b.c.
    - CVE-2024-57822
  * SECURITY UPDATE: integer overflow when normalizing a URI
    - debian/patches/CVE-2024-57823.patch: return empty buffer if path gets
      to 0 length in src/raptor_rfc2396.c.
    - debian/patches/CVE-2024-5782x-tests.patch: added test in
      configure.ac, tests/Makefile.am, tests/bugs/Makefile.am,
      tests/bugs/issue70a.c.
    - CVE-2024-57823

 -- Marc Deslauriers <[email protected]>  Tue, 25 Feb 2025
07:53:56 -0500

** Affects: raptor2 (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: dcr-merge

** Changed in: raptor2 (Ubuntu)
    Milestone: None => ubuntu-25.06

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2112062

Title:
  Merge raptor2 from Debian Unstable for questing

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/raptor2/+bug/2112062/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2112062] [NEW] Merge raptor2 from Debian Unstable for questing

Reply via email to