debcrafters-packages team mailing list archive

Thread
Date

[Bug 2112062] Re: Merge raptor2 from Debian Unstable for questing

To: debcrafters-packages@xxxxxxxxxxxxxxxxxxx
From: John Chittum <2112062@xxxxxxxxxxxxxxxxxx>
Date: Thu, 05 Jun 2025 17:55:38 -0000
Reply-to: Bug 2112062 <2112062@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

** Changed in: raptor2 (Ubuntu)
     Assignee: (unassigned) => Simon Poirier (simpoir)

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to raptor2 in Ubuntu.
https://bugs.launchpad.net/bugs/2112062

Title:
  Merge raptor2 from Debian Unstable for questing

Status in raptor2 package in Ubuntu:
  New

Bug description:
  Scheduled-For: ubuntu-25.06
  Ubuntu: 2.0.16-4ubuntu2
  Debian Unstable: 2.0.16-6

  A new release of raptor2 is available for merging from Debian
  Unstable.

  If it turns out this needs a sync rather than a merge, please change
  the tag 'dcr-merge' to 'dcr-sync', and (optionally) update the title
  as desired.

  ### New Debian Changes ###

  raptor2 (2.0.16-6) unstable; urgency=medium

    * QA upload.
    * Integer Underflow in raptor_uri_normalize_path() (CVE-2024-57823)
      (Closes: #1067896)
    * Heap read buffer overflow in ntriples bnode (CVE-2024-57822)
      (Closes: #1067896)
    * Tests for Github issue 70

   -- Salvatore Bonaccorso <carnil@xxxxxxxxxx>  Sat, 29 Mar 2025
  15:33:08 +0100

  raptor2 (2.0.16-5) unstable; urgency=medium

    * QA upload.
    * Make OpenSSL the primary curl backend.
    * Update Standards-Version to 4.7.1, no changes needed.
    * Add upstream signing key and check the signature.

   -- Simon Quigley <tsimonq2@xxxxxxxxxx>  Sat, 22 Feb 2025 17:04:28
  -0600


  ### Old Ubuntu Delta ###

  raptor2 (2.0.16-4ubuntu2) questing; urgency=medium

    * No-change rebuild for libxml2 soname change.

   -- Matthias Klose <doko@xxxxxxxxxx>  Wed, 21 May 2025 08:16:01 +0200

  raptor2 (2.0.16-4ubuntu1) plucky; urgency=medium

    * SECURITY UPDATE: heap overread when parsing triples
      - debian/patches/CVE-2024-57822.patch: only allow looking at the last
        character of a bnode ID only if bnode length >0 in
        src/raptor_ntriples.c.
      - debian/patches/CVE-2024-5782x-tests.patch: added test in
        configure.ac, tests/Makefile.am, tests/bugs/Makefile.am,
        tests/bugs/issue70b.c.
      - CVE-2024-57822
    * SECURITY UPDATE: integer overflow when normalizing a URI
      - debian/patches/CVE-2024-57823.patch: return empty buffer if path gets
        to 0 length in src/raptor_rfc2396.c.
      - debian/patches/CVE-2024-5782x-tests.patch: added test in
        configure.ac, tests/Makefile.am, tests/bugs/Makefile.am,
        tests/bugs/issue70a.c.
      - CVE-2024-57823

   -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>  Tue, 25 Feb 2025
  07:53:56 -0500

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/raptor2/+bug/2112062/+subscriptions

References

[Bug 2112062] [NEW] Merge raptor2 from Debian Unstable for questing
From: Bryce Harrington, 2025-05-29