Change log for expat package in Ubuntu

171 of 71 results
Published in disco-release on 2018-10-30
Published in cosmic-release on 2018-08-21
Deleted in cosmic-proposed (Reason: moved to release)
expat (2.2.6-1) unstable; urgency=medium

  * New upstream release.
  * Disable Vcs-* fields for now.
  * Update Standards-Version to 4.1.5 .

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Wed, 15 Aug 2018 15:18:15 +0000

Available diffs

Superseded in cosmic-release on 2018-08-21
Published in bionic-release on 2017-12-22
Deleted in bionic-proposed (Reason: moved to release)
expat (2.2.5-3) unstable; urgency=medium

  * Don't install irrelevant README.md (closes: #884818).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Wed, 20 Dec 2017 00:17:04 +0000
Superseded in bionic-proposed on 2017-12-20
expat (2.2.5-2) unstable; urgency=medium

  * Upload to Sid.
  * Install AUTHORS file.
  * Update project homepage.
  * Migrate d/copyright to format 1.0 .
  * Update debhelper level to 11 .

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sun, 17 Dec 2017 07:33:25 +0000
Superseded in bionic-release on 2017-12-22
Deleted in bionic-proposed on 2018-01-17 (Reason: moved to release)
expat (2.2.5-0ubuntu2) bionic; urgency=medium

  * New upstream version.
  * Bump standards version.
  * Adjust build system for upstream change to autotools.

 -- Matthias Klose <email address hidden>  Wed, 06 Dec 2017 17:40:35 +0100
Superseded in bionic-proposed on 2017-12-06
expat (2.2.5-0ubuntu1) bionic; urgency=medium

  * New upstream version.
  * Bump standards version.
  * Adjust build system for upstream change to autotools.

 -- Matthias Klose <email address hidden>  Wed, 06 Dec 2017 17:40:35 +0100
Superseded in bionic-release on 2017-12-07
Deleted in bionic-proposed on 2017-12-09 (Reason: moved to release)
expat (2.2.3-2) unstable; urgency=medium

  * Do not install .la files (closes: #880110).
  * Don't expose libbsd-dev dependency on libexpat1-dev .
  * Update Standards-Version to 4.1.1:
    - change libexpat1-udeb priority to optional.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sun, 05 Nov 2017 13:01:19 +0000

Available diffs

Superseded in bionic-release on 2017-11-12
Published in artful-release on 2017-08-04
Deleted in artful-proposed (Reason: moved to release)
expat (2.2.3-1) unstable; urgency=medium

  * New upstream release.
  * Remove dh-autoreconf build dependency.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Wed, 02 Aug 2017 19:54:40 +0000

Available diffs

Superseded in artful-release on 2017-08-04
Deleted in artful-proposed on 2017-08-05 (Reason: moved to release)
expat (2.2.2-2) unstable; urgency=medium

  * Build with libbsd on Hurd as well.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sun, 16 Jul 2017 14:23:03 +0000

Available diffs

Superseded in artful-proposed on 2017-07-16
expat (2.2.2-1) unstable; urgency=high

  * New upstream release:
    - fix non-NULL parser parameter validation in XML_Parse; resulted in
      NULL dereference.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Thu, 13 Jul 2017 22:46:33 +0000

Available diffs

Superseded in artful-proposed on 2017-07-14
expat (2.2.1-3) unstable; urgency=medium

  * Add libbsd-dev dependency to libexpat1-dev on kFreeBSD architectures
    (closes: #867252).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Wed, 05 Jul 2017 17:45:36 +0000

Available diffs

Published in trusty-updates on 2017-07-19
Published in trusty-security on 2017-07-19
expat (2.1.0-4ubuntu1.4) trusty-security; urgency=medium

  * SECURITY UPDATE: external entity infinite loop
    - debian/patches/CVE-2017-9233.patch: add check to lib/xmlparse.c.
    - CVE-2017-9233

 -- Marc Deslauriers <email address hidden>  Tue, 27 Jun 2017 09:05:59 -0400

Available diffs

Published in xenial-updates on 2017-07-19
Published in xenial-security on 2017-07-19
expat (2.1.0-7ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: external entity infinite loop
    - debian/patches/CVE-2017-9233.patch: add check to lib/xmlparse.c.
    - CVE-2017-9233

 -- Marc Deslauriers <email address hidden>  Tue, 27 Jun 2017 09:05:33 -0400
Obsolete in yakkety-updates on 2018-01-23
Obsolete in yakkety-security on 2018-01-23
expat (2.2.0-1ubuntu0.1) yakkety-security; urgency=medium

  * SECURITY UPDATE: external entity infinite loop
    - debian/patches/CVE-2017-9233.patch: add check to lib/xmlparse.c.
    - CVE-2017-9233

 -- Marc Deslauriers <email address hidden>  Tue, 27 Jun 2017 09:05:06 -0400
Obsolete in zesty-updates on 2018-06-22
Obsolete in zesty-security on 2018-06-22
expat (2.2.0-2ubuntu0.1) zesty-security; urgency=medium

  * SECURITY UPDATE: external entity infinite loop
    - debian/patches/CVE-2017-9233.patch: add check to lib/xmlparse.c.
    - CVE-2017-9233

 -- Marc Deslauriers <email address hidden>  Tue, 27 Jun 2017 08:23:49 -0400
Superseded in artful-release on 2017-07-23
Deleted in artful-proposed on 2017-07-24 (Reason: moved to release)
expat (2.2.1-2) unstable; urgency=medium

  * Fix mis-detection of getrandom() on kFreeBSD.
  * Utilize libbsd for arc4random_buf() on kFreeBSD.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Thu, 22 Jun 2017 21:05:46 +0000

Available diffs

Superseded in artful-release on 2017-06-25
Deleted in artful-proposed on 2017-06-27 (Reason: moved to release)
expat (2.2.1-1) unstable; urgency=high

  * New upstream release:
    - upstream fix for CVE-2016-9063 to prevent undefined behavior from signed
      integer overflow,
    - fix CVE-2017-9233: external entity infinite loop DoS,
    - fix regression from fix to CVE-2016-0718 cutting off longer tag names,
    - use high quality entropy for hash initialization for part of
      CVE-2016-5300,
    - change hash algorithm to William Ahern's version of SipHash to go
      further with fixing CVE-2012-0876.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sat, 17 Jun 2017 20:48:02 +0000

Available diffs

Superseded in artful-release on 2017-06-20
Obsolete in zesty-release on 2018-06-22
Deleted in zesty-proposed on 2018-06-22 (Reason: moved to release)
expat (2.2.0-2) unstable; urgency=high

  * Use fix from Mozilla for CVE-2016-9063: integer overflow during the
    parsing of XML.
  * Replace deprecated -s debhelper switch with the -a one.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Mon, 02 Jan 2017 21:12:32 +0000

Available diffs

Superseded in zesty-release on 2017-02-16
Obsolete in yakkety-release on 2018-01-23
Deleted in yakkety-proposed on 2018-01-23 (Reason: moved to release)
expat (2.2.0-1) unstable; urgency=low

  * New upstream release, update symbols accordingly.
  * Use upstream manpage for xmlwf.
  * Drop all patches as this release contains those.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Tue, 21 Jun 2016 15:29:58 +0000
Superseded in trusty-updates on 2017-07-19
Superseded in trusty-security on 2017-07-19
expat (2.1.0-4ubuntu1.3) trusty-security; urgency=medium

  * SECURITY UPDATE: unanticipated internal calls to srand
    - debian/patches/CVE-2012-6702-1.patch: remove srand, use more entropy
      in lib/xmlparse.c.
    - debian/patches/CVE-2012-6702-2.patch: use a prime that fits 32bits on
      32bit platforms in lib/xmlparse.c.
    - CVE-2012-6702
  * SECURITY UPDATE: use of too little entropy
    - debian/patches/CVE-2016-5300-1.patch: extract method
      gather_time_entropy in lib/xmlparse.c.
    - debian/patches/CVE-2016-5300-2.patch: extract entropy from XML_Parser
      address in lib/xmlparse.c.
    - CVE-2016-5300

 -- Marc Deslauriers <email address hidden>  Fri, 10 Jun 2016 08:50:53 -0400
Superseded in xenial-updates on 2017-07-19
Superseded in xenial-security on 2017-07-19
expat (2.1.0-7ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: unanticipated internal calls to srand
    - debian/patches/CVE-2012-6702-1.patch: remove srand, use more entropy
      in lib/xmlparse.c.
    - debian/patches/CVE-2012-6702-2.patch: use a prime that fits 32bits on
      32bit platforms in lib/xmlparse.c.
    - CVE-2012-6702
  * SECURITY UPDATE: use of too little entropy
    - debian/patches/CVE-2016-5300-1.patch: extract method
      gather_time_entropy in lib/xmlparse.c.
    - debian/patches/CVE-2016-5300-2.patch: extract entropy from XML_Parser
      address in lib/xmlparse.c.
    - CVE-2016-5300

 -- Marc Deslauriers <email address hidden>  Fri, 10 Jun 2016 08:48:04 -0400
Obsolete in wily-updates on 2018-01-22
Obsolete in wily-security on 2018-01-22
expat (2.1.0-7ubuntu0.15.10.2) wily-security; urgency=medium

  * SECURITY UPDATE: unanticipated internal calls to srand
    - debian/patches/CVE-2012-6702-1.patch: remove srand, use more entropy
      in lib/xmlparse.c.
    - debian/patches/CVE-2012-6702-2.patch: use a prime that fits 32bits on
      32bit platforms in lib/xmlparse.c.
    - CVE-2012-6702
  * SECURITY UPDATE: use of too little entropy
    - debian/patches/CVE-2016-5300-1.patch: extract method
      gather_time_entropy in lib/xmlparse.c.
    - debian/patches/CVE-2016-5300-2.patch: extract entropy from XML_Parser
      address in lib/xmlparse.c.
    - CVE-2016-5300

 -- Marc Deslauriers <email address hidden>  Fri, 10 Jun 2016 08:50:11 -0400
Published in precise-updates on 2016-06-20
Published in precise-security on 2016-06-20
expat (2.0.1-7.2ubuntu1.4) precise-security; urgency=medium

  * SECURITY UPDATE: unanticipated internal calls to srand
    - debian/patches/CVE-2012-6702-1.dpatch: remove srand, use more entropy
      in lib/xmlparse.c.
    - debian/patches/CVE-2012-6702-2.dpatch: use a prime that fits 32bits
      on 32bit platforms in lib/xmlparse.c.
    - CVE-2012-6702
  * SECURITY UPDATE: use of too little entropy
    - debian/patches/CVE-2016-5300-1.dpatch: extract method
      gather_time_entropy in lib/xmlparse.c.
    - debian/patches/CVE-2016-5300-2.dpatch: extract entropy from
      XML_Parser address in lib/xmlparse.c.
    - CVE-2016-5300

 -- Marc Deslauriers <email address hidden>  Fri, 10 Jun 2016 08:54:12 -0400
Superseded in yakkety-release on 2016-07-13
Deleted in yakkety-proposed on 2016-07-14 (Reason: moved to release)
expat (2.1.1-1ubuntu2) yakkety; urgency=medium

  * SECURITY UPDATE: unanticipated internal calls to srand
    - debian/patches/CVE-2012-6702-1.patch: remove srand, use more entropy
      in lib/xmlparse.c.
    - debian/patches/CVE-2012-6702-2.patch: use a prime that fits 32bits on
      32bit platforms in lib/xmlparse.c.
    - CVE-2012-6702
  * SECURITY UPDATE: use of too little entropy
    - debian/patches/CVE-2016-5300-1.patch: extract method
      gather_time_entropy in lib/xmlparse.c.
    - debian/patches/CVE-2016-5300-2.patch: extract entropy from XML_Parser
      address in lib/xmlparse.c.
    - CVE-2016-5300

 -- Marc Deslauriers <email address hidden>  Fri, 10 Jun 2016 07:58:42 -0400

Available diffs

Superseded in yakkety-release on 2016-06-12
Deleted in yakkety-proposed on 2016-06-13 (Reason: moved to release)
expat (2.1.1-1ubuntu1) yakkety; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    malformed documents
    - debian/patches/CVE-2016-0718.patch: fix out of bounds memory access
      and integer overflow in lib/xmlparse.c, lib/xmltok.c, lib/xmltok.h,
      lib/xmltok_impl.c.
    - CVE-2016-0718
  * SECURITY UPDATE: integer overflows in XML_GetBuffer
    - debian/patches/CVE-2015-1283-refix.patch: improved existing fix in
      lib/xmlparse.c.
    - CVE-2015-1283

 -- Marc Deslauriers <email address hidden>  Mon, 16 May 2016 12:31:20 -0400
Superseded in precise-updates on 2016-06-20
Superseded in precise-security on 2016-06-20
expat (2.0.1-7.2ubuntu1.3) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    malformed documents
    - debian/patches/CVE-2016-0718.dpatch: fix out of bounds memory access
      and integer overflow in lib/xmlparse.c, lib/xmltok.c, lib/xmltok.h,
      lib/xmltok_impl.c.
    - CVE-2016-0718
  * SECURITY UPDATE: integer overflows in XML_GetBuffer
    - debian/patches/CVE-2015-1283-refix.dpatch: improved existing fix in
      lib/xmlparse.c.
    - CVE-2015-1283

 -- Marc Deslauriers <email address hidden>  Mon, 16 May 2016 12:54:36 -0400
Superseded in trusty-updates on 2016-06-20
Superseded in trusty-security on 2016-06-20
expat (2.1.0-4ubuntu1.2) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    malformed documents
    - debian/patches/CVE-2016-0718.patch: fix out of bounds memory access
      and integer overflow in lib/xmlparse.c, lib/xmltok.c, lib/xmltok.h,
      lib/xmltok_impl.c.
    - CVE-2016-0718
  * SECURITY UPDATE: integer overflows in XML_GetBuffer
    - debian/patches/CVE-2015-1283-refix.patch: improved existing fix in
      lib/xmlparse.c.
    - CVE-2015-1283

 -- Marc Deslauriers <email address hidden>  Mon, 16 May 2016 12:51:23 -0400
Superseded in wily-updates on 2016-06-20
Superseded in wily-security on 2016-06-20
expat (2.1.0-7ubuntu0.15.10.1) wily-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    malformed documents
    - debian/patches/CVE-2016-0718.patch: fix out of bounds memory access
      and integer overflow in lib/xmlparse.c, lib/xmltok.c, lib/xmltok.h,
      lib/xmltok_impl.c.
    - CVE-2016-0718
  * SECURITY UPDATE: integer overflows in XML_GetBuffer
    - debian/patches/CVE-2015-1283-refix.patch: improved existing fix in
      lib/xmlparse.c.
    - CVE-2015-1283

 -- Marc Deslauriers <email address hidden>  Mon, 16 May 2016 12:47:07 -0400
Superseded in xenial-updates on 2016-06-20
Superseded in xenial-security on 2016-06-20
expat (2.1.0-7ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    malformed documents
    - debian/patches/CVE-2016-0718.patch: fix out of bounds memory access
      and integer overflow in lib/xmlparse.c, lib/xmltok.c, lib/xmltok.h,
      lib/xmltok_impl.c.
    - CVE-2016-0718
  * SECURITY UPDATE: integer overflows in XML_GetBuffer
    - debian/patches/CVE-2015-1283-refix.patch: improved existing fix in
      lib/xmlparse.c.
    - CVE-2015-1283

 -- Marc Deslauriers <email address hidden>  Mon, 16 May 2016 12:47:07 -0400
Superseded in yakkety-release on 2016-05-24
Deleted in yakkety-proposed on 2016-05-25 (Reason: moved to release)
expat (2.1.1-1) unstable; urgency=low

  * New upstream release.
  * Remove all patches, applied upstream.
  * Update Standards-Version to 3.9.7 .

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sat, 12 Mar 2016 07:28:07 +0100

Available diffs

Obsolete in vivid-updates on 2018-01-18
Obsolete in vivid-security on 2018-01-18
expat (2.1.0-6ubuntu1.1) vivid-security; urgency=medium

  * SECURITY UPDATE: integer overflows in XML_GetBuffer
    - debian/patches/CVE-2015-1283.patch: add checks to lib/xmlparse.c.
    - CVE-2015-1283

 -- Marc Deslauriers <email address hidden>  Fri, 28 Aug 2015 09:31:01 -0400
Superseded in precise-updates on 2016-05-18
Superseded in precise-security on 2016-05-18
expat (2.0.1-7.2ubuntu1.2) precise-security; urgency=medium

  * SECURITY UPDATE: integer overflows in XML_GetBuffer
    - debian/patches/CVE-2015-1283.dpatch: add checks to lib/xmlparse.c.
    - CVE-2015-1283

 -- Marc Deslauriers <email address hidden>  Fri, 28 Aug 2015 09:33:57 -0400
Superseded in trusty-updates on 2016-05-18
Superseded in trusty-security on 2016-05-18
expat (2.1.0-4ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: integer overflows in XML_GetBuffer
    - debian/patches/CVE-2015-1283.patch: add checks to lib/xmlparse.c.
    - CVE-2015-1283

 -- Marc Deslauriers <email address hidden>  Fri, 28 Aug 2015 09:33:01 -0400
Superseded in yakkety-release on 2016-04-29
Published in xenial-release on 2015-10-22
Obsolete in wily-release on 2018-01-22
Deleted in wily-proposed (Reason: moved to release)
expat (2.1.0-7) unstable; urgency=high

  * Fix CVE-2015-1283, multiple integer overflows in the XML_GetBuffer
    function (closes: #793484).
  * Update Standards-Version to 3.9.6 .

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Fri, 24 Jul 2015 14:48:45 +0000
Superseded in wily-release on 2015-08-13
Obsolete in vivid-release on 2018-01-18
Obsolete in utopic-release on 2016-11-03
Deleted in utopic-proposed on 2018-01-19 (Reason: moved to release)
expat (2.1.0-6ubuntu1) utopic; urgency=medium

  * No-change rebuild to get debug symbols on all architectures.
 -- Brian Murray <email address hidden>   Tue, 21 Oct 2014 11:56:11 -0700
Superseded in utopic-release on 2014-10-22
Deleted in utopic-proposed on 2014-10-23 (Reason: moved to release)
expat (2.1.0-6) unstable; urgency=low


  * Really do the Ubuntu sync (closes: #748250).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Wed, 04 Jun 2014 15:54:15 +0000
Superseded in utopic-release on 2014-06-23
Deleted in utopic-proposed on 2014-06-24 (Reason: moved to release)
expat (2.1.0-5ubuntu1) utopic; urgency=medium

  * Reapply Matthias Klose's patch to use dh-autoreconf, which was not in
    fact applied in 2.1.0-5 despite the changelog.
 -- Colin Watson <email address hidden>   Wed, 04 Jun 2014 13:52:28 +0100
Superseded in utopic-proposed on 2014-06-04
expat (2.1.0-5) unstable; urgency=low


  * Move to Standards-Version 3.9.5 and to debhelper level 9 .
  * Sync with Ubuntu.

  [ Matthias Klose <email address hidden> ]
  * Use dh-autoreconf (closes: #748250).
  * Enable parallel builds.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sun, 18 May 2014 20:43:19 +0200
Superseded in utopic-release on 2014-06-04
Published in trusty-release on 2013-12-03
Deleted in trusty-proposed (Reason: moved to release)
expat (2.1.0-4ubuntu1) trusty; urgency=low

  * Use dh-autoreconf.
  * Enable parallel builds.
 -- Matthias Klose <email address hidden>   Tue, 03 Dec 2013 14:42:15 +0100
Superseded in trusty-release on 2013-12-03
Obsolete in saucy-release on 2015-04-24
Deleted in saucy-proposed on 2015-04-28 (Reason: moved to release)
expat (2.1.0-4) unstable; urgency=low


  * New maintainer (closes: #660681).
  * Update to Standards-Version 3.9.4 , no changes needed.
  * Move to compat level 8 .

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sun, 07 Jul 2013 12:43:10 +0200

Available diffs

Superseded in saucy-release on 2013-07-09
Deleted in saucy-proposed on 2013-07-10 (Reason: moved to release)
expat (2.1.0-3) unstable; urgency=low


  * QA upload, set maintainer address to the QA team.
  * Move expat_config.h into the multiarch include location.
  * Make libexpat1-dev Multi-Arch: same.
  * Update config.{guess,sub} for aarch64 (Wookey). Closes: #689619.
  * Don't ship the pkgconfig file in lib64expat1-dev. Closes: #706932.

 -- Matthias Klose <email address hidden>  Wed, 08 May 2013 11:13:47 +0200

Available diffs

Superseded in saucy-release on 2013-05-08
Obsolete in raring-release on 2015-04-24
Deleted in raring-proposed on 2015-04-27 (Reason: moved to release)
expat (2.1.0-2) experimental; urgency=low


  * QA upload, set maintainer address to the QA team.
  * Stop building the 64bit packages.
  * Move expat_config.h into the multiarch include location.
  * Make libexpat1-dev Multi-Arch: same.
  * Update config.{guess,sub} for aarch64 (Wookey). Closes: #689619.

 -- Matthias Klose <email address hidden>  Wed, 12 Dec 2012 17:44:15 +0100
Superseded in raring-release on 2012-12-13
Deleted in raring-proposed on 2012-12-14 (Reason: moved to release)
expat (2.1.0-1ubuntu2) raring; urgency=low

  * Move expat_config.h into the multiarch include location.
  * Make libexpat1-dev Multi-Arch: same.
 -- Matthias Klose <email address hidden>   Wed, 12 Dec 2012 17:44:15 +0100

Available diffs

Superseded in raring-release on 2012-12-12
Obsolete in quantal-release on 2015-04-24
expat (2.1.0-1ubuntu1) quantal; urgency=low

  * Update config.guess,sub for aarch64
 -- Wookey <email address hidden>   Mon, 01 Oct 2012 12:57:03 +0100
Obsolete in hardy-updates on 2015-04-24
Obsolete in hardy-security on 2015-04-24
expat (2.0.1-0ubuntu1.2) hardy-security; urgency=low

  * SECURITY UPDATE: Denial of service via hash collisions
    - lib/xmlparse.c: Add random salt value to hash inputs
    - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/expat.h?r1=1.80&r2=1.81
    - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.167&r2=1.168
    - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.168&r2=1.169
    - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.169&r2=1.170
    - CVE-2012-0876
  * SECURITY UPDATE: Denial of service via memory leak
    - lib/xmlparse.c: Properly reallocate memory
    - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.166&r2=1.167
    - CVE-2012-1148
 -- Tyler Hicks <email address hidden>   Thu, 09 Aug 2012 12:05:43 -0700
Obsolete in lucid-updates on 2016-10-26
Obsolete in lucid-security on 2016-10-26
expat (2.0.1-7ubuntu1.1) lucid-security; urgency=low

  * SECURITY UPDATE: Denial of service via hash collisions
    - debian/patches/577777_CVE_2012_0876.dpatch: Add random salt value to
      hash inputs. Based on upstream patch.
    - CVE-2012-0876
  * SECURITY UPDATE: Denial of service via memory leak
    - debian/patches/588888_CVE_2012_1148.dpatch: Properly reallocate memory.
      Based on upstream patch.
    - CVE-2012-1148
 -- Tyler Hicks <email address hidden>   Thu, 09 Aug 2012 12:02:05 -0700
Obsolete in natty-updates on 2013-06-04
Obsolete in natty-security on 2013-06-04
expat (2.0.1-7ubuntu3.11.04.1) natty-security; urgency=low

  * SECURITY UPDATE: Denial of service via hash collisions
    - debian/patches/577777_CVE_2012_0876.dpatch: Add random salt value to
      hash inputs. Based on upstream patch.
    - CVE-2012-0876
  * SECURITY UPDATE: Denial of service via memory leak
    - debian/patches/588888_CVE_2012_1148.dpatch: Properly reallocate memory.
      Based on upstream patch.
    - CVE-2012-1148
 -- Tyler Hicks <email address hidden>   Thu, 09 Aug 2012 11:53:57 -0700
Obsolete in oneiric-updates on 2015-04-24
Obsolete in oneiric-security on 2015-04-24
expat (2.0.1-7ubuntu3.11.10.1) oneiric-security; urgency=low

  * SECURITY UPDATE: Denial of service via hash collisions
    - debian/patches/577777_CVE_2012_0876.dpatch: Add random salt value to
      hash inputs. Based on upstream patch.
    - CVE-2012-0876
  * SECURITY UPDATE: Denial of service via memory leak
    - debian/patches/588888_CVE_2012_1148.dpatch: Properly reallocate memory.
      Based on upstream patch.
    - CVE-2012-1148
 -- Tyler Hicks <email address hidden>   Thu, 09 Aug 2012 11:49:00 -0700
Superseded in precise-updates on 2015-08-31
Superseded in precise-security on 2015-08-31
expat (2.0.1-7.2ubuntu1.1) precise-security; urgency=low

  * SECURITY UPDATE: Denial of service via memory leak
    - debian/patches/788888_CVE_2012_1148.dpatch: Properly reallocate memory.
      Based on upstream patch.
    - CVE-2012-1148
 -- Tyler Hicks <email address hidden>   Thu, 09 Aug 2012 11:15:38 -0700
Superseded in quantal-release on 2012-10-04
expat (2.1.0-1) unstable; urgency=low


  * QA upload.
  * expat 2.1.0 release.

 -- Matthias Klose <email address hidden>  Wed, 04 Apr 2012 10:22:55 +0200
Superseded in quantal-release on 2012-05-03
Published in precise-release on 2012-03-15
expat (2.0.1-7.2ubuntu1) precise; urgency=low

  * CVE-2012-0876: Randomize hashes of xml attributes in the expat library
    to avoid a denial of service due to hash collisions.  Patch by David
    Malcolm with some modifications by the expat project.
 -- Matthias Klose <email address hidden>   Thu, 15 Mar 2012 02:13:54 +0100
Superseded in precise-release on 2012-03-15
expat (2.0.1-7.2) unstable; urgency=low


  * Non-maintainer upload.
  * Fix symlink breakage introduced with my last upload.  (Closes: #647340)

 -- Robert Millan <email address hidden>  Wed, 02 Nov 2011 09:42:21 +0000
Superseded in precise-release on 2011-11-12
Obsolete in oneiric-release on 2015-04-24
Obsolete in natty-release on 2013-06-04
expat (2.0.1-7ubuntu3) natty; urgency=low

  * No-change rebuild against fixed pkgbinarymangler, to get correct
    multiarch-safe changelogs
 -- Steve Langasek <email address hidden>   Mon, 21 Mar 2011 01:19:40 -0700

Available diffs

Superseded in natty-release on 2011-03-21
expat (2.0.1-7ubuntu2) natty; urgency=low

  * Build for multiarch:
    - Pre-depend on multiarch-support.
    - Install udeb contents to /usr/lib, not to the multiarch path.
    - FFe LP: #733501
 -- Steve Langasek <email address hidden>   Thu, 17 Mar 2011 00:50:36 -0700

Available diffs

Obsolete in karmic-updates on 2013-03-04
Obsolete in karmic-security on 2013-03-04
expat (2.0.1-4ubuntu1.1) karmic-security; urgency=low

  * SECURITY UPDATE: fix DoS via malformed XML
    - update lib/xmltok_impl.c to not access beyond end of input string
    - CVE-2009-2625
  * SECURITY UPDATE: fix DoS via malformed UTF-8 sequences
    - update lib/xmlparse.c to properly recognize the end of a token
    - CVE-2009-3560
 -- Jamie Strandboge <email address hidden>   Tue, 19 Jan 2010 11:13:59 -0600
Obsolete in jaunty-updates on 2013-02-28
Obsolete in jaunty-security on 2013-02-28
expat (2.0.1-4ubuntu0.9.04.1) jaunty-security; urgency=low

  * SECURITY UPDATE: fix DoS via malformed XML
    - update lib/xmltok_impl.c to not access beyond end of input string
    - CVE-2009-2625
  * SECURITY UPDATE: fix DoS via malformed UTF-8 sequences
    - update lib/xmlparse.c to properly recognize the end of a token
    - CVE-2009-3560
 -- Jamie Strandboge <email address hidden>   Tue, 19 Jan 2010 11:38:30 -0600
Obsolete in intrepid-updates on 2013-02-20
Obsolete in intrepid-security on 2013-02-20
expat (2.0.1-4ubuntu0.8.10.1) intrepid-security; urgency=low

  * SECURITY UPDATE: fix DoS via malformed XML
    - update lib/xmltok_impl.c to not access beyond end of input string
    - CVE-2009-2625
  * SECURITY UPDATE: fix DoS via malformed UTF-8 sequences
    - update lib/xmlparse.c to properly recognize the end of a token
    - CVE-2009-3560
 -- Jamie Strandboge <email address hidden>   Tue, 19 Jan 2010 11:40:03 -0600
Obsolete in dapper-updates on 2011-09-06
Obsolete in dapper-security on 2011-09-06
expat (1.95.8-3ubuntu0.1) dapper-security; urgency=low

  * SECURITY UPDATE: fix DoS via malformed XML
    - update lib/xmltok_impl.c to not access beyond end of input string
    - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.15&r2=1.13
    - CVE-2009-2625
  * SECURITY UPDATE: fix DoS via malformed UTF-8 sequences
    - update lib/xmlparse.c to properly recognize the end of a token
    - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.166
    - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.166
    - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.165
    - CVE-2009-3560
 -- Jamie Strandboge <email address hidden>   Tue, 19 Jan 2010 11:46:25 -0600
Superseded in hardy-updates on 2012-08-10
Superseded in hardy-security on 2012-08-10
expat (2.0.1-0ubuntu1.1) hardy-security; urgency=low

  * SECURITY UPDATE: fix DoS via malformed XML
    - update lib/xmltok_impl.c to not access beyond end of input string
    - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.15&r2=1.13
    - CVE-2009-2625
  * SECURITY UPDATE: fix DoS via malformed UTF-8 sequences
    - update lib/xmlparse.c to properly recognize the end of a token
    - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.166
    - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.166
    - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.165
    - CVE-2009-3560
 -- Jamie Strandboge <email address hidden>   Tue, 19 Jan 2010 11:42:04 -0600
Superseded in natty-release on 2011-03-17
Obsolete in maverick-release on 2013-03-05
Obsolete in lucid-release on 2016-10-26
expat (2.0.1-7ubuntu1) lucid; urgency=low

  * Merge from Debian testing. Remaining changes:
    - Install run-time libraries into /lib rather than /usr/lib, since
      dbus-daemon is in /bin and links to libexpat.

Available diffs

Superseded in lucid-release on 2010-01-19
Obsolete in karmic-release on 2013-03-04
expat (2.0.1-4ubuntu1) karmic; urgency=low

  * Install run-time libraries into /lib rather than /usr/lib, since
    dbus-daemon is in /bin and links to libexpat.

 -- Colin Watson <email address hidden>   Wed, 16 Sep 2009 13:10:33 +0100

Available diffs

Superseded in karmic-release on 2009-09-16
Obsolete in jaunty-release on 2013-02-28
Obsolete in intrepid-release on 2013-02-20
expat (2.0.1-4) unstable; urgency=low

  * debian/libexpat1-dev.install: Install the libtool .la files again and drop
    them after Lenny (closes: #485460).

Available diffs

Superseded in intrepid-release on 2008-06-17
Obsolete in hardy-release on 2015-04-24
expat (2.0.1-0ubuntu1) hardy; urgency=low

  * New upstream version. LP: #133808.
  * Remove the old libexpat.so.0 symlink; this bug predates Ubuntu (was
    fixed in version 1.95.5-1).
  * Drop the extra build files in bcb5/.

 -- Matthias Klose <email address hidden>   Wed, 05 Dec 2007 17:37:50 +0100
Superseded in hardy-release on 2007-12-05
Obsolete in gutsy-release on 2011-09-16
expat (1.95.8-4ubuntu1) gutsy; urgency=low

  * Build 64bit packages.

 -- Matthias Klose <email address hidden>   Sat, 22 Sep 2007 10:00:04 +0200
Superseded in gutsy-release on 2007-09-24
expat (1.95.8-4) unstable; urgency=low

  * Acknowledged NMUs 1.95.8-3.1 - 1.95.8-3.4
    ( closes: Bug#355937, Bug#354244, Bug#342684)
  * lib/expat.h: removed trailing comma from enum XML_Status
    (closes: Bug#344298)
  * debian/control: removed 'Provides' from libexpat1-udeb stanza
    (closes: Bug#419606)
  * xmlwf/xmlwf.1: removed incorrect statement on well-formedness
    (closes: Bug#412786
  * debian/TODO: updated
  * debian/control: upgraded to Debian Policy 3.7.2 (no changes)
    (thanks Bryan Donlan <email address hidden> !)
  * debian/rules: replaced $(PWD) by $(CURDIR)
  * debian/control: replaced ${Source-Version} by ${Source-Version}
    (thanks Bryan Donlan <email address hidden> !)
  

 -- Matthias Klose <email address hidden>   Mon,  06 Aug 2007 21:35:27 +0100
Superseded in gutsy-release on 2007-08-06
Obsolete in feisty-release on 2009-08-20
expat (1.95.8-3.4build1) feisty; urgency=low

  * Rebuild for changes in the amd64 toolchain.

 -- Matthias Klose <email address hidden>   Mon,  5 Mar 2007 01:15:45 +0000
Superseded in feisty-release on 2007-03-05
expat (1.95.8-3.4) unstable; urgency=low

  * Porter NMU.
  * Libtool update (closes: bug#342684).

 -- Ubuntu Archive Auto-Sync <email address hidden>   Tue,  12 Dec 2006 10:54:10 +0000
Superseded in feisty-release on 2006-12-12
expat (1.95.8-3.3) unstable; urgency=low

  * NMU
  * Use fixed watch file from Bart Martens.  closes: #354244.

 -- Ubuntu Archive Auto-Sync <email address hidden>   Tue,  07 Nov 2006 01:31:22 +0000
Superseded in feisty-release on 2006-11-08
Obsolete in edgy-release on 2008-06-19
expat (1.95.8-3.2) unstable; urgency=low

  * Non Maintainer Upload
  * Correct mistake in patch for #355937 so that udeb: lines in shlibs file
    actually refer to the udeb package

Superseded in edgy-release on 2006-06-15
Obsolete in dapper-release on 2011-09-06
Superseded in dapper-release on 2006-02-03
Obsolete in breezy-release on 2008-03-25
expat (1.95.8-3) unstable; urgency=low


  * Makefile.in: added $(srcdir)/expat_config.h to APIHEADER
    (closes: Bug#302191)
  * rebuild against latest libtool for kfreebsd-gnu
    (closes: Bug#295825)

 -- Ardo van Rangelrooij <email address hidden>  Tue, 19 Apr 2005 21:50:50 -0500
Obsolete in hoary-release on 2008-03-19
expat (1.95.8-1) unstable; urgency=low


  * New upstream release
    (closes: Bug#263858)
  * debian/rules: added '-pthread -D_REENTRANT' to 'CFLAGS'
  * Added debian/watch

 -- Ardo van Rangelrooij <email address hidden>  Tue, 19 Oct 2004 19:31:03 -0500
Obsolete in warty-release on 2008-01-09
expat (1.95.6-8) unstable; urgency=low


  * debian/control: fixed typo in maintainer's email address

 -- Ardo van Rangelrooij <email address hidden>  Sun, 29 Feb 2004 11:01:15 -0600
171 of 71 results