expat 2.2.5-3ubuntu0.4 source package in Ubuntu
Changelog
expat (2.2.5-3ubuntu0.4) bionic-security; urgency=medium
* SECURITY UPDATE: Realloc misbehavior
- debian/patches/CVE-2021-45960.patch: detect and prevent troublesome
left shifts in function storeAtts in expat/lib/xmlparse.c.
- CVE-2021-45960
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2021-46143.patch: prevent integer overflow
on m_groupSize in function doProlog in expat/lib/xmlparse.c.
- CVE-2021-46143
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2022-22822-to-CVE-2022-22827.patch: prevent integer overflow
in multiple places in expat/lib/xmlparse.c.
- CVE-2022-22822
- CVE-2022-22823
- CVE-2022-22824
- CVE-2022-22825
- CVE-2022-22826
- CVE-2022-22827
* SECURITY UPDATE: Signed integer overflow
- debian/patches/CVE-2022-23852-*.patch: detect and prevent
integer overflow in XML_GetBuffer in expat/lib/xmlparse.c and
adds test to cover it in expat/tests/runtests.c.
- CVE-2022-23852
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2022-23990.patch: prevent integer overflow in
doProlog in expat/lib/xmlparse.c.
- CVE-2022-23990
* SECURITY UPDATE: Incomplete validation encoding
- debian/patches/CVE-2022-25235-*.patch: adds missing validation
and adds tests in expat/lib/xmltok_impl.c, expat/tests/runtests.c.
- CVE-2022-25235
* SECURITY UPDATE: Namespace-separator insertions
- debian/patches/CVE-2022-25236-*.patch: Protect against malicious
namespace declarations in expat/lib/xmlparse.c, expat/tests/runtests.c.
- CVE-2022-25236
-- Leonidas Da Silva Barbosa <email address hidden> Thu, 17 Feb 2022 20:38:16 -0300
Upload details
- Uploaded by:
- Leonidas S. Barbosa
- Uploaded to:
- Bionic
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- text
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| expat_2.2.5.orig.tar.gz | 7.9 MiB | b3781742738611eaa737543ee94264dd511c52a3ba7e53111f7d705f6bff65a8 |
| expat_2.2.5-3ubuntu0.4.debian.tar.xz | 18.0 KiB | 825a6d71771b2080719d6a708fe0106a3f213212eb32a8a2d216a1e0bc239f13 |
| expat_2.2.5-3ubuntu0.4.dsc | 2.2 KiB | 16fe1b6b52089e833ec6a36f927e3576cc2932327e15a8e3c17446022e23e44b |
Available diffs
Binary packages built by this source
- expat: XML parsing C library - example application
This package contains xmlwf, an example application of expat, the C
library for parsing XML. The arguments to xmlwf are one or more
files which are each to be checked for XML well-formedness.
- expat-dbgsym: debug symbols for expat
- libexpat1: XML parsing C library - runtime library
This package contains the runtime, shared library of expat, the C
library for parsing XML. Expat is a stream-oriented parser in
which an application registers handlers for things the parser
might find in the XML document (like start tags).
- libexpat1-dbgsym: debug symbols for libexpat1
- libexpat1-dev: XML parsing C library - development kit
This package contains the header file and development libraries of
expat, the C library for parsing XML. Expat is a stream oriented XML
parser. This means that you register handlers with the parser prior
to starting the parse. These handlers are called when the parser
discovers the associated structures in the document being parsed. A
start tag is an example of the kind of structures for which you may
register handlers.
- libexpat1-udeb: XML parsing C library - runtime library
This package contains the runtime, shared library of expat, the C
library for parsing XML.
