expat 2.2.9-1ubuntu0.2 source package in Ubuntu


expat (2.2.9-1ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: Realloc misbehavior
    - debian/patches/CVE-2021-45960.patch: detect and prevent troublesome
      left shifts in function storeAtts in expat/lib/xmlparse.c.
    - CVE-2021-45960
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2021-46143.patch: prevent integer overflow
      on m_groupSize in function doProlog in expat/lib/xmlparse.c.
    - CVE-2021-46143
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2022-22822-to-CVE-2022-22827.patch: prevent integer overflow
      in multiple places in expat/lib/xmlparse.c.
    - CVE-2022-22822
    - CVE-2022-22823
    - CVE-2022-22824
    - CVE-2022-22825
    - CVE-2022-22826
    - CVE-2022-22827
  * SECURITY UPDATE: Signed integer overflow
    - debian/patches/CVE-2022-23852-*.patch: detect and prevent
      integer overflow in XML_GetBuffer in expat/lib/xmlparse.c and
      adds test to cover it in expat/tests/runtests.c.
    - CVE-2022-23852
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2022-23990.patch: prevent integer overflow in
      doProlog in expat/lib/xmlparse.c.
    - CVE-2022-23990
  * SECURITY UPDATE: Incomplete validation encoding
    - debian/patches/CVE-2022-25235-*.patch: adds missing validation
      and adds tests in expat/lib/xmltok_impl.c, expat/tests/runtests.c.
    - CVE-2022-25235
  * SECURITY UPDATE: Namespace-separator insertions
    - debian/patches/CVE-2022-25236-*.patch: Protect against malicious
      namespace declarations in expat/lib/xmlparse.c, expat/tests/runtests.c.
    - CVE-2022-25236

 -- Leonidas Da Silva Barbosa <email address hidden>  Thu, 17 Feb 2022 20:09:12 -0300

Upload details

Uploaded by:
Leonidas S. Barbosa
Uploaded to:
Original maintainer:
Ubuntu Developers
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section


File Size SHA-256 Checksum
expat_2.2.9.orig.tar.gz 7.9 MiB c341ac8c79e021cc3392a6d76e138e62d1dd287592cb455148540331756a2208
expat_2.2.9-1ubuntu0.2.debian.tar.xz 17.1 KiB d1e2e2fd7bc97eaf2c503e86e6b38e6112d165a5a03ea9a986e3a58eba840bed
expat_2.2.9-1ubuntu0.2.dsc 2.0 KiB ed7910dca33cc5749fc76ceda358eb0223dfcf2bc261bc17cdb376a124af31cc

View changes file

Binary packages built by this source

expat: XML parsing C library - example application

 This package contains xmlwf, an example application of expat, the C
 library for parsing XML. The arguments to xmlwf are one or more
 files which are each to be checked for XML well-formedness.

expat-dbgsym: debug symbols for expat
libexpat1: XML parsing C library - runtime library

 This package contains the runtime, shared library of expat, the C
 library for parsing XML. Expat is a stream-oriented parser in
 which an application registers handlers for things the parser
 might find in the XML document (like start tags).

libexpat1-dbgsym: debug symbols for libexpat1
libexpat1-dev: XML parsing C library - development kit

 This package contains the header file and development libraries of
 expat, the C library for parsing XML. Expat is a stream oriented XML
 parser. This means that you register handlers with the parser prior
 to starting the parse. These handlers are called when the parser
 discovers the associated structures in the document being parsed. A
 start tag is an example of the kind of structures for which you may
 register handlers.

libexpat1-udeb: XML parsing C library - runtime library

 This package contains the runtime, shared library of expat, the C
 library for parsing XML.