expat 2.4.1-2ubuntu0.1 source package in Ubuntu

Changelog

expat (2.4.1-2ubuntu0.1) impish-security; urgency=medium

  * SECURITY UPDATE: Realloc misbehavior
    - debian/patches/CVE-2021-45960.patch: detect and prevent troublesome
      left shifts in function storeAtts in expat/lib/xmlparse.c.
    - CVE-2021-45960
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2021-46143.patch: prevent integer overflow
      on m_groupSize in function doProlog in expat/lib/xmlparse.c.
    - CVE-2021-46143
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2022-22822-to-CVE-2022-22827.patch: prevent integer overflow
      in multiple places in expat/lib/xmlparse.c.
    - CVE-2022-22822
    - CVE-2022-22823
    - CVE-2022-22824
    - CVE-2022-22825
    - CVE-2022-22826
    - CVE-2022-22827
  * SECURITY UPDATE: Signed integer overflow
    - debian/patches/CVE-2022-23852-*.patch: detect and prevent
      integer overflow in XML_GetBuffer in expat/lib/xmlparse.c and
      adds test to cover it in expat/tests/runtests.c.
    - CVE-2022-23852
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2022-23990.patch: prevent integer overflow in
      doProlog in expat/lib/xmlparse.c.
    - CVE-2022-23990
  * SECURITY UPDATE: Incomplete validation encoding
    - debian/patches/CVE-2022-25235-*.patch: adds missing validation
      and adds tests in expat/lib/xmltok_impl.c, expat/tests/runtests.c.
    - CVE-2022-25235
  * SECURITY UPDATE: Namespace-separator insertions
    - debian/patches/CVE-2022-25236-*.patch: Protect against malicious
      namespace declarations in expat/lib/xmlparse.c, expat/tests/runtests.c.
    - CVE-2022-25236

 -- Leonidas Da Silva Barbosa <email address hidden>  Thu, 17 Feb 2022 19:44:18 -0300

Upload details

Uploaded by:
Leonidas S. Barbosa
Uploaded to:
Impish
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
text
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
expat_2.4.1.orig.tar.gz 7.9 MiB 660e5852b26125f4508183dfa134e18eb33a892dbd8e06786ea38d92dbbb5b07
expat_2.4.1-2ubuntu0.1.debian.tar.xz 17.5 KiB e7122a2d7ac96f803e127f3f99d18471754455f816d9a884cf8efc5c3588cc65
expat_2.4.1-2ubuntu0.1.dsc 2.0 KiB 5fa2940c8cac2226eb2df913f866020434979b00cb8c1cd75d878f80c3bf6481

View changes file

Binary packages built by this source

expat: No summary available for expat in ubuntu impish.

No description available for expat in ubuntu impish.

expat-dbgsym: No summary available for expat-dbgsym in ubuntu impish.

No description available for expat-dbgsym in ubuntu impish.

libexpat1: No summary available for libexpat1 in ubuntu impish.

No description available for libexpat1 in ubuntu impish.

libexpat1-dbgsym: No summary available for libexpat1-dbgsym in ubuntu impish.

No description available for libexpat1-dbgsym in ubuntu impish.

libexpat1-dev: No summary available for libexpat1-dev in ubuntu impish.

No description available for libexpat1-dev in ubuntu impish.