-
expat (2.0.1-7ubuntu3.11.04.1) natty-security; urgency=low
* SECURITY UPDATE: Denial of service via hash collisions
- debian/patches/577777_CVE_2012_0876.dpatch: Add random salt value to
hash inputs. Based on upstream patch.
- CVE-2012-0876
* SECURITY UPDATE: Denial of service via memory leak
- debian/patches/588888_CVE_2012_1148.dpatch: Properly reallocate memory.
Based on upstream patch.
- CVE-2012-1148
-- Tyler Hicks <email address hidden> Thu, 09 Aug 2012 11:53:57 -0700
-
expat (2.0.1-7ubuntu3) natty; urgency=low
* No-change rebuild against fixed pkgbinarymangler, to get correct
multiarch-safe changelogs
-- Steve Langasek <email address hidden> Mon, 21 Mar 2011 01:19:40 -0700
-
expat (2.0.1-7ubuntu2) natty; urgency=low
* Build for multiarch:
- Pre-depend on multiarch-support.
- Install udeb contents to /usr/lib, not to the multiarch path.
- FFe LP: #733501
-- Steve Langasek <email address hidden> Thu, 17 Mar 2011 00:50:36 -0700
-
expat (2.0.1-7ubuntu1) lucid; urgency=low
* Merge from Debian testing. Remaining changes:
- Install run-time libraries into /lib rather than /usr/lib, since
dbus-daemon is in /bin and links to libexpat.
expat (2.0.1-7) unstable; urgency=low
* debian/control (Depends): Fixed debhelper-but-no-misc-depends.
* debian/patches/560901_CVE_2009_3560.dpatch: Adjusted.
- lib/xmlparse.c (doProlog): Revised patch for CVE-2009-3560 after
regressions have been detected (closes: #561658). Many thanks to
Niko Tyni and Karl Waclawek for their help and the fix.
expat (2.0.1-6) unstable; urgency=medium
* debian/patches/560901_CVE_2009_3560.dpatch: Added.
- lib/xmlparse.c (doProlog): Fix DoS vulnerability CVE-2009-3560 (closes:
#560901).
* debian/patches/00list: Adjusted.
expat (2.0.1-5) unstable; urgency=medium
* debian/control (Standards-Version): Bumped to 3.8.3.
(Priority, Section): Fixed binary-control-field-duplicates-source.
(Description): Fixed extended-description-is-probably-too-short and
duplicate-long-description.
* debian/rules (CFLAGS): Drop useless '-pthread -D_REENTRANT' from version
1.95-8-1 (closes: #551079).
* debian/README.source: Added for policy compliance.
* debian/patches/551936_CVE_2009_2625.dpatch: Added.
- lib/xmltok_impl.c (updatePosition): Fix DoS vulnerability CVE-2009-2625
and CVE-2009-3720 (closes: #551936).
* debian/patches/00list: Adjusted.
-- Jamie Strandboge <email address hidden> Tue, 19 Jan 2010 09:59:07 -0600