Ubuntu
expat package

Change logs for expat source package in Natty

  1. Natty (11.04)
  2. Change log 
  • expat (2.0.1-7ubuntu3.11.04.1) natty-security; urgency=low

  * SECURITY UPDATE: Denial of service via hash collisions
    - debian/patches/577777_CVE_2012_0876.dpatch: Add random salt value to
      hash inputs. Based on upstream patch.
    - CVE-2012-0876
  * SECURITY UPDATE: Denial of service via memory leak
    - debian/patches/588888_CVE_2012_1148.dpatch: Properly reallocate memory.
      Based on upstream patch.
    - CVE-2012-1148
 -- Tyler Hicks <email address hidden>   Thu, 09 Aug 2012 11:53:57 -0700
  • expat (2.0.1-7ubuntu3) natty; urgency=low

  * No-change rebuild against fixed pkgbinarymangler, to get correct
    multiarch-safe changelogs
 -- Steve Langasek <email address hidden>   Mon, 21 Mar 2011 01:19:40 -0700
  • expat (2.0.1-7ubuntu2) natty; urgency=low

  * Build for multiarch:
    - Pre-depend on multiarch-support.
    - Install udeb contents to /usr/lib, not to the multiarch path.
    - FFe LP: #733501
 -- Steve Langasek <email address hidden>   Thu, 17 Mar 2011 00:50:36 -0700
  • expat (2.0.1-7ubuntu1) lucid; urgency=low

  * Merge from Debian testing. Remaining changes:
    - Install run-time libraries into /lib rather than /usr/lib, since
      dbus-daemon is in /bin and links to libexpat.

expat (2.0.1-7) unstable; urgency=low

  * debian/control (Depends): Fixed debhelper-but-no-misc-depends.
  * debian/patches/560901_CVE_2009_3560.dpatch: Adjusted.
    - lib/xmlparse.c (doProlog): Revised patch for CVE-2009-3560 after
      regressions have been detected (closes: #561658). Many thanks to
      Niko Tyni and Karl Waclawek for their help and the fix.

expat (2.0.1-6) unstable; urgency=medium

  * debian/patches/560901_CVE_2009_3560.dpatch: Added.
    - lib/xmlparse.c (doProlog): Fix DoS vulnerability CVE-2009-3560 (closes:
      #560901).
  * debian/patches/00list: Adjusted.

expat (2.0.1-5) unstable; urgency=medium

  * debian/control (Standards-Version): Bumped to 3.8.3.
    (Priority, Section): Fixed binary-control-field-duplicates-source.
    (Description): Fixed extended-description-is-probably-too-short and
    duplicate-long-description.
  * debian/rules (CFLAGS): Drop useless '-pthread -D_REENTRANT' from version
    1.95-8-1 (closes: #551079).
  * debian/README.source: Added for policy compliance.
  * debian/patches/551936_CVE_2009_2625.dpatch: Added.
    - lib/xmltok_impl.c (updatePosition): Fix DoS vulnerability CVE-2009-2625
      and CVE-2009-3720 (closes: #551936).
  * debian/patches/00list: Adjusted.
 -- Jamie Strandboge <email address hidden>   Tue, 19 Jan 2010 09:59:07 -0600