Publishing details
Changelog
expat (2.1.0-6ubuntu1.2) vivid-security; urgency=medium
* SECURITY UPDATE: unanticipated internal calls to srand
- debian/patches/CVE-2012-6702-1.patch: remove srand, use more entropy
in lib/xmlparse.c.
- debian/patches/CVE-2012-6702-2.patch: use a prime that fits 32bits on
32bit platforms in lib/xmlparse.c.
- CVE-2012-6702
* SECURITY UPDATE: use of too little entropy
- debian/patches/CVE-2016-5300-1.patch: extract method
gather_time_entropy in lib/xmlparse.c.
- debian/patches/CVE-2016-5300-2.patch: extract entropy from XML_Parser
address in lib/xmlparse.c.
- CVE-2016-5300
* SECURITY UPDATE: denial of service and possible code execution via
malformed documents
- debian/patches/CVE-2016-0718.patch: fix out of bounds memory access
and integer overflow in lib/xmlparse.c, lib/xmltok.c, lib/xmltok.h,
lib/xmltok_impl.c.
- CVE-2016-0718
* SECURITY UPDATE: integer overflows in XML_GetBuffer
- debian/patches/CVE-2015-1283-refix.patch: improved existing fix in
lib/xmlparse.c.
- CVE-2016-4472
-- Emily Ratliff <email address hidden> Thu, 19 Jan 2017 18:04:37 -0600
Builds
Built packages
-
expat
XML parsing C library - example application
-
lib64expat1
XML parsing C library - runtime library (64bit)
-
lib64expat1-dev
XML parsing C library - development kit (64bit)
-
libexpat1
XML parsing C library - runtime library
-
libexpat1-dev
XML parsing C library - development kit
-
libexpat1-udeb
XML parsing C library - runtime library
Package files