Publishing details

• Published on 2017-01-23

Changelog

expat (2.1.0-6ubuntu1.2) vivid-security; urgency=medium

  * SECURITY UPDATE: unanticipated internal calls to srand
    - debian/patches/CVE-2012-6702-1.patch: remove srand, use more entropy
      in lib/xmlparse.c.
    - debian/patches/CVE-2012-6702-2.patch: use a prime that fits 32bits on
      32bit platforms in lib/xmlparse.c.
    - CVE-2012-6702
  * SECURITY UPDATE: use of too little entropy
    - debian/patches/CVE-2016-5300-1.patch: extract method
      gather_time_entropy in lib/xmlparse.c.
    - debian/patches/CVE-2016-5300-2.patch: extract entropy from XML_Parser
      address in lib/xmlparse.c.
    - CVE-2016-5300
  * SECURITY UPDATE: denial of service and possible code execution via
    malformed documents
    - debian/patches/CVE-2016-0718.patch: fix out of bounds memory access
      and integer overflow in lib/xmlparse.c, lib/xmltok.c, lib/xmltok.h,
      lib/xmltok_impl.c.
    - CVE-2016-0718
  * SECURITY UPDATE: integer overflows in XML_GetBuffer
    - debian/patches/CVE-2015-1283-refix.patch: improved existing fix in
      lib/xmlparse.c.
    - CVE-2016-4472

 -- Emily Ratliff <email address hidden>  Thu, 19 Jan 2017 18:04:37 -0600

Builds

• amd64
• arm64
• armhf
• i386
• powerpc
• ppc64el

Built packages

• expat XML parsing C library - example application

• lib64expat1 XML parsing C library - runtime library (64bit)

• lib64expat1-dev XML parsing C library - development kit (64bit)

• libexpat1 XML parsing C library - runtime library

• libexpat1-dev XML parsing C library - development kit

• libexpat1-udeb XML parsing C library - runtime library

Package files

• expat_2.1.0-6ubuntu1.2.debian.tar.xz (21.2 KiB)
• expat_2.1.0-6ubuntu1.2.dsc (2.3 KiB)
• expat_2.1.0-6ubuntu1.2_amd64.deb (12.9 KiB)
• expat_2.1.0-6ubuntu1.2_arm64.deb (13.1 KiB)
• expat_2.1.0-6ubuntu1.2_armhf.deb (11.7 KiB)
• expat_2.1.0-6ubuntu1.2_i386.deb (13.3 KiB)
• expat_2.1.0-6ubuntu1.2_powerpc.deb (13.3 KiB)
• expat_2.1.0-6ubuntu1.2_ppc64el.deb (14.1 KiB)
• expat_2.1.0.orig.tar.gz (549.4 KiB)
• lib64expat1-dev_2.1.0-6ubuntu1.2_i386.deb (65.6 KiB)
• lib64expat1-dev_2.1.0-6ubuntu1.2_powerpc.deb (60.4 KiB)
• lib64expat1_2.1.0-6ubuntu1.2_i386.deb (68.3 KiB)
• lib64expat1_2.1.0-6ubuntu1.2_powerpc.deb (61.6 KiB)
• libexpat1-dev_2.1.0-6ubuntu1.2_amd64.deb (112.2 KiB)
• libexpat1-dev_2.1.0-6ubuntu1.2_arm64.deb (102.1 KiB)
• libexpat1-dev_2.1.0-6ubuntu1.2_armhf.deb (102.0 KiB)
• libexpat1-dev_2.1.0-6ubuntu1.2_i386.deb (112.9 KiB)
• libexpat1-dev_2.1.0-6ubuntu1.2_powerpc.deb (111.8 KiB)
• libexpat1-dev_2.1.0-6ubuntu1.2_ppc64el.deb (127.1 KiB)
• libexpat1-udeb_2.1.0-6ubuntu1.2_amd64.udeb (51.0 KiB)
• libexpat1-udeb_2.1.0-6ubuntu1.2_arm64.udeb (44.1 KiB)
• libexpat1-udeb_2.1.0-6ubuntu1.2_armhf.udeb (40.8 KiB)
• libexpat1-udeb_2.1.0-6ubuntu1.2_i386.udeb (52.8 KiB)
• libexpat1-udeb_2.1.0-6ubuntu1.2_powerpc.udeb (47.7 KiB)
• libexpat1-udeb_2.1.0-6ubuntu1.2_ppc64el.udeb (56.5 KiB)
• libexpat1_2.1.0-6ubuntu1.2_amd64.deb (69.2 KiB)
• libexpat1_2.1.0-6ubuntu1.2_arm64.deb (56.8 KiB)
• libexpat1_2.1.0-6ubuntu1.2_armhf.deb (52.0 KiB)
• libexpat1_2.1.0-6ubuntu1.2_i386.deb (72.8 KiB)
• libexpat1_2.1.0-6ubuntu1.2_powerpc.deb (62.6 KiB)
• libexpat1_2.1.0-6ubuntu1.2_ppc64el.deb (80.6 KiB)