Format: 1.8 Date: Tue, 08 Mar 2022 09:28:37 -0300 Source: expat Binary: libexpat1-dev libexpat1 libexpat1-udeb expat Architecture: i386 Version: 2.2.5-3ubuntu0.7 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Leonidas Da Silva Barbosa Description: expat - XML parsing C library - example application libexpat1 - XML parsing C library - runtime library libexpat1-dev - XML parsing C library - development kit libexpat1-udeb - XML parsing C library - runtime library (udeb) Launchpad-Bugs-Fixed: 1963903 Changes: expat (2.2.5-3ubuntu0.7) bionic-security; urgency=medium . * SECURITY UPDATE: Stack exhaustion - debian/patches/CVE-2022-25313.patch: prevent stack exhaustion in build_model in expat/lib/xmlparse.c. - debian/patches/fix-build_model-regression.patch: fix build_model regression in expat/lib/xmlparse.c. - CVE-2022-25313 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-25314.patch: prevent integer overflow in copyString in expat/lib/xmlparse.c. - CVE-2022-25314 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-25315.patch: prevent integer overflow in storeRawNames in expat/lib/xmlparse.c. - CVE-2022-25315 * SECURITY UPDATE: relax fix to CVE-2022-25236 with regard to RFC 3986 URI characters and possibly regressions - debian/patches/CVE-2022-25236-3.patch: add a note on namespace URI validation in expat/doc/reference.html, expat/lib/expat.h. - debian/patches/CVE-2022-25236-4.patch: document namespace separator effect right in header expat/lib/expat.h. - debian/patches/CVE-2022-25236-5.patch: cover relaxed fix in tests. - debian/patches/CVE-2022-25236-6.patch: relax fix with regard to RFC 3986 URI characters in expat/lib/xmlparse.c. (LP: #1963903) Checksums-Sha1: 7eaac73c35cfe0e9554372594dad6fd73eb7e89b 22364 expat-dbgsym_2.2.5-3ubuntu0.7_i386.ddeb a033472c86dbb2a55f76c44a8edf0995520d1862 8091 expat_2.2.5-3ubuntu0.7_i386.buildinfo a5d6f6d27010cba2ce633475e4487056a8a3c26f 15820 expat_2.2.5-3ubuntu0.7_i386.deb 891d1aa169d776fac6f03e0e53af07a8c5132af9 212260 libexpat1-dbgsym_2.2.5-3ubuntu0.7_i386.ddeb 436b51bbbf69b1470b8bb3eed3fefe40163755f2 128404 libexpat1-dev_2.2.5-3ubuntu0.7_i386.deb f2f02ecbb5c1e8664b8e04c46bc1b44b467690ae 59480 libexpat1-udeb_2.2.5-3ubuntu0.7_i386.udeb 8160367e32fa8e5b636bd2520c8be5b80e53e626 80508 libexpat1_2.2.5-3ubuntu0.7_i386.deb Checksums-Sha256: f9e373a797f7ec24027074a6093c533c4aa5ad6d1b4c76cc623eba8685546d75 22364 expat-dbgsym_2.2.5-3ubuntu0.7_i386.ddeb 93d421ec9f6c03cd5ec2dc5bbde0fe0aa03c3133abfaad9d644e2b7d5a4cc2da 8091 expat_2.2.5-3ubuntu0.7_i386.buildinfo 4f9b8e1c22334d9b5f26b6b6910eaf132fc5ab0b58f214464267bc231a4b6069 15820 expat_2.2.5-3ubuntu0.7_i386.deb 842ad7d768d56049c81ace323add7705c59a7fa8534aa1a1ed5a0d6dcbcb95be 212260 libexpat1-dbgsym_2.2.5-3ubuntu0.7_i386.ddeb 7061ec71964be3152dd137d5f71471927e5a5731b0f9ec709944cf33082b5d5f 128404 libexpat1-dev_2.2.5-3ubuntu0.7_i386.deb 5f0dca228445ca044d217a2000523533a16aaa146d4f47483a45ea0ea5350576 59480 libexpat1-udeb_2.2.5-3ubuntu0.7_i386.udeb 8f2194cc00b10b5eb30e69ce8bc4f315cff4e6befe78a5a24451da98e6c7b615 80508 libexpat1_2.2.5-3ubuntu0.7_i386.deb Files: a332dca54d8e987ab4e9bb263ad6d7e0 22364 debug optional expat-dbgsym_2.2.5-3ubuntu0.7_i386.ddeb fdfc01004dcac86430a7ed8c5266df8b 8091 text optional expat_2.2.5-3ubuntu0.7_i386.buildinfo ad916a8855f813ea60013763a1bf8fcd 15820 text optional expat_2.2.5-3ubuntu0.7_i386.deb 343c01468356e6057c51f0d0358cedeb 212260 debug optional libexpat1-dbgsym_2.2.5-3ubuntu0.7_i386.ddeb 266c7e60dd11621214a58bd19db09df5 128404 libdevel optional libexpat1-dev_2.2.5-3ubuntu0.7_i386.deb 5c463b4dd905798ebde035df96af9d03 59480 debian-installer optional libexpat1-udeb_2.2.5-3ubuntu0.7_i386.udeb 34b4d0ec5f6ed5f840a6774466f5c24b 80508 libs optional libexpat1_2.2.5-3ubuntu0.7_i386.deb Original-Maintainer: Laszlo Boszormenyi (GCS) Package-Type: udeb