[ubuntu/bionic-security] expat 2.2.5-3ubuntu0.8 (Accepted)
David Fernandez Gonzalez
david.fernandezgonzalez at canonical.com
Thu Nov 17 09:45:06 UTC 2022
expat (2.2.5-3ubuntu0.8) bionic-security; urgency=medium
* SECURITY UPDATE: use-after-free
- debian/patches/CVE-2022-40674.patch: adds a conditional call to
storeRawNames() in func internalEntityProcessor following a call
to doCOntent() that could result in unbalanced tags upon returning.
- CVE-2022-40674
* SECURITY UPDATE: use-after-free
- debian/patches/CVE-2022-43680-1.patch: adds tests to cover
DTD destruction in XML_ExternalEntityParserCreate in
expat/tests/runtests.c.
- debian/patches/CVE-2022-43680-2.patch: fix overeager DTD
destruction in XML_ExternalEntityParserCreate in
expat/lib/xmlparse.c.
- CVE-2022-43680
Date: 2022-11-08 10:58:09.572504+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
https://launchpad.net/ubuntu/+source/expat/2.2.5-3ubuntu0.8
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list