[ubuntu/focal-updates] expat 2.2.9-1ubuntu0.4 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Thu Mar 10 13:58:31 UTC 2022

expat (2.2.9-1ubuntu0.4) focal-security; urgency=medium

  * SECURITY UPDATE: Stack exhaustion
    - debian/patches/CVE-2022-25313.patch: prevent
      stack exhaustion in build_model in expat/lib/xmlparse.c.
    - debian/patches/fix-build_model-regression.patch: fix build_model
      regression in expat/lib/xmlparse.c.
    - debian/patches/protect-against-nested-element*: in expat/lib/xmlparse.
    - CVE-2022-25313
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2022-25314.patch: prevent integer overflow in
      copyString in expat/lib/xmlparse.c.
    - CVE-2022-25314
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2022-25315.patch: prevent integer overflow in
      storeRawNames in expat/lib/xmlparse.c.
    - CVE-2022-25315
  * SECURITY UPDATE: relax fix to CVE-2022-25236 with regard to
    RFC 3986 URI characters and possibly regressions
    - debian/patches/CVE-2022-25236-3.patch: add a note on namespace URI
      validation in expat/doc/reference.html, expat/lib/expat.h.
    - debian/patches/CVE-2022-25236-4.patch: document namespace separator
      effect right in header expat/lib/expat.h.
    - debian/patches/CVE-2022-25236-5.patch: cover relaxed fix in tests.
    - debian/patches/CVE-2022-25236-6.patch: relax fix with regard to
      RFC 3986 URI characters in expat/lib/xmlparse.c. (LP: #1963903)
  * removing duplicated tests
    - debian/patches/fix_test_dup.patch: removing tests were duplicated in

Date: 2022-03-07 19:14:09.710231+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list