[ubuntu/focal-security] expat 2.2.9-1ubuntu0.7 (Accepted)

Ian Constantin ian.constantin at canonical.com
Wed Sep 11 16:25:01 UTC 2024


expat (2.2.9-1ubuntu0.7) focal-security; urgency=medium

  * SECURITY UPDATE: invalid input length
    - CVE-2024-45490-*.patch: adds a check to the XML_ParseBuffer function of
      expat/lib/xmlparse.c to identify and error out if a negative length is
      provided.
    - CVE-2024-45490
  * SECURITY UPDATE: integer overflow
    - CVE-2024-45491.patch: adds a check to the dtdCopy function of
      expat/lib/xmlparse.c to detect and prevent an integer overflow.
    - CVE-2024-45491
  * SECURITY UPDATE: integer overflow
    - CVE-2024-45492.patch: adds a check to the nextScaffoldPart function of
      expat/lib/xmlparse.c to detect and prevent an integer overflow.
    - CVE-2024-45492

Date: 2024-09-10 11:35:34.442833+00:00
Changed-By: Ian Constantin <ian.constantin at canonical.com>
https://launchpad.net/ubuntu/+source/expat/2.2.9-1ubuntu0.7
-------------- next part --------------
Sorry, changesfile not available.


More information about the Focal-changes mailing list