[Bug 1963903] Re: expat relax fix for CVE-2022-25236 and possible regressions

Launchpad Bug Tracker 1963903 at bugs.launchpad.net
Thu Mar 10 13:30:46 UTC 2022 

This bug was fixed in the package expat - 2.4.1-2ubuntu0.3

---------------
expat (2.4.1-2ubuntu0.3) impish-security; urgency=medium

  * SECURITY UPDATE: Stack exhaustion
    - debian/patches/CVE-2022-25313.patch: prevent
      stack exhaustion in build_model in expat/lib/xmlparse.c.
    - debian/patches/fix-build_model-regression.patch: fix build_model
      regression in expat/lib/xmlparse.c.
    - debian/patches/protect-against-nested-element*: in expat/lib/xmlparse.
    - CVE-2022-25313
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2022-25314.patch: prevent integer overflow in
      copyString in expat/lib/xmlparse.c.
    - CVE-2022-25314
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2022-25315.patch: prevent integer overflow in
      storeRawNames in expat/lib/xmlparse.c.
    - CVE-2022-25315
  * SECURITY UPDATE: relax fix to CVE-2022-25236 with regard to
    RFC 3986 URI characters and possibly regressions
    - debian/patches/CVE-2022-25236-3.patch: add a note on namespace URI
      validation in expat/doc/reference.html, expat/lib/expat.h.
    - debian/patches/CVE-2022-25236-4.patch: document namespace separator
      effect right in header expat/lib/expat.h.
    - debian/patches/CVE-2022-25236-5.patch: cover relaxed fix in tests.
    - debian/patches/CVE-2022-25236-6.patch: relax fix with regard to
      RFC 3986 URI characters in expat/lib/xmlparse.c. (LP: #1963903)

 -- Leonidas Da Silva Barbosa <leo.barbosa at canonical.com>  Mon, 21 Feb
2022 14:42:01 -0300

** Changed in: expat (Ubuntu)
       Status: In Progress => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-25236

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-25313

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-25314

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-25315

** Changed in: expat (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to expat in Ubuntu.
https://bugs.launchpad.net/bugs/1963903

Title:
  expat relax fix for CVE-2022-25236 and possible regressions

Status in expat package in Ubuntu:
  Fix Released

Bug description:
  Sebastian Pipping report to us that these additional fixes are
  required to fix properly CVE-2022-25236 in regard to RCF 3986 URI
  characters and possibly regressions as the merge request points.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/expat/+bug/1963903/+subscriptions

More information about the foundations-bugs mailing list