[ubuntu/kinetic-proposed] libxmltok 1.2-4ubuntu1 (Accepted)
Rodrigo Figueiredo Zaiden
rodrigo.zaiden at canonical.com
Fri Jul 15 17:24:11 UTC 2022
libxmltok (1.2-4ubuntu1) kinetic; urgency=medium
* SECURITY UPDATE: Incomplete validation of encoding
- debian/patches/CVE-2022-25235-1.patch: remove the unused macro
UTF8_GET_NAMING from xmltok/xmltok.c.
- debian/patches/CVE-2022-25235-2.patch: add verification calls to
IS_INVALID_CHAR() in CHECK_NAME_CASE, CHECK_NMSTRT_CASE and
prologTok methods.
- debian/patches/CVE-2022-25235-3.patch: add comments to BT_LEAD
cases in xmltok/xmltok_impl.c.
- CVE-2022-25235
* SECURITY UPDATE: Namespace-separator insertions
- debian/patches/CVE-2022-25236-1.patch: add a validation for
nameSpaceSeparator in addBinding() in xmlparse/xmlparse.c.
- debian/patches/CVE-2022-25236-2.patch: add a new method
is_rfc3986_uri_char() to the previous validation in addBinding()
in xmlparse/xmlparse.c.
- CVE-2022-25236
Date: Fri, 15 Jul 2022 10:32:03 -0300
Changed-By: Rodrigo Figueiredo Zaiden <rodrigo.zaiden at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/libxmltok/1.2-4ubuntu1
-------------- next part --------------
Format: 1.8
Date: Fri, 15 Jul 2022 10:32:03 -0300
Source: libxmltok
Built-For-Profiles: noudeb
Architecture: source
Version: 1.2-4ubuntu1
Distribution: kinetic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Rodrigo Figueiredo Zaiden <rodrigo.zaiden at canonical.com>
Changes:
libxmltok (1.2-4ubuntu1) kinetic; urgency=medium
.
* SECURITY UPDATE: Incomplete validation of encoding
- debian/patches/CVE-2022-25235-1.patch: remove the unused macro
UTF8_GET_NAMING from xmltok/xmltok.c.
- debian/patches/CVE-2022-25235-2.patch: add verification calls to
IS_INVALID_CHAR() in CHECK_NAME_CASE, CHECK_NMSTRT_CASE and
prologTok methods.
- debian/patches/CVE-2022-25235-3.patch: add comments to BT_LEAD
cases in xmltok/xmltok_impl.c.
- CVE-2022-25235
* SECURITY UPDATE: Namespace-separator insertions
- debian/patches/CVE-2022-25236-1.patch: add a validation for
nameSpaceSeparator in addBinding() in xmlparse/xmlparse.c.
- debian/patches/CVE-2022-25236-2.patch: add a new method
is_rfc3986_uri_char() to the previous validation in addBinding()
in xmlparse/xmlparse.c.
- CVE-2022-25236
Checksums-Sha1:
4cc107e53f819257d5a82cee5f35e689075e6fa5 1958 libxmltok_1.2-4ubuntu1.dsc
a44bb2bae0fbb51d5da4b062eaf17549b73fd6db 8832 libxmltok_1.2-4ubuntu1.debian.tar.xz
4ae2f04d662ff08b938a5428a4cbda840814f0d7 6314 libxmltok_1.2-4ubuntu1_source.buildinfo
Checksums-Sha256:
2cadf9717d11b0ef8c19cef68c1d7db3c672872329ba55a3a7983c21f41c6ee4 1958 libxmltok_1.2-4ubuntu1.dsc
73708f7404112b4e0667e11c767a39ff2d6e394035cf537ead74b84c6283fe45 8832 libxmltok_1.2-4ubuntu1.debian.tar.xz
7147b2451b45296a4d973d5a71d5f09386e65c31120b0ffe7231bd34e09a8390 6314 libxmltok_1.2-4ubuntu1_source.buildinfo
Files:
0687abaf7b3c7ee2897472fee0a0bed5 1958 libs optional libxmltok_1.2-4ubuntu1.dsc
f00742ab2e4a7a6a2a405222be5c93fd 8832 libs optional libxmltok_1.2-4ubuntu1.debian.tar.xz
789d4badcd0e8c0da79901c0034d6869 6314 libs optional libxmltok_1.2-4ubuntu1_source.buildinfo
Original-Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs at lists.alioth.debian.org>
More information about the kinetic-changes
mailing list