[ubuntu/noble-proposed] libxmltok 1.2-4.1ubuntu1 (Accepted)
Matthias Klose
doko at ubuntu.com
Thu Mar 7 11:09:14 UTC 2024
libxmltok (1.2-4.1ubuntu1) noble; urgency=medium
* Merge with Debian; remaining changes:
+ SECURITY UPDATE: Incomplete validation of encoding
- debian/patches/CVE-2022-25235-1.patch: remove the unused macro
UTF8_GET_NAMING from xmltok/xmltok.c.
- debian/patches/CVE-2022-25235-2.patch: add verification calls to
IS_INVALID_CHAR() in CHECK_NAME_CASE, CHECK_NMSTRT_CASE and
prologTok methods.
- debian/patches/CVE-2022-25235-3.patch: add comments to BT_LEAD
cases in xmltok/xmltok_impl.c.
- CVE-2022-25235
+ SECURITY UPDATE: Namespace-separator insertions
- debian/patches/CVE-2022-25236-1.patch: add a validation for
nameSpaceSeparator in addBinding() in xmlparse/xmlparse.c.
- debian/patches/CVE-2022-25236-2.patch: add a new method
is_rfc3986_uri_char() to the previous validation in addBinding()
in xmlparse/xmlparse.c.
- CVE-2022-25236
libxmltok (1.2-4.1) unstable; urgency=medium
* Non-maintainer upload.
* Rename libraries for 64-bit time_t transition. Closes: #1062735
Date: Thu, 07 Mar 2024 12:03:35 +0100
Changed-By: Matthias Klose <doko at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libxmltok/1.2-4.1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Thu, 07 Mar 2024 12:03:35 +0100
Source: libxmltok
Built-For-Profiles: noudeb
Architecture: source
Version: 1.2-4.1ubuntu1
Distribution: noble
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Matthias Klose <doko at ubuntu.com>
Closes: 1062735
Changes:
libxmltok (1.2-4.1ubuntu1) noble; urgency=medium
.
* Merge with Debian; remaining changes:
+ SECURITY UPDATE: Incomplete validation of encoding
- debian/patches/CVE-2022-25235-1.patch: remove the unused macro
UTF8_GET_NAMING from xmltok/xmltok.c.
- debian/patches/CVE-2022-25235-2.patch: add verification calls to
IS_INVALID_CHAR() in CHECK_NAME_CASE, CHECK_NMSTRT_CASE and
prologTok methods.
- debian/patches/CVE-2022-25235-3.patch: add comments to BT_LEAD
cases in xmltok/xmltok_impl.c.
- CVE-2022-25235
+ SECURITY UPDATE: Namespace-separator insertions
- debian/patches/CVE-2022-25236-1.patch: add a validation for
nameSpaceSeparator in addBinding() in xmlparse/xmlparse.c.
- debian/patches/CVE-2022-25236-2.patch: add a new method
is_rfc3986_uri_char() to the previous validation in addBinding()
in xmlparse/xmlparse.c.
- CVE-2022-25236
.
libxmltok (1.2-4.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Rename libraries for 64-bit time_t transition. Closes: #1062735
Checksums-Sha1:
f99f65f8b5c40e8308d3d821b7cd21a5d94303f3 1994 libxmltok_1.2-4.1ubuntu1.dsc
d48999dbd30690265ac2574439d6aeab1a732166 9132 libxmltok_1.2-4.1ubuntu1.debian.tar.xz
9f4d6e673d5380c9de15cddf3a7ee3888e55930c 7050 libxmltok_1.2-4.1ubuntu1_source.buildinfo
Checksums-Sha256:
01bae728e932f0c4d48514b2d6e8857809931421768a618b9d77f6ffc8ed38a4 1994 libxmltok_1.2-4.1ubuntu1.dsc
2f8bfaca9ac10799acdb52a52c7099ec9e06a71e67c974c5a7c6431cfcb13fb0 9132 libxmltok_1.2-4.1ubuntu1.debian.tar.xz
87a2e6c778faa5bf0d12945f4ee9bf627a442dbbd9c42c998fbaaf8a3e18b7a2 7050 libxmltok_1.2-4.1ubuntu1_source.buildinfo
Files:
f375dbcfeaab1a8acb5efc7c881deece 1994 libs optional libxmltok_1.2-4.1ubuntu1.dsc
8474b3ba3981cb2bf0bf06d6e2f928b2 9132 libs optional libxmltok_1.2-4.1ubuntu1.debian.tar.xz
50fe9b4808d500d79f1deb3942d5fe15 7050 libs optional libxmltok_1.2-4.1ubuntu1_source.buildinfo
Original-Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs at lists.alioth.debian.org>
More information about the noble-changes
mailing list