[ubuntu/noble-updates] libxmltok 1.2-4ubuntu1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Sat Mar 30 00:25:57 UTC 2024
libxmltok (1.2-4ubuntu1) kinetic; urgency=medium
* SECURITY UPDATE: Incomplete validation of encoding
- debian/patches/CVE-2022-25235-1.patch: remove the unused macro
UTF8_GET_NAMING from xmltok/xmltok.c.
- debian/patches/CVE-2022-25235-2.patch: add verification calls to
IS_INVALID_CHAR() in CHECK_NAME_CASE, CHECK_NMSTRT_CASE and
prologTok methods.
- debian/patches/CVE-2022-25235-3.patch: add comments to BT_LEAD
cases in xmltok/xmltok_impl.c.
- CVE-2022-25235
* SECURITY UPDATE: Namespace-separator insertions
- debian/patches/CVE-2022-25236-1.patch: add a validation for
nameSpaceSeparator in addBinding() in xmlparse/xmlparse.c.
- debian/patches/CVE-2022-25236-2.patch: add a new method
is_rfc3986_uri_char() to the previous validation in addBinding()
in xmlparse/xmlparse.c.
- CVE-2022-25236
Date: 2022-07-15 17:24:09.100690+00:00
Changed-By: Rodrigo Figueiredo Zaiden <rodrigo.zaiden at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libxmltok/1.2-4ubuntu1
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list