[ubuntu/oracular-proposed] libxmltok 1.2-4.1ubuntu3 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Fri Sep 13 12:46:05 UTC 2024
libxmltok (1.2-4.1ubuntu3) oracular; urgency=medium
* SECURITY UPDATE: invalid input length
- CVE-2024-45490-pre*.patch: defines XML_ERROR_INVALID_ARGUMENT as part of
enum XML_Error in xmlparse/xmlparse.h as well as its corresponding error
string in the XML_ErrorString function in xmlparse/xmlparse.c.
- CVE-2024-45490-*.patch: adds a check to the XML_ParseBuffer function of
xmlparse/xmlparse.c to identify and error out if a negative length is
provided.
- CVE-2024-45490
* SECURITY UPDATE: integer overflow
- CVE-2024-45491.patch: adds a check to the dtdCopy function of
xmlparse/xmlparse.c to detect and prevent an integer overflow.
- CVE-2024-45491
* debian/patches/include_unistd_header.patch: included <unistd.h> in
xmlwf/unixfilemap.c to address -Wimplicit-function-declaration which
results in a build failure starting with oracular 24.10.
Date: 2024-09-13 11:25:11.598763+00:00
Changed-By: Ian Constantin <ian.constantin at canonical.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/libxmltok/1.2-4.1ubuntu3
-------------- next part --------------
Sorry, changesfile not available.
More information about the oracular-changes
mailing list