[Bug 1483033] Re: Please sync expat 2.1.0-7 (main) from Debian unstable (main)
djcj
djcj at gmx.de
Mon Aug 31 14:12:41 UTC 2015
So far CVE-2015-1283 was only fixed in the upcoming Wily release.
Please backport this patch to the other distributions too (at least to Trusty).
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1483033
Title:
Please sync expat 2.1.0-7 (main) from Debian unstable (main)
Status in expat package in Ubuntu:
Fix Released
Bug description:
Please sync expat 2.1.0-7 (main) from Debian unstable (main).
Explanation of the Ubuntu delta and why it can be droppped:
expat (2.1.0-6ubuntu1) utopic; urgency=medium
* No-change rebuild to get debug symbols on all architectures.
-- Brian Murray <brian at ubuntu.com> Tue, 21 Oct 2014 11:56:11 -0700
Unless I'm missing something, this was just a rebuild without any
changes.
Changes in Debian since 2.1.0-6:
expat (2.1.0-7) unstable; urgency=high
* Fix CVE-2015-1283, multiple integer overflows in the XML_GetBuffer
function (closes: #793484).
* Update Standards-Version to 3.9.6 .
-- Laszlo Boszormenyi (GCS) <gcs at debian.org> Fri, 24 Jul 2015
14:48:45 +0000
Note that this includes fix for a CVE. I don't know what the policy is regarding syncs with the ongoing gcc5 transition, so please let me know if this will need to wait until that has been sorted out.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/expat/+bug/1483033/+subscriptions
More information about the Ubuntu-sponsors
mailing list