Ubuntu
expat package

expat relax fix for CVE-2022-25236 and possible regressions

Bug #1963903 reported by Leonidas S. Barbosa
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
expat (Ubuntu)
Fix Released
Undecided
Leonidas S. Barbosa

Bug Description

Sebastian Pipping report to us that these additional fixes are required to fix properly CVE-2022-25236 in regard to RCF 3986 URI characters and possibly regressions as the merge request points.

Revision history for this message
Leonidas S. Barbosa (leosilvab) wrote :

https://github.com/libexpat/libexpat/pull/577

Revision history for this message
Leonidas S. Barbosa (leosilvab) wrote :

https://github.com/exxamalte/python-aio-georss-client/issues/29

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package expat - 2.4.1-2ubuntu0.3

---------------
expat (2.4.1-2ubuntu0.3) impish-security; urgency=medium

  * SECURITY UPDATE: Stack exhaustion
    - debian/patches/CVE-2022-25313.patch: prevent
      stack exhaustion in build_model in expat/lib/xmlparse.c.
    - debian/patches/fix-build_model-regression.patch: fix build_model
      regression in expat/lib/xmlparse.c.
    - debian/patches/protect-against-nested-element*: in expat/lib/xmlparse.
    - CVE-2022-25313
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2022-25314.patch: prevent integer overflow in
      copyString in expat/lib/xmlparse.c.
    - CVE-2022-25314
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2022-25315.patch: prevent integer overflow in
      storeRawNames in expat/lib/xmlparse.c.
    - CVE-2022-25315
  * SECURITY UPDATE: relax fix to CVE-2022-25236 with regard to
    RFC 3986 URI characters and possibly regressions
    - debian/patches/CVE-2022-25236-3.patch: add a note on namespace URI
      validation in expat/doc/reference.html, expat/lib/expat.h.
    - debian/patches/CVE-2022-25236-4.patch: document namespace separator
      effect right in header expat/lib/expat.h.
    - debian/patches/CVE-2022-25236-5.patch: cover relaxed fix in tests.
    - debian/patches/CVE-2022-25236-6.patch: relax fix with regard to
      RFC 3986 URI characters in expat/lib/xmlparse.c. (LP: #1963903)

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 21 Feb 2022 14:42:01 -0300

Changed in expat (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package expat - 2.2.9-1ubuntu0.4

---------------
expat (2.2.9-1ubuntu0.4) focal-security; urgency=medium

  * SECURITY UPDATE: Stack exhaustion
    - debian/patches/CVE-2022-25313.patch: prevent
      stack exhaustion in build_model in expat/lib/xmlparse.c.
    - debian/patches/fix-build_model-regression.patch: fix build_model
      regression in expat/lib/xmlparse.c.
    - debian/patches/protect-against-nested-element*: in expat/lib/xmlparse.
    - CVE-2022-25313
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2022-25314.patch: prevent integer overflow in
      copyString in expat/lib/xmlparse.c.
    - CVE-2022-25314
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2022-25315.patch: prevent integer overflow in
      storeRawNames in expat/lib/xmlparse.c.
    - CVE-2022-25315
  * SECURITY UPDATE: relax fix to CVE-2022-25236 with regard to
    RFC 3986 URI characters and possibly regressions
    - debian/patches/CVE-2022-25236-3.patch: add a note on namespace URI
      validation in expat/doc/reference.html, expat/lib/expat.h.
    - debian/patches/CVE-2022-25236-4.patch: document namespace separator
      effect right in header expat/lib/expat.h.
    - debian/patches/CVE-2022-25236-5.patch: cover relaxed fix in tests.
    - debian/patches/CVE-2022-25236-6.patch: relax fix with regard to
      RFC 3986 URI characters in expat/lib/xmlparse.c. (LP: #1963903)
  * removing duplicated tests
    - debian/patches/fix_test_dup.patch: removing tests were duplicated in
      expat/tests/runtests.c.

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 21 Feb 2022 15:48:46 -0300

Changed in expat (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package expat - 2.2.5-3ubuntu0.7

---------------
expat (2.2.5-3ubuntu0.7) bionic-security; urgency=medium

  * SECURITY UPDATE: Stack exhaustion
    - debian/patches/CVE-2022-25313.patch: prevent
      stack exhaustion in build_model in expat/lib/xmlparse.c.
    - debian/patches/fix-build_model-regression.patch: fix build_model
      regression in expat/lib/xmlparse.c.
    - CVE-2022-25313
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2022-25314.patch: prevent integer overflow in
      copyString in expat/lib/xmlparse.c.
    - CVE-2022-25314
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2022-25315.patch: prevent integer overflow in
      storeRawNames in expat/lib/xmlparse.c.
    - CVE-2022-25315
  * SECURITY UPDATE: relax fix to CVE-2022-25236 with regard to
    RFC 3986 URI characters and possibly regressions
    - debian/patches/CVE-2022-25236-3.patch: add a note on namespace URI
      validation in expat/doc/reference.html, expat/lib/expat.h.
    - debian/patches/CVE-2022-25236-4.patch: document namespace separator
      effect right in header expat/lib/expat.h.
    - debian/patches/CVE-2022-25236-5.patch: cover relaxed fix in tests.
    - debian/patches/CVE-2022-25236-6.patch: relax fix with regard to
      RFC 3986 URI characters in expat/lib/xmlparse.c. (LP: #1963903)

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 08 Mar 2022 09:28:37 -0300

Changed in expat (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.