Change log for expat package in Ubuntu
| 1 → 75 of 123 results | First • Previous • Next • Last |
| Published in oracular-release |
| Published in noble-release |
| Deleted in noble-proposed (Reason: Moved to noble) |
expat (2.6.1-2build1) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <email address hidden> Sun, 31 Mar 2024 07:34:09 +0000
Available diffs
- diff from 2.6.1-2 (in Debian) to 2.6.1-2build1 (584 bytes)
expat (2.6.2-1) unstable; urgency=medium * New upstream release. -- Laszlo Boszormenyi (GCS) <email address hidden> Wed, 13 Mar 2024 21:40:29 +0100
expat (2.5.0-2ubuntu0.1) mantic-security; urgency=medium
* SECURITY UPDATE: denial-of-service
- debian/patches/CVE-2023-52425.patch: Speed up parsing of big tokens.
- CVE-2023-52425
* SECURITY UPDATE: denial-of-service
- debian/patches/CVE-2024-28757.patch: Detect billion laughs attack with
isolated external parser.
- CVE-2024-28757
-- Fabian Toepfer <email address hidden> Wed, 13 Mar 2024 16:05:10 +0100
Available diffs
expat (2.4.7-1ubuntu0.3) jammy-security; urgency=medium
* SECURITY UPDATE: denial-of-service
- debian/patches/CVE-2023-52425.patch: Speed up parsing of big tokens.
- CVE-2023-52425
* SECURITY UPDATE: denial-of-service
- debian/patches/CVE-2024-28757.patch: Detect billion laughs attack with
isolated external parser.
- CVE-2024-28757
-- Fabian Toepfer <email address hidden> Wed, 13 Mar 2024 14:28:54 +0100
Available diffs
expat (2.6.1-2) unstable; urgency=high
* Backport security fix for CVE-2024-28757: prevent billion laughs attacks
in isolated external parser (closes: #1065868).
-- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 10 Mar 2024 18:24:38 +0100
Available diffs
- diff from 2.6.0-1 to 2.6.1-2 (11.7 KiB)
| Deleted in noble-updates (Reason: superseded by release) |
| Superseded in noble-release |
| Deleted in noble-proposed (Reason: Moved to noble) |
expat (2.6.0-1) unstable; urgency=high
* New upstream release:
- fixes CVE-2023-52425: fix quadratic runtime issues with big tokens that
can cause denial of service (closes: #1063238),
- fixes CVE-2023-52426: fix billion laughs attacks for users compiling
without XML_DTD defined (which is not common) (closes: #1063240).
-- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 06 Feb 2024 22:00:26 +0100
Available diffs
- diff from 2.5.0-2 to 2.6.0-1 (263.5 KiB)
| Superseded in noble-release |
| Published in mantic-release |
| Deleted in mantic-proposed (Reason: Moved to mantic) |
expat (2.5.0-2) unstable; urgency=medium
[ Samuel Thibault <email address hidden> ]
* Generalize libbsd-dev build dependency on kfreebsd and hurd ports
(closes: #1035556).
[ Henry N. <email address hidden> ]
* Fix building with profile nodoc (stage1) (closes: #1037080).
-- Laszlo Boszormenyi (GCS) <email address hidden> Wed, 14 Jun 2023 22:08:48 +0200
Available diffs
- diff from 2.5.0-1 to 2.5.0-2 (1.1 KiB)
expat (2.4.8-2ubuntu0.22.10.1) kinetic-security; urgency=medium
* SECURITY UPDATE: use-after-free
- debian/patches/CVE-2022-43680-1.patch: adds tests to cover
DTD destruction in XML_ExternalEntityParserCreate in
expat/tests/runtests.c.
- debian/patches/CVE-2022-43680-2.patch: fix overeager DTD
destruction in XML_ExternalEntityParserCreate in
expat/lib/xmlparse.c.
- CVE-2022-43680
-- David Fernandez Gonzalez <email address hidden> Fri, 18 Nov 2022 12:22:47 +0100
Available diffs
expat (2.4.7-1ubuntu0.2) jammy-security; urgency=medium
* SECURITY UPDATE: use-after-free
- debian/patches/CVE-2022-43680-1.patch: adds tests to cover
DTD destruction in XML_ExternalEntityParserCreate in
expat/tests/runtests.c.
- debian/patches/CVE-2022-43680-2.patch: fix overeager DTD
destruction in XML_ExternalEntityParserCreate in
expat/lib/xmlparse.c.
- CVE-2022-43680
-- David Fernandez Gonzalez <email address hidden> Fri, 18 Nov 2022 12:21:42 +0100
Available diffs
expat (2.2.9-1ubuntu0.6) focal-security; urgency=medium
* SECURITY UPDATE: use-after-free
- debian/patches/CVE-2022-43680-1.patch: adds tests to cover
DTD destruction in XML_ExternalEntityParserCreate in
expat/tests/runtests.c.
- debian/patches/CVE-2022-43680-2.patch: fix overeager DTD
destruction in XML_ExternalEntityParserCreate in
expat/lib/xmlparse.c.
- CVE-2022-43680
-- David Fernandez Gonzalez <email address hidden> Fri, 18 Nov 2022 11:29:59 +0100
Available diffs
expat (2.2.5-3ubuntu0.9) bionic-security; urgency=medium
* SECURITY REGRESSION: Tests failed
- debian/patches/CVE-2022-43680-1.patch: backport patch
to work for this version in expat/tests/runtests.c.
-- David Fernandez Gonzalez <email address hidden> Fri, 18 Nov 2022 11:57:30 +0100
Available diffs
expat (2.2.9-1ubuntu0.5) focal-security; urgency=medium
* SECURITY UPDATE: Use-after-free in doContent
- debian/patches/CVE-2022-40674.patch: ensure storeRawNames()
is always called in func internalEntityProcessor if handling
unbalanced tags in expat/lib/xmlparse.c.
- CVE-2022-40674
-- David Fernandez Gonzalez <email address hidden> Tue, 15 Nov 2022 16:11:03 +0100
Available diffs
expat (2.4.7-1ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: Use-after-free in doContent
- debian/patches/CVE-2022-40674.patch: ensure storeRawNames()
is always called in func internalEntityProcessor if handling
unbalanced tags in expat/lib/xmlparse.c.
- CVE-2022-40674
-- David Fernandez Gonzalez <email address hidden> Tue, 15 Nov 2022 16:01:53 +0100
Available diffs
expat (2.2.5-3ubuntu0.8) bionic-security; urgency=medium
* SECURITY UPDATE: use-after-free
- debian/patches/CVE-2022-40674.patch: adds a conditional call to
storeRawNames() in func internalEntityProcessor following a call
to doCOntent() that could result in unbalanced tags upon returning.
- CVE-2022-40674
* SECURITY UPDATE: use-after-free
- debian/patches/CVE-2022-43680-1.patch: adds tests to cover
DTD destruction in XML_ExternalEntityParserCreate in
expat/tests/runtests.c.
- debian/patches/CVE-2022-43680-2.patch: fix overeager DTD
destruction in XML_ExternalEntityParserCreate in
expat/lib/xmlparse.c.
- CVE-2022-43680
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 08 Nov 2022 07:13:44 -0300
Available diffs
| Superseded in mantic-release |
| Published in lunar-release |
| Deleted in lunar-proposed (Reason: Moved to lunar) |
expat (2.5.0-1) unstable; urgency=high
* New upstream release:
- fixes CVE-2022-43680: heap use-after-free after overeager destruction of
a shared DTD in XML_ExternalEntityParserCreate() (closes: #1022743).
-- Laszlo Boszormenyi (GCS) <email address hidden> Wed, 26 Oct 2022 15:31:29 +0200
Available diffs
- diff from 2.4.8-2 to 2.5.0-1 (30.3 KiB)
| Superseded in lunar-release |
| Obsolete in kinetic-release |
| Deleted in kinetic-proposed (Reason: Moved to kinetic) |
expat (2.4.8-2) unstable; urgency=high
* Backport security fix for CVE-2022-40674: heap use-after-free issue in
doContent() (closes: #1019761).
-- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 15 Sep 2022 20:53:15 +0200
Available diffs
- diff from 2.4.8-1 to 2.4.8-2 (2.7 KiB)
expat (2.4.8-1) unstable; urgency=medium * New upstream release. -- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 29 Mar 2022 22:01:08 +0200
Available diffs
- diff from 2.4.7-1 to 2.4.8-1 (5.1 KiB)
expat (2.2.5-3ubuntu0.7) bionic-security; urgency=medium
* SECURITY UPDATE: Stack exhaustion
- debian/patches/CVE-2022-25313.patch: prevent
stack exhaustion in build_model in expat/lib/xmlparse.c.
- debian/patches/fix-build_model-regression.patch: fix build_model
regression in expat/lib/xmlparse.c.
- CVE-2022-25313
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2022-25314.patch: prevent integer overflow in
copyString in expat/lib/xmlparse.c.
- CVE-2022-25314
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2022-25315.patch: prevent integer overflow in
storeRawNames in expat/lib/xmlparse.c.
- CVE-2022-25315
* SECURITY UPDATE: relax fix to CVE-2022-25236 with regard to
RFC 3986 URI characters and possibly regressions
- debian/patches/CVE-2022-25236-3.patch: add a note on namespace URI
validation in expat/doc/reference.html, expat/lib/expat.h.
- debian/patches/CVE-2022-25236-4.patch: document namespace separator
effect right in header expat/lib/expat.h.
- debian/patches/CVE-2022-25236-5.patch: cover relaxed fix in tests.
- debian/patches/CVE-2022-25236-6.patch: relax fix with regard to
RFC 3986 URI characters in expat/lib/xmlparse.c. (LP: #1963903)
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 08 Mar 2022 09:28:37 -0300
Available diffs
- diff from 2.2.5-3ubuntu0.4 to 2.2.5-3ubuntu0.7 (9.7 KiB)
- diff from 2.2.5-3ubuntu0.6 to 2.2.5-3ubuntu0.7 (540 bytes)
expat (2.2.9-1ubuntu0.4) focal-security; urgency=medium
* SECURITY UPDATE: Stack exhaustion
- debian/patches/CVE-2022-25313.patch: prevent
stack exhaustion in build_model in expat/lib/xmlparse.c.
- debian/patches/fix-build_model-regression.patch: fix build_model
regression in expat/lib/xmlparse.c.
- debian/patches/protect-against-nested-element*: in expat/lib/xmlparse.
- CVE-2022-25313
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2022-25314.patch: prevent integer overflow in
copyString in expat/lib/xmlparse.c.
- CVE-2022-25314
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2022-25315.patch: prevent integer overflow in
storeRawNames in expat/lib/xmlparse.c.
- CVE-2022-25315
* SECURITY UPDATE: relax fix to CVE-2022-25236 with regard to
RFC 3986 URI characters and possibly regressions
- debian/patches/CVE-2022-25236-3.patch: add a note on namespace URI
validation in expat/doc/reference.html, expat/lib/expat.h.
- debian/patches/CVE-2022-25236-4.patch: document namespace separator
effect right in header expat/lib/expat.h.
- debian/patches/CVE-2022-25236-5.patch: cover relaxed fix in tests.
- debian/patches/CVE-2022-25236-6.patch: relax fix with regard to
RFC 3986 URI characters in expat/lib/xmlparse.c. (LP: #1963903)
* removing duplicated tests
- debian/patches/fix_test_dup.patch: removing tests were duplicated in
expat/tests/runtests.c.
-- Leonidas Da Silva Barbosa <email address hidden> Mon, 21 Feb 2022 15:48:46 -0300
Available diffs
expat (2.4.1-2ubuntu0.3) impish-security; urgency=medium
* SECURITY UPDATE: Stack exhaustion
- debian/patches/CVE-2022-25313.patch: prevent
stack exhaustion in build_model in expat/lib/xmlparse.c.
- debian/patches/fix-build_model-regression.patch: fix build_model
regression in expat/lib/xmlparse.c.
- debian/patches/protect-against-nested-element*: in expat/lib/xmlparse.
- CVE-2022-25313
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2022-25314.patch: prevent integer overflow in
copyString in expat/lib/xmlparse.c.
- CVE-2022-25314
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2022-25315.patch: prevent integer overflow in
storeRawNames in expat/lib/xmlparse.c.
- CVE-2022-25315
* SECURITY UPDATE: relax fix to CVE-2022-25236 with regard to
RFC 3986 URI characters and possibly regressions
- debian/patches/CVE-2022-25236-3.patch: add a note on namespace URI
validation in expat/doc/reference.html, expat/lib/expat.h.
- debian/patches/CVE-2022-25236-4.patch: document namespace separator
effect right in header expat/lib/expat.h.
- debian/patches/CVE-2022-25236-5.patch: cover relaxed fix in tests.
- debian/patches/CVE-2022-25236-6.patch: relax fix with regard to
RFC 3986 URI characters in expat/lib/xmlparse.c. (LP: #1963903)
-- Leonidas Da Silva Barbosa <email address hidden> Mon, 21 Feb 2022 14:42:01 -0300
Available diffs
| Superseded in kinetic-release |
| Published in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
expat (2.4.7-1) unstable; urgency=medium
* New upstream release:
- relax fix to CVE-2022-25236 with regard to all valid URI characters
(RFC 3986).
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 05 Mar 2022 07:11:48 +0100
Available diffs
- diff from 2.4.6-1 to 2.4.7-1 (8.5 KiB)
expat (2.4.6-1) unstable; urgency=medium * New upstream release. -- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 21 Feb 2022 21:08:18 +0100
Available diffs
- diff from 2.4.4-1 to 2.4.6-1 (11.0 KiB)
- diff from 2.4.5-2 to 2.4.6-1 (7.4 KiB)
expat (2.4.5-2) unstable; urgency=medium * Fix build_model regression (closes: #1006162). -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 20 Feb 2022 16:26:07 +0100
Available diffs
- diff from 2.4.5-1 to 2.4.5-2 (4.7 KiB)
expat (2.4.5-1) unstable; urgency=high
* New upstream release:
- fixes CVE-2022-25235: certain validation of encoding, such as checks
for whether a UTF-8 character is valid can cause code execution
(closes: #1005894),
- fixes CVE-2022-25236: passing namespace separator characters can cause
code execution (closes: #1005895),
- fixes CVE-2022-25313: an attacker can trigger stack exhaustion in
build_model via a large nesting depth in the DTD element,
- fixes CVE-2022-25314: integer overflow in function copyString() ,
- fixes CVE-2022-25315: integer overflow in function storeRawNames() .
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 19 Feb 2022 07:34:25 +0100
Available diffs
- diff from 2.4.4-1 to 2.4.5-1 (9.9 KiB)
expat (2.2.5-3ubuntu0.4) bionic-security; urgency=medium
* SECURITY UPDATE: Realloc misbehavior
- debian/patches/CVE-2021-45960.patch: detect and prevent troublesome
left shifts in function storeAtts in expat/lib/xmlparse.c.
- CVE-2021-45960
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2021-46143.patch: prevent integer overflow
on m_groupSize in function doProlog in expat/lib/xmlparse.c.
- CVE-2021-46143
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2022-22822-to-CVE-2022-22827.patch: prevent integer overflow
in multiple places in expat/lib/xmlparse.c.
- CVE-2022-22822
- CVE-2022-22823
- CVE-2022-22824
- CVE-2022-22825
- CVE-2022-22826
- CVE-2022-22827
* SECURITY UPDATE: Signed integer overflow
- debian/patches/CVE-2022-23852-*.patch: detect and prevent
integer overflow in XML_GetBuffer in expat/lib/xmlparse.c and
adds test to cover it in expat/tests/runtests.c.
- CVE-2022-23852
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2022-23990.patch: prevent integer overflow in
doProlog in expat/lib/xmlparse.c.
- CVE-2022-23990
* SECURITY UPDATE: Incomplete validation encoding
- debian/patches/CVE-2022-25235-*.patch: adds missing validation
and adds tests in expat/lib/xmltok_impl.c, expat/tests/runtests.c.
- CVE-2022-25235
* SECURITY UPDATE: Namespace-separator insertions
- debian/patches/CVE-2022-25236-*.patch: Protect against malicious
namespace declarations in expat/lib/xmlparse.c, expat/tests/runtests.c.
- CVE-2022-25236
-- Leonidas Da Silva Barbosa <email address hidden> Thu, 17 Feb 2022 20:38:16 -0300
Available diffs
expat (2.2.9-1ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: Realloc misbehavior
- debian/patches/CVE-2021-45960.patch: detect and prevent troublesome
left shifts in function storeAtts in expat/lib/xmlparse.c.
- CVE-2021-45960
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2021-46143.patch: prevent integer overflow
on m_groupSize in function doProlog in expat/lib/xmlparse.c.
- CVE-2021-46143
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2022-22822-to-CVE-2022-22827.patch: prevent integer overflow
in multiple places in expat/lib/xmlparse.c.
- CVE-2022-22822
- CVE-2022-22823
- CVE-2022-22824
- CVE-2022-22825
- CVE-2022-22826
- CVE-2022-22827
* SECURITY UPDATE: Signed integer overflow
- debian/patches/CVE-2022-23852-*.patch: detect and prevent
integer overflow in XML_GetBuffer in expat/lib/xmlparse.c and
adds test to cover it in expat/tests/runtests.c.
- CVE-2022-23852
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2022-23990.patch: prevent integer overflow in
doProlog in expat/lib/xmlparse.c.
- CVE-2022-23990
* SECURITY UPDATE: Incomplete validation encoding
- debian/patches/CVE-2022-25235-*.patch: adds missing validation
and adds tests in expat/lib/xmltok_impl.c, expat/tests/runtests.c.
- CVE-2022-25235
* SECURITY UPDATE: Namespace-separator insertions
- debian/patches/CVE-2022-25236-*.patch: Protect against malicious
namespace declarations in expat/lib/xmlparse.c, expat/tests/runtests.c.
- CVE-2022-25236
-- Leonidas Da Silva Barbosa <email address hidden> Thu, 17 Feb 2022 20:09:12 -0300
Available diffs
expat (2.4.1-2ubuntu0.1) impish-security; urgency=medium
* SECURITY UPDATE: Realloc misbehavior
- debian/patches/CVE-2021-45960.patch: detect and prevent troublesome
left shifts in function storeAtts in expat/lib/xmlparse.c.
- CVE-2021-45960
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2021-46143.patch: prevent integer overflow
on m_groupSize in function doProlog in expat/lib/xmlparse.c.
- CVE-2021-46143
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2022-22822-to-CVE-2022-22827.patch: prevent integer overflow
in multiple places in expat/lib/xmlparse.c.
- CVE-2022-22822
- CVE-2022-22823
- CVE-2022-22824
- CVE-2022-22825
- CVE-2022-22826
- CVE-2022-22827
* SECURITY UPDATE: Signed integer overflow
- debian/patches/CVE-2022-23852-*.patch: detect and prevent
integer overflow in XML_GetBuffer in expat/lib/xmlparse.c and
adds test to cover it in expat/tests/runtests.c.
- CVE-2022-23852
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2022-23990.patch: prevent integer overflow in
doProlog in expat/lib/xmlparse.c.
- CVE-2022-23990
* SECURITY UPDATE: Incomplete validation encoding
- debian/patches/CVE-2022-25235-*.patch: adds missing validation
and adds tests in expat/lib/xmltok_impl.c, expat/tests/runtests.c.
- CVE-2022-25235
* SECURITY UPDATE: Namespace-separator insertions
- debian/patches/CVE-2022-25236-*.patch: Protect against malicious
namespace declarations in expat/lib/xmlparse.c, expat/tests/runtests.c.
- CVE-2022-25236
-- Leonidas Da Silva Barbosa <email address hidden> Thu, 17 Feb 2022 19:44:18 -0300
Available diffs
expat (2.4.4-1) unstable; urgency=medium * New upstream release. -- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 01 Feb 2022 18:51:12 +0100
Available diffs
- diff from 2.4.3-2 to 2.4.4-1 (7.7 KiB)
- diff from 2.4.3-3 to 2.4.4-1 (8.2 KiB)
expat (2.4.3-3) unstable; urgency=high
* Backport security fix for CVE-2022-23990: integer overflow in
doProlog() .
-- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 27 Jan 2022 06:44:50 +0100
Available diffs
- diff from 2.4.3-2 to 2.4.3-3 (1.5 KiB)
expat (2.4.3-2) unstable; urgency=high
* Backport security fix for CVE-2022-23852: XML_GetBuffer() signed integer
overflow.
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 24 Jan 2022 18:18:59 +0100
Available diffs
- diff from 2.4.3-1 to 2.4.3-2 (2.0 KiB)
expat (2.4.3-1) unstable; urgency=high
* New upstream release:
- fixes CVE-2021-45960: left shifts by >=29 places resulting in realloc
acting as free, realloc allocating too few bytes, undefined behavior
depending on architecture,
- fixes CVE-2021-46143: integer overflow leading to realloc acting
as free,
- fixes CVE-2022-22822: integer overflow in function addBinding,
- fixes CVE-2022-22823: integer overflow in function build_model,
- fixes CVE-2022-22824: integer overflow in function defineAttribute,
- fixes CVE-2022-22825: integer overflow in function lookup,
- fixes CVE-2022-22826: integer overflow in function nextScaffoldPart,
- fixes CVE-2022-22827: integer overflow in function storeAtts.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 16 Jan 2022 21:48:09 +0100
Available diffs
- diff from 2.4.2-1 to 2.4.3-1 (10.6 KiB)
expat (2.4.2-1) unstable; urgency=medium * New upstream release. -- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 23 Dec 2021 19:05:43 +0100
Available diffs
- diff from 2.4.1-3 to 2.4.2-1 (9.7 KiB)
expat (2.4.1-3) unstable; urgency=medium
* Update watch file.
* Update Standards-Version to 4.6.0 .
[ Andrius Merkys <email address hidden> ]
* Fix incorrect path for expat library in expat-noconfig.cmake
(closes: #995907).
* Fix incorrect path for INTERFACE_INCLUDE_DIRECTORIES in expat.cmake
(closes: #996612).
-- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 24 Oct 2021 18:48:18 +0200
Available diffs
- diff from 2.4.1-2 to 2.4.1-3 (1.6 KiB)
| Superseded in jammy-release |
| Obsolete in impish-release |
| Deleted in impish-proposed (Reason: Moved to impish) |
expat (2.4.1-2) unstable; urgency=medium * Upload to Sid. -- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 09 Sep 2021 21:26:21 +0200
Available diffs
- diff from 2.3.0-1 to 2.4.1-2 (58.1 KiB)
expat (2.3.0-1) experimental; urgency=medium * New upstream release. * Update debhelper level to 13 . * Update Standards-Version to 4.5.1 . -- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 10 May 2021 19:20:19 +0200
Available diffs
- diff from 2.2.10-2 to 2.3.0-1 (18.0 KiB)
| Superseded in impish-release |
| Obsolete in hirsute-release |
| Deleted in hirsute-proposed (Reason: moved to Release) |
expat (2.2.10-2) unstable; urgency=medium * Provide stage1 (bootstrap) build profile (closes: #896011). [ Matthias Klose <email address hidden> ] * Don't build the udeb package when requested (closes: #983324). -- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 23 Feb 2021 17:54:13 +0100
Available diffs
- diff from 2.2.10-1 to 2.2.10-2 (1.6 KiB)
- diff from 2.2.10-1ubuntu1 (in Ubuntu) to 2.2.10-2 (1.4 KiB)
| Superseded in hirsute-proposed |
expat (2.2.10-1ubuntu1) hirsute; urgency=medium * Don't build the udeb package when requested. -- Matthias Klose <email address hidden> Mon, 22 Feb 2021 11:30:32 +0100
Available diffs
- diff from 2.2.10-1build1 to 2.2.10-1ubuntu1 (811 bytes)
| Superseded in hirsute-proposed |
expat (2.2.10-1build1) hirsute; urgency=medium * No-change rebuild to drop the udeb package. -- Matthias Klose <email address hidden> Mon, 22 Feb 2021 10:31:00 +0100
Available diffs
- diff from 2.2.10-1 (in Debian) to 2.2.10-1build1 (310 bytes)
expat (2.2.10-1) unstable; urgency=medium * New upstream release. * Update Standards-Version to 4.5.0 . -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 04 Oct 2020 07:39:41 +0200
Available diffs
| Superseded in hirsute-release |
| Obsolete in groovy-release |
| Published in focal-release |
| Deleted in focal-proposed (Reason: moved to Release) |
expat (2.2.9-1build1) focal; urgency=medium * No-change rebuild for libgcc-s1 package name change. -- Matthias Klose <email address hidden> Sun, 22 Mar 2020 16:39:58 +0100
Available diffs
- diff from 2.2.9-1 (in Debian) to 2.2.9-1build1 (315 bytes)
expat (2.2.9-1) unstable; urgency=medium * New upstream release. * Update Standards-Version to 4.4.0 . -- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 28 Sep 2019 18:49:55 +0000
Available diffs
- diff from 2.2.7-2 to 2.2.9-1 (237.1 KiB)
expat (2.2.6-1ubuntu0.19.5) disco-security; urgency=medium
* SECURITY UPDATE: heap-based buffer over-read
- debian/patches/CVE-2019-15903.patch: Deny internal
entities closing the doctype in expat/lib/xmlparse.c.
- CVE-2019-15903
-- <email address hidden> (Leonidas S. Barbosa) Tue, 10 Sep 2019 14:51:57 -0300
Available diffs
expat (2.2.5-3ubuntu0.2) bionic-security; urgency=medium
* SECURITY UPDATE: heap-based buffer over-read
- debian/patches/CVE-2019-15903.patch: Deny internal
entities closing the doctype in expat/lib/xmlparse.c.
- CVE-2019-15903
-- <email address hidden> (Leonidas S. Barbosa) Tue, 10 Sep 2019 15:05:44 -0300
Available diffs
expat (2.1.0-7ubuntu0.16.04.5) xenial-security; urgency=medium
* SECURITY UPDATE: heap-based buffer over-read
- debian/patches/CVE-2019-15903.patch: Deny internal
entities closing the doctype in lib/xmlparse.c.
- CVE-2019-15903
-- <email address hidden> (Leonidas S. Barbosa) Tue, 10 Sep 2019 15:27:03 -0300
Available diffs
expat (2.0.1-7.2ubuntu1.7) precise-security; urgency=medium
* SECURITY UPDATE: heap-based buffer over-read
- debian/patches/CVE-2019-15903.dpatch: Deny internal
entities closing the doctype in lib/xmlparse.c.
- CVE-2019-15903
-- <email address hidden> (Leonidas S. Barbosa) Tue, 10 Sep 2019 11:42:28 -0300
Available diffs
| Superseded in focal-release |
| Obsolete in eoan-release |
| Deleted in eoan-proposed (Reason: moved to release) |
expat (2.2.7-2) unstable; urgency=high
* Fix CVE-2019-15903: deny internal entities closing the doctype
(closes: #939394).
-- Laszlo Boszormenyi (GCS) <email address hidden> Wed, 04 Sep 2019 18:01:00 +0000
Available diffs
- diff from 2.2.7-1 to 2.2.7-2 (2.7 KiB)
expat (2.2.7-1) unstable; urgency=medium * New upstream release. * Update libexpat1 symbols. -- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 13 Jul 2019 21:46:00 +0000
Available diffs
- diff from 2.2.6-2 to 2.2.7-1 (15.6 KiB)
expat (2.1.0-7ubuntu0.16.04.4) xenial-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-20843.patch: adds a break in
setElementTypePrefix avoiding consume a high amount of RAM
and CPU in lib/xmlparser.c
- CVE-2018-20843
-- <email address hidden> (Leonidas S. Barbosa) Wed, 26 Jun 2019 12:09:36 -0300
Available diffs
expat (2.2.5-3ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-20843.patch: adds a break in
setElementTypePrefix avoiding consume a high amount of RAM
and CPU in expat/lib/xmlparser.c
- CVE-2018-20843
-- <email address hidden> (Leonidas S. Barbosa) Wed, 26 Jun 2019 12:14:29 -0300
Available diffs
expat (2.2.6-1ubuntu0.18.10) cosmic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-20843.patch: adds a break in
setElementTypePrefix avoiding consume a high amount of RAM
and CPU in expat/lib/xmlparser.c
- CVE-2018-20843
-- <email address hidden> (Leonidas S. Barbosa) Wed, 26 Jun 2019 13:15:47 -0300
Available diffs
expat (2.2.6-1ubuntu0.19.04) disco-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-20843.patch: adds a break in
setElementTypePrefix avoiding consume a high amount of RAM
and CPU in expat/lib/xmlparser.c
- CVE-2018-20843
-- <email address hidden> (Leonidas S. Barbosa) Wed, 26 Jun 2019 13:21:50 -0300
Available diffs
expat (2.2.6-2) unstable; urgency=high
* Fix extraction of namespace prefix from XML name (CVE-2018-20843)
(closes: #931031).
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 24 Jun 2019 21:18:31 +0000
Available diffs
- diff from 2.2.6-1 to 2.2.6-2 (778 bytes)
| Superseded in eoan-release |
| Obsolete in disco-release |
| Obsolete in cosmic-release |
| Deleted in cosmic-proposed (Reason: moved to release) |
expat (2.2.6-1) unstable; urgency=medium * New upstream release. * Disable Vcs-* fields for now. * Update Standards-Version to 4.1.5 . -- Laszlo Boszormenyi (GCS) <email address hidden> Wed, 15 Aug 2018 15:18:15 +0000
Available diffs
- diff from 2.2.5-3 to 2.2.6-1 (23.8 KiB)
| Superseded in cosmic-release |
| Published in bionic-release |
| Deleted in bionic-proposed (Reason: moved to release) |
expat (2.2.5-3) unstable; urgency=medium * Don't install irrelevant README.md (closes: #884818). -- Laszlo Boszormenyi (GCS) <email address hidden> Wed, 20 Dec 2017 00:17:04 +0000
Available diffs
- diff from 2.2.5-0ubuntu2 (in Ubuntu) to 2.2.5-3 (8.1 MiB)
- diff from 2.2.5-2 to 2.2.5-3 (358 bytes)
expat (2.2.5-2) unstable; urgency=medium * Upload to Sid. * Install AUTHORS file. * Update project homepage. * Migrate d/copyright to format 1.0 . * Update debhelper level to 11 . -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 17 Dec 2017 07:33:25 +0000
Available diffs
expat (2.2.5-0ubuntu2) bionic; urgency=medium * New upstream version. * Bump standards version. * Adjust build system for upstream change to autotools. -- Matthias Klose <email address hidden> Wed, 06 Dec 2017 17:40:35 +0100
Available diffs
- diff from 2.2.3-2 (in Debian) to 2.2.5-0ubuntu2 (184.7 KiB)
- diff from 2.2.5-0ubuntu1 to 2.2.5-0ubuntu2 (497 bytes)
| Superseded in bionic-proposed |
expat (2.2.5-0ubuntu1) bionic; urgency=medium * New upstream version. * Bump standards version. * Adjust build system for upstream change to autotools. -- Matthias Klose <email address hidden> Wed, 06 Dec 2017 17:40:35 +0100
Available diffs
- diff from 2.2.3-2 (in Debian) to 2.2.5-0ubuntu1 (184.7 KiB)
expat (2.2.3-2) unstable; urgency=medium
* Do not install .la files (closes: #880110).
* Don't expose libbsd-dev dependency on libexpat1-dev .
* Update Standards-Version to 4.1.1:
- change libexpat1-udeb priority to optional.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 05 Nov 2017 13:01:19 +0000
Available diffs
- diff from 2.2.3-1 to 2.2.3-2 (937 bytes)
| Superseded in bionic-release |
| Obsolete in artful-release |
| Deleted in artful-proposed (Reason: moved to release) |
expat (2.2.3-1) unstable; urgency=medium * New upstream release. * Remove dh-autoreconf build dependency. -- Laszlo Boszormenyi (GCS) <email address hidden> Wed, 02 Aug 2017 19:54:40 +0000
Available diffs
- diff from 2.2.2-2 to 2.2.3-1 (74.4 KiB)
expat (2.2.2-2) unstable; urgency=medium * Build with libbsd on Hurd as well. -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 16 Jul 2017 14:23:03 +0000
Available diffs
- diff from 2.2.1-2 to 2.2.2-2 (25.3 KiB)
- diff from 2.2.2-1 to 2.2.2-2 (687 bytes)
expat (2.2.2-1) unstable; urgency=high
* New upstream release:
- fix non-NULL parser parameter validation in XML_Parse; resulted in
NULL dereference.
-- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 13 Jul 2017 22:46:33 +0000
Available diffs
- diff from 2.2.1-3 to 2.2.2-1 (24.5 KiB)
expat (2.2.1-3) unstable; urgency=medium
* Add libbsd-dev dependency to libexpat1-dev on kFreeBSD architectures
(closes: #867252).
-- Laszlo Boszormenyi (GCS) <email address hidden> Wed, 05 Jul 2017 17:45:36 +0000
Available diffs
- diff from 2.2.1-2 to 2.2.1-3 (821 bytes)
expat (2.1.0-4ubuntu1.4) trusty-security; urgency=medium
* SECURITY UPDATE: external entity infinite loop
- debian/patches/CVE-2017-9233.patch: add check to lib/xmlparse.c.
- CVE-2017-9233
-- Marc Deslauriers <email address hidden> Tue, 27 Jun 2017 09:05:59 -0400
Available diffs
- diff from 2.1.0-4ubuntu1.3 to 2.1.0-4ubuntu1.4 (1006 bytes)
expat (2.1.0-7ubuntu0.16.04.3) xenial-security; urgency=medium
* SECURITY UPDATE: external entity infinite loop
- debian/patches/CVE-2017-9233.patch: add check to lib/xmlparse.c.
- CVE-2017-9233
-- Marc Deslauriers <email address hidden> Tue, 27 Jun 2017 09:05:33 -0400
Available diffs
expat (2.2.0-1ubuntu0.1) yakkety-security; urgency=medium
* SECURITY UPDATE: external entity infinite loop
- debian/patches/CVE-2017-9233.patch: add check to lib/xmlparse.c.
- CVE-2017-9233
-- Marc Deslauriers <email address hidden> Tue, 27 Jun 2017 09:05:06 -0400
Available diffs
expat (2.2.0-2ubuntu0.1) zesty-security; urgency=medium
* SECURITY UPDATE: external entity infinite loop
- debian/patches/CVE-2017-9233.patch: add check to lib/xmlparse.c.
- CVE-2017-9233
-- Marc Deslauriers <email address hidden> Tue, 27 Jun 2017 08:23:49 -0400
Available diffs
expat (2.2.1-2) unstable; urgency=medium * Fix mis-detection of getrandom() on kFreeBSD. * Utilize libbsd for arc4random_buf() on kFreeBSD. -- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 22 Jun 2017 21:05:46 +0000
Available diffs
- diff from 2.2.1-1 to 2.2.1-2 (1.4 KiB)
expat (2.2.1-1) unstable; urgency=high
* New upstream release:
- upstream fix for CVE-2016-9063 to prevent undefined behavior from signed
integer overflow,
- fix CVE-2017-9233: external entity infinite loop DoS,
- fix regression from fix to CVE-2016-0718 cutting off longer tag names,
- use high quality entropy for hash initialization for part of
CVE-2016-5300,
- change hash algorithm to William Ahern's version of SipHash to go
further with fixing CVE-2012-0876.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 17 Jun 2017 20:48:02 +0000
Available diffs
- diff from 2.2.0-2 to 2.2.1-1 (85.9 KiB)
| Superseded in artful-release |
| Obsolete in zesty-release |
| Deleted in zesty-proposed (Reason: moved to release) |
expat (2.2.0-2) unstable; urgency=high
* Use fix from Mozilla for CVE-2016-9063: integer overflow during the
parsing of XML.
* Replace deprecated -s debhelper switch with the -a one.
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 02 Jan 2017 21:12:32 +0000
Available diffs
- diff from 2.2.0-1 to 2.2.0-2 (1.3 KiB)
| Superseded in zesty-release |
| Obsolete in yakkety-release |
| Deleted in yakkety-proposed (Reason: moved to release) |
expat (2.2.0-1) unstable; urgency=low * New upstream release, update symbols accordingly. * Use upstream manpage for xmlwf. * Drop all patches as this release contains those. -- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 21 Jun 2016 15:29:58 +0000
Available diffs
- diff from 2.1.1-1ubuntu2 (in Ubuntu) to 2.2.0-1 (248.0 KiB)
expat (2.1.0-4ubuntu1.3) trusty-security; urgency=medium
* SECURITY UPDATE: unanticipated internal calls to srand
- debian/patches/CVE-2012-6702-1.patch: remove srand, use more entropy
in lib/xmlparse.c.
- debian/patches/CVE-2012-6702-2.patch: use a prime that fits 32bits on
32bit platforms in lib/xmlparse.c.
- CVE-2012-6702
* SECURITY UPDATE: use of too little entropy
- debian/patches/CVE-2016-5300-1.patch: extract method
gather_time_entropy in lib/xmlparse.c.
- debian/patches/CVE-2016-5300-2.patch: extract entropy from XML_Parser
address in lib/xmlparse.c.
- CVE-2016-5300
-- Marc Deslauriers <email address hidden> Fri, 10 Jun 2016 08:50:53 -0400
Available diffs
expat (2.1.0-7ubuntu0.16.04.2) xenial-security; urgency=medium
* SECURITY UPDATE: unanticipated internal calls to srand
- debian/patches/CVE-2012-6702-1.patch: remove srand, use more entropy
in lib/xmlparse.c.
- debian/patches/CVE-2012-6702-2.patch: use a prime that fits 32bits on
32bit platforms in lib/xmlparse.c.
- CVE-2012-6702
* SECURITY UPDATE: use of too little entropy
- debian/patches/CVE-2016-5300-1.patch: extract method
gather_time_entropy in lib/xmlparse.c.
- debian/patches/CVE-2016-5300-2.patch: extract entropy from XML_Parser
address in lib/xmlparse.c.
- CVE-2016-5300
-- Marc Deslauriers <email address hidden> Fri, 10 Jun 2016 08:48:04 -0400
Available diffs
expat (2.1.0-7ubuntu0.15.10.2) wily-security; urgency=medium
* SECURITY UPDATE: unanticipated internal calls to srand
- debian/patches/CVE-2012-6702-1.patch: remove srand, use more entropy
in lib/xmlparse.c.
- debian/patches/CVE-2012-6702-2.patch: use a prime that fits 32bits on
32bit platforms in lib/xmlparse.c.
- CVE-2012-6702
* SECURITY UPDATE: use of too little entropy
- debian/patches/CVE-2016-5300-1.patch: extract method
gather_time_entropy in lib/xmlparse.c.
- debian/patches/CVE-2016-5300-2.patch: extract entropy from XML_Parser
address in lib/xmlparse.c.
- CVE-2016-5300
-- Marc Deslauriers <email address hidden> Fri, 10 Jun 2016 08:50:11 -0400
Available diffs
expat (2.0.1-7.2ubuntu1.4) precise-security; urgency=medium
* SECURITY UPDATE: unanticipated internal calls to srand
- debian/patches/CVE-2012-6702-1.dpatch: remove srand, use more entropy
in lib/xmlparse.c.
- debian/patches/CVE-2012-6702-2.dpatch: use a prime that fits 32bits
on 32bit platforms in lib/xmlparse.c.
- CVE-2012-6702
* SECURITY UPDATE: use of too little entropy
- debian/patches/CVE-2016-5300-1.dpatch: extract method
gather_time_entropy in lib/xmlparse.c.
- debian/patches/CVE-2016-5300-2.dpatch: extract entropy from
XML_Parser address in lib/xmlparse.c.
- CVE-2016-5300
-- Marc Deslauriers <email address hidden> Fri, 10 Jun 2016 08:54:12 -0400
Available diffs
expat (2.1.1-1ubuntu2) yakkety; urgency=medium
* SECURITY UPDATE: unanticipated internal calls to srand
- debian/patches/CVE-2012-6702-1.patch: remove srand, use more entropy
in lib/xmlparse.c.
- debian/patches/CVE-2012-6702-2.patch: use a prime that fits 32bits on
32bit platforms in lib/xmlparse.c.
- CVE-2012-6702
* SECURITY UPDATE: use of too little entropy
- debian/patches/CVE-2016-5300-1.patch: extract method
gather_time_entropy in lib/xmlparse.c.
- debian/patches/CVE-2016-5300-2.patch: extract entropy from XML_Parser
address in lib/xmlparse.c.
- CVE-2016-5300
-- Marc Deslauriers <email address hidden> Fri, 10 Jun 2016 07:58:42 -0400
Available diffs
| 1 → 75 of 123 results | First • Previous • Next • Last |
