Change log for expat package in Ubuntu
1 → 75 of 123 results | First • Previous • Next • Last |
Published in oracular-release |
Published in noble-release |
Deleted in noble-proposed (Reason: Moved to noble) |
expat (2.6.1-2build1) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <email address hidden> Sun, 31 Mar 2024 07:34:09 +0000
Available diffs
- diff from 2.6.1-2 (in Debian) to 2.6.1-2build1 (584 bytes)
expat (2.6.2-1) unstable; urgency=medium * New upstream release. -- Laszlo Boszormenyi (GCS) <email address hidden> Wed, 13 Mar 2024 21:40:29 +0100
expat (2.5.0-2ubuntu0.1) mantic-security; urgency=medium * SECURITY UPDATE: denial-of-service - debian/patches/CVE-2023-52425.patch: Speed up parsing of big tokens. - CVE-2023-52425 * SECURITY UPDATE: denial-of-service - debian/patches/CVE-2024-28757.patch: Detect billion laughs attack with isolated external parser. - CVE-2024-28757 -- Fabian Toepfer <email address hidden> Wed, 13 Mar 2024 16:05:10 +0100
Available diffs
expat (2.4.7-1ubuntu0.3) jammy-security; urgency=medium * SECURITY UPDATE: denial-of-service - debian/patches/CVE-2023-52425.patch: Speed up parsing of big tokens. - CVE-2023-52425 * SECURITY UPDATE: denial-of-service - debian/patches/CVE-2024-28757.patch: Detect billion laughs attack with isolated external parser. - CVE-2024-28757 -- Fabian Toepfer <email address hidden> Wed, 13 Mar 2024 14:28:54 +0100
Available diffs
expat (2.6.1-2) unstable; urgency=high * Backport security fix for CVE-2024-28757: prevent billion laughs attacks in isolated external parser (closes: #1065868). -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 10 Mar 2024 18:24:38 +0100
Available diffs
- diff from 2.6.0-1 to 2.6.1-2 (11.7 KiB)
Deleted in noble-updates (Reason: superseded by release) |
Superseded in noble-release |
Deleted in noble-proposed (Reason: Moved to noble) |
expat (2.6.0-1) unstable; urgency=high * New upstream release: - fixes CVE-2023-52425: fix quadratic runtime issues with big tokens that can cause denial of service (closes: #1063238), - fixes CVE-2023-52426: fix billion laughs attacks for users compiling without XML_DTD defined (which is not common) (closes: #1063240). -- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 06 Feb 2024 22:00:26 +0100
Available diffs
- diff from 2.5.0-2 to 2.6.0-1 (263.5 KiB)
Superseded in noble-release |
Published in mantic-release |
Deleted in mantic-proposed (Reason: Moved to mantic) |
expat (2.5.0-2) unstable; urgency=medium [ Samuel Thibault <email address hidden> ] * Generalize libbsd-dev build dependency on kfreebsd and hurd ports (closes: #1035556). [ Henry N. <email address hidden> ] * Fix building with profile nodoc (stage1) (closes: #1037080). -- Laszlo Boszormenyi (GCS) <email address hidden> Wed, 14 Jun 2023 22:08:48 +0200
Available diffs
- diff from 2.5.0-1 to 2.5.0-2 (1.1 KiB)
expat (2.4.8-2ubuntu0.22.10.1) kinetic-security; urgency=medium * SECURITY UPDATE: use-after-free - debian/patches/CVE-2022-43680-1.patch: adds tests to cover DTD destruction in XML_ExternalEntityParserCreate in expat/tests/runtests.c. - debian/patches/CVE-2022-43680-2.patch: fix overeager DTD destruction in XML_ExternalEntityParserCreate in expat/lib/xmlparse.c. - CVE-2022-43680 -- David Fernandez Gonzalez <email address hidden> Fri, 18 Nov 2022 12:22:47 +0100
Available diffs
expat (2.4.7-1ubuntu0.2) jammy-security; urgency=medium * SECURITY UPDATE: use-after-free - debian/patches/CVE-2022-43680-1.patch: adds tests to cover DTD destruction in XML_ExternalEntityParserCreate in expat/tests/runtests.c. - debian/patches/CVE-2022-43680-2.patch: fix overeager DTD destruction in XML_ExternalEntityParserCreate in expat/lib/xmlparse.c. - CVE-2022-43680 -- David Fernandez Gonzalez <email address hidden> Fri, 18 Nov 2022 12:21:42 +0100
Available diffs
expat (2.2.9-1ubuntu0.6) focal-security; urgency=medium * SECURITY UPDATE: use-after-free - debian/patches/CVE-2022-43680-1.patch: adds tests to cover DTD destruction in XML_ExternalEntityParserCreate in expat/tests/runtests.c. - debian/patches/CVE-2022-43680-2.patch: fix overeager DTD destruction in XML_ExternalEntityParserCreate in expat/lib/xmlparse.c. - CVE-2022-43680 -- David Fernandez Gonzalez <email address hidden> Fri, 18 Nov 2022 11:29:59 +0100
Available diffs
expat (2.2.5-3ubuntu0.9) bionic-security; urgency=medium * SECURITY REGRESSION: Tests failed - debian/patches/CVE-2022-43680-1.patch: backport patch to work for this version in expat/tests/runtests.c. -- David Fernandez Gonzalez <email address hidden> Fri, 18 Nov 2022 11:57:30 +0100
Available diffs
expat (2.2.9-1ubuntu0.5) focal-security; urgency=medium * SECURITY UPDATE: Use-after-free in doContent - debian/patches/CVE-2022-40674.patch: ensure storeRawNames() is always called in func internalEntityProcessor if handling unbalanced tags in expat/lib/xmlparse.c. - CVE-2022-40674 -- David Fernandez Gonzalez <email address hidden> Tue, 15 Nov 2022 16:11:03 +0100
Available diffs
expat (2.4.7-1ubuntu0.1) jammy-security; urgency=medium * SECURITY UPDATE: Use-after-free in doContent - debian/patches/CVE-2022-40674.patch: ensure storeRawNames() is always called in func internalEntityProcessor if handling unbalanced tags in expat/lib/xmlparse.c. - CVE-2022-40674 -- David Fernandez Gonzalez <email address hidden> Tue, 15 Nov 2022 16:01:53 +0100
Available diffs
expat (2.2.5-3ubuntu0.8) bionic-security; urgency=medium * SECURITY UPDATE: use-after-free - debian/patches/CVE-2022-40674.patch: adds a conditional call to storeRawNames() in func internalEntityProcessor following a call to doCOntent() that could result in unbalanced tags upon returning. - CVE-2022-40674 * SECURITY UPDATE: use-after-free - debian/patches/CVE-2022-43680-1.patch: adds tests to cover DTD destruction in XML_ExternalEntityParserCreate in expat/tests/runtests.c. - debian/patches/CVE-2022-43680-2.patch: fix overeager DTD destruction in XML_ExternalEntityParserCreate in expat/lib/xmlparse.c. - CVE-2022-43680 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 08 Nov 2022 07:13:44 -0300
Available diffs
Superseded in mantic-release |
Published in lunar-release |
Deleted in lunar-proposed (Reason: Moved to lunar) |
expat (2.5.0-1) unstable; urgency=high * New upstream release: - fixes CVE-2022-43680: heap use-after-free after overeager destruction of a shared DTD in XML_ExternalEntityParserCreate() (closes: #1022743). -- Laszlo Boszormenyi (GCS) <email address hidden> Wed, 26 Oct 2022 15:31:29 +0200
Available diffs
- diff from 2.4.8-2 to 2.5.0-1 (30.3 KiB)
Superseded in lunar-release |
Obsolete in kinetic-release |
Deleted in kinetic-proposed (Reason: Moved to kinetic) |
expat (2.4.8-2) unstable; urgency=high * Backport security fix for CVE-2022-40674: heap use-after-free issue in doContent() (closes: #1019761). -- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 15 Sep 2022 20:53:15 +0200
Available diffs
- diff from 2.4.8-1 to 2.4.8-2 (2.7 KiB)
expat (2.4.8-1) unstable; urgency=medium * New upstream release. -- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 29 Mar 2022 22:01:08 +0200
Available diffs
- diff from 2.4.7-1 to 2.4.8-1 (5.1 KiB)
expat (2.2.5-3ubuntu0.7) bionic-security; urgency=medium * SECURITY UPDATE: Stack exhaustion - debian/patches/CVE-2022-25313.patch: prevent stack exhaustion in build_model in expat/lib/xmlparse.c. - debian/patches/fix-build_model-regression.patch: fix build_model regression in expat/lib/xmlparse.c. - CVE-2022-25313 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-25314.patch: prevent integer overflow in copyString in expat/lib/xmlparse.c. - CVE-2022-25314 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-25315.patch: prevent integer overflow in storeRawNames in expat/lib/xmlparse.c. - CVE-2022-25315 * SECURITY UPDATE: relax fix to CVE-2022-25236 with regard to RFC 3986 URI characters and possibly regressions - debian/patches/CVE-2022-25236-3.patch: add a note on namespace URI validation in expat/doc/reference.html, expat/lib/expat.h. - debian/patches/CVE-2022-25236-4.patch: document namespace separator effect right in header expat/lib/expat.h. - debian/patches/CVE-2022-25236-5.patch: cover relaxed fix in tests. - debian/patches/CVE-2022-25236-6.patch: relax fix with regard to RFC 3986 URI characters in expat/lib/xmlparse.c. (LP: #1963903) -- Leonidas Da Silva Barbosa <email address hidden> Tue, 08 Mar 2022 09:28:37 -0300
Available diffs
- diff from 2.2.5-3ubuntu0.4 to 2.2.5-3ubuntu0.7 (9.7 KiB)
- diff from 2.2.5-3ubuntu0.6 to 2.2.5-3ubuntu0.7 (540 bytes)
expat (2.2.9-1ubuntu0.4) focal-security; urgency=medium * SECURITY UPDATE: Stack exhaustion - debian/patches/CVE-2022-25313.patch: prevent stack exhaustion in build_model in expat/lib/xmlparse.c. - debian/patches/fix-build_model-regression.patch: fix build_model regression in expat/lib/xmlparse.c. - debian/patches/protect-against-nested-element*: in expat/lib/xmlparse. - CVE-2022-25313 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-25314.patch: prevent integer overflow in copyString in expat/lib/xmlparse.c. - CVE-2022-25314 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-25315.patch: prevent integer overflow in storeRawNames in expat/lib/xmlparse.c. - CVE-2022-25315 * SECURITY UPDATE: relax fix to CVE-2022-25236 with regard to RFC 3986 URI characters and possibly regressions - debian/patches/CVE-2022-25236-3.patch: add a note on namespace URI validation in expat/doc/reference.html, expat/lib/expat.h. - debian/patches/CVE-2022-25236-4.patch: document namespace separator effect right in header expat/lib/expat.h. - debian/patches/CVE-2022-25236-5.patch: cover relaxed fix in tests. - debian/patches/CVE-2022-25236-6.patch: relax fix with regard to RFC 3986 URI characters in expat/lib/xmlparse.c. (LP: #1963903) * removing duplicated tests - debian/patches/fix_test_dup.patch: removing tests were duplicated in expat/tests/runtests.c. -- Leonidas Da Silva Barbosa <email address hidden> Mon, 21 Feb 2022 15:48:46 -0300
Available diffs
expat (2.4.1-2ubuntu0.3) impish-security; urgency=medium * SECURITY UPDATE: Stack exhaustion - debian/patches/CVE-2022-25313.patch: prevent stack exhaustion in build_model in expat/lib/xmlparse.c. - debian/patches/fix-build_model-regression.patch: fix build_model regression in expat/lib/xmlparse.c. - debian/patches/protect-against-nested-element*: in expat/lib/xmlparse. - CVE-2022-25313 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-25314.patch: prevent integer overflow in copyString in expat/lib/xmlparse.c. - CVE-2022-25314 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-25315.patch: prevent integer overflow in storeRawNames in expat/lib/xmlparse.c. - CVE-2022-25315 * SECURITY UPDATE: relax fix to CVE-2022-25236 with regard to RFC 3986 URI characters and possibly regressions - debian/patches/CVE-2022-25236-3.patch: add a note on namespace URI validation in expat/doc/reference.html, expat/lib/expat.h. - debian/patches/CVE-2022-25236-4.patch: document namespace separator effect right in header expat/lib/expat.h. - debian/patches/CVE-2022-25236-5.patch: cover relaxed fix in tests. - debian/patches/CVE-2022-25236-6.patch: relax fix with regard to RFC 3986 URI characters in expat/lib/xmlparse.c. (LP: #1963903) -- Leonidas Da Silva Barbosa <email address hidden> Mon, 21 Feb 2022 14:42:01 -0300
Available diffs
Superseded in kinetic-release |
Published in jammy-release |
Deleted in jammy-proposed (Reason: Moved to jammy) |
expat (2.4.7-1) unstable; urgency=medium * New upstream release: - relax fix to CVE-2022-25236 with regard to all valid URI characters (RFC 3986). -- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 05 Mar 2022 07:11:48 +0100
Available diffs
- diff from 2.4.6-1 to 2.4.7-1 (8.5 KiB)
expat (2.4.6-1) unstable; urgency=medium * New upstream release. -- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 21 Feb 2022 21:08:18 +0100
Available diffs
- diff from 2.4.4-1 to 2.4.6-1 (11.0 KiB)
- diff from 2.4.5-2 to 2.4.6-1 (7.4 KiB)
expat (2.4.5-2) unstable; urgency=medium * Fix build_model regression (closes: #1006162). -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 20 Feb 2022 16:26:07 +0100
Available diffs
- diff from 2.4.5-1 to 2.4.5-2 (4.7 KiB)
expat (2.4.5-1) unstable; urgency=high * New upstream release: - fixes CVE-2022-25235: certain validation of encoding, such as checks for whether a UTF-8 character is valid can cause code execution (closes: #1005894), - fixes CVE-2022-25236: passing namespace separator characters can cause code execution (closes: #1005895), - fixes CVE-2022-25313: an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element, - fixes CVE-2022-25314: integer overflow in function copyString() , - fixes CVE-2022-25315: integer overflow in function storeRawNames() . -- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 19 Feb 2022 07:34:25 +0100
Available diffs
- diff from 2.4.4-1 to 2.4.5-1 (9.9 KiB)
expat (2.2.5-3ubuntu0.4) bionic-security; urgency=medium * SECURITY UPDATE: Realloc misbehavior - debian/patches/CVE-2021-45960.patch: detect and prevent troublesome left shifts in function storeAtts in expat/lib/xmlparse.c. - CVE-2021-45960 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2021-46143.patch: prevent integer overflow on m_groupSize in function doProlog in expat/lib/xmlparse.c. - CVE-2021-46143 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-22822-to-CVE-2022-22827.patch: prevent integer overflow in multiple places in expat/lib/xmlparse.c. - CVE-2022-22822 - CVE-2022-22823 - CVE-2022-22824 - CVE-2022-22825 - CVE-2022-22826 - CVE-2022-22827 * SECURITY UPDATE: Signed integer overflow - debian/patches/CVE-2022-23852-*.patch: detect and prevent integer overflow in XML_GetBuffer in expat/lib/xmlparse.c and adds test to cover it in expat/tests/runtests.c. - CVE-2022-23852 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-23990.patch: prevent integer overflow in doProlog in expat/lib/xmlparse.c. - CVE-2022-23990 * SECURITY UPDATE: Incomplete validation encoding - debian/patches/CVE-2022-25235-*.patch: adds missing validation and adds tests in expat/lib/xmltok_impl.c, expat/tests/runtests.c. - CVE-2022-25235 * SECURITY UPDATE: Namespace-separator insertions - debian/patches/CVE-2022-25236-*.patch: Protect against malicious namespace declarations in expat/lib/xmlparse.c, expat/tests/runtests.c. - CVE-2022-25236 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 17 Feb 2022 20:38:16 -0300
Available diffs
expat (2.2.9-1ubuntu0.2) focal-security; urgency=medium * SECURITY UPDATE: Realloc misbehavior - debian/patches/CVE-2021-45960.patch: detect and prevent troublesome left shifts in function storeAtts in expat/lib/xmlparse.c. - CVE-2021-45960 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2021-46143.patch: prevent integer overflow on m_groupSize in function doProlog in expat/lib/xmlparse.c. - CVE-2021-46143 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-22822-to-CVE-2022-22827.patch: prevent integer overflow in multiple places in expat/lib/xmlparse.c. - CVE-2022-22822 - CVE-2022-22823 - CVE-2022-22824 - CVE-2022-22825 - CVE-2022-22826 - CVE-2022-22827 * SECURITY UPDATE: Signed integer overflow - debian/patches/CVE-2022-23852-*.patch: detect and prevent integer overflow in XML_GetBuffer in expat/lib/xmlparse.c and adds test to cover it in expat/tests/runtests.c. - CVE-2022-23852 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-23990.patch: prevent integer overflow in doProlog in expat/lib/xmlparse.c. - CVE-2022-23990 * SECURITY UPDATE: Incomplete validation encoding - debian/patches/CVE-2022-25235-*.patch: adds missing validation and adds tests in expat/lib/xmltok_impl.c, expat/tests/runtests.c. - CVE-2022-25235 * SECURITY UPDATE: Namespace-separator insertions - debian/patches/CVE-2022-25236-*.patch: Protect against malicious namespace declarations in expat/lib/xmlparse.c, expat/tests/runtests.c. - CVE-2022-25236 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 17 Feb 2022 20:09:12 -0300
Available diffs
expat (2.4.1-2ubuntu0.1) impish-security; urgency=medium * SECURITY UPDATE: Realloc misbehavior - debian/patches/CVE-2021-45960.patch: detect and prevent troublesome left shifts in function storeAtts in expat/lib/xmlparse.c. - CVE-2021-45960 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2021-46143.patch: prevent integer overflow on m_groupSize in function doProlog in expat/lib/xmlparse.c. - CVE-2021-46143 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-22822-to-CVE-2022-22827.patch: prevent integer overflow in multiple places in expat/lib/xmlparse.c. - CVE-2022-22822 - CVE-2022-22823 - CVE-2022-22824 - CVE-2022-22825 - CVE-2022-22826 - CVE-2022-22827 * SECURITY UPDATE: Signed integer overflow - debian/patches/CVE-2022-23852-*.patch: detect and prevent integer overflow in XML_GetBuffer in expat/lib/xmlparse.c and adds test to cover it in expat/tests/runtests.c. - CVE-2022-23852 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-23990.patch: prevent integer overflow in doProlog in expat/lib/xmlparse.c. - CVE-2022-23990 * SECURITY UPDATE: Incomplete validation encoding - debian/patches/CVE-2022-25235-*.patch: adds missing validation and adds tests in expat/lib/xmltok_impl.c, expat/tests/runtests.c. - CVE-2022-25235 * SECURITY UPDATE: Namespace-separator insertions - debian/patches/CVE-2022-25236-*.patch: Protect against malicious namespace declarations in expat/lib/xmlparse.c, expat/tests/runtests.c. - CVE-2022-25236 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 17 Feb 2022 19:44:18 -0300
Available diffs
expat (2.4.4-1) unstable; urgency=medium * New upstream release. -- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 01 Feb 2022 18:51:12 +0100
Available diffs
- diff from 2.4.3-2 to 2.4.4-1 (7.7 KiB)
- diff from 2.4.3-3 to 2.4.4-1 (8.2 KiB)
expat (2.4.3-3) unstable; urgency=high * Backport security fix for CVE-2022-23990: integer overflow in doProlog() . -- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 27 Jan 2022 06:44:50 +0100
Available diffs
- diff from 2.4.3-2 to 2.4.3-3 (1.5 KiB)
expat (2.4.3-2) unstable; urgency=high * Backport security fix for CVE-2022-23852: XML_GetBuffer() signed integer overflow. -- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 24 Jan 2022 18:18:59 +0100
Available diffs
- diff from 2.4.3-1 to 2.4.3-2 (2.0 KiB)
expat (2.4.3-1) unstable; urgency=high * New upstream release: - fixes CVE-2021-45960: left shifts by >=29 places resulting in realloc acting as free, realloc allocating too few bytes, undefined behavior depending on architecture, - fixes CVE-2021-46143: integer overflow leading to realloc acting as free, - fixes CVE-2022-22822: integer overflow in function addBinding, - fixes CVE-2022-22823: integer overflow in function build_model, - fixes CVE-2022-22824: integer overflow in function defineAttribute, - fixes CVE-2022-22825: integer overflow in function lookup, - fixes CVE-2022-22826: integer overflow in function nextScaffoldPart, - fixes CVE-2022-22827: integer overflow in function storeAtts. -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 16 Jan 2022 21:48:09 +0100
Available diffs
- diff from 2.4.2-1 to 2.4.3-1 (10.6 KiB)
expat (2.4.2-1) unstable; urgency=medium * New upstream release. -- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 23 Dec 2021 19:05:43 +0100
Available diffs
- diff from 2.4.1-3 to 2.4.2-1 (9.7 KiB)
expat (2.4.1-3) unstable; urgency=medium * Update watch file. * Update Standards-Version to 4.6.0 . [ Andrius Merkys <email address hidden> ] * Fix incorrect path for expat library in expat-noconfig.cmake (closes: #995907). * Fix incorrect path for INTERFACE_INCLUDE_DIRECTORIES in expat.cmake (closes: #996612). -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 24 Oct 2021 18:48:18 +0200
Available diffs
- diff from 2.4.1-2 to 2.4.1-3 (1.6 KiB)
Superseded in jammy-release |
Obsolete in impish-release |
Deleted in impish-proposed (Reason: Moved to impish) |
expat (2.4.1-2) unstable; urgency=medium * Upload to Sid. -- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 09 Sep 2021 21:26:21 +0200
Available diffs
- diff from 2.3.0-1 to 2.4.1-2 (58.1 KiB)
expat (2.3.0-1) experimental; urgency=medium * New upstream release. * Update debhelper level to 13 . * Update Standards-Version to 4.5.1 . -- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 10 May 2021 19:20:19 +0200
Available diffs
- diff from 2.2.10-2 to 2.3.0-1 (18.0 KiB)
Superseded in impish-release |
Obsolete in hirsute-release |
Deleted in hirsute-proposed (Reason: moved to Release) |
expat (2.2.10-2) unstable; urgency=medium * Provide stage1 (bootstrap) build profile (closes: #896011). [ Matthias Klose <email address hidden> ] * Don't build the udeb package when requested (closes: #983324). -- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 23 Feb 2021 17:54:13 +0100
Available diffs
- diff from 2.2.10-1 to 2.2.10-2 (1.6 KiB)
- diff from 2.2.10-1ubuntu1 (in Ubuntu) to 2.2.10-2 (1.4 KiB)
Superseded in hirsute-proposed |
expat (2.2.10-1ubuntu1) hirsute; urgency=medium * Don't build the udeb package when requested. -- Matthias Klose <email address hidden> Mon, 22 Feb 2021 11:30:32 +0100
Available diffs
- diff from 2.2.10-1build1 to 2.2.10-1ubuntu1 (811 bytes)
Superseded in hirsute-proposed |
expat (2.2.10-1build1) hirsute; urgency=medium * No-change rebuild to drop the udeb package. -- Matthias Klose <email address hidden> Mon, 22 Feb 2021 10:31:00 +0100
Available diffs
- diff from 2.2.10-1 (in Debian) to 2.2.10-1build1 (310 bytes)
expat (2.2.10-1) unstable; urgency=medium * New upstream release. * Update Standards-Version to 4.5.0 . -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 04 Oct 2020 07:39:41 +0200
Available diffs
Superseded in hirsute-release |
Obsolete in groovy-release |
Published in focal-release |
Deleted in focal-proposed (Reason: moved to Release) |
expat (2.2.9-1build1) focal; urgency=medium * No-change rebuild for libgcc-s1 package name change. -- Matthias Klose <email address hidden> Sun, 22 Mar 2020 16:39:58 +0100
Available diffs
- diff from 2.2.9-1 (in Debian) to 2.2.9-1build1 (315 bytes)
expat (2.2.9-1) unstable; urgency=medium * New upstream release. * Update Standards-Version to 4.4.0 . -- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 28 Sep 2019 18:49:55 +0000
Available diffs
- diff from 2.2.7-2 to 2.2.9-1 (237.1 KiB)
expat (2.2.6-1ubuntu0.19.5) disco-security; urgency=medium * SECURITY UPDATE: heap-based buffer over-read - debian/patches/CVE-2019-15903.patch: Deny internal entities closing the doctype in expat/lib/xmlparse.c. - CVE-2019-15903 -- <email address hidden> (Leonidas S. Barbosa) Tue, 10 Sep 2019 14:51:57 -0300
Available diffs
expat (2.2.5-3ubuntu0.2) bionic-security; urgency=medium * SECURITY UPDATE: heap-based buffer over-read - debian/patches/CVE-2019-15903.patch: Deny internal entities closing the doctype in expat/lib/xmlparse.c. - CVE-2019-15903 -- <email address hidden> (Leonidas S. Barbosa) Tue, 10 Sep 2019 15:05:44 -0300
Available diffs
expat (2.1.0-7ubuntu0.16.04.5) xenial-security; urgency=medium * SECURITY UPDATE: heap-based buffer over-read - debian/patches/CVE-2019-15903.patch: Deny internal entities closing the doctype in lib/xmlparse.c. - CVE-2019-15903 -- <email address hidden> (Leonidas S. Barbosa) Tue, 10 Sep 2019 15:27:03 -0300
Available diffs
expat (2.0.1-7.2ubuntu1.7) precise-security; urgency=medium * SECURITY UPDATE: heap-based buffer over-read - debian/patches/CVE-2019-15903.dpatch: Deny internal entities closing the doctype in lib/xmlparse.c. - CVE-2019-15903 -- <email address hidden> (Leonidas S. Barbosa) Tue, 10 Sep 2019 11:42:28 -0300
Available diffs
Superseded in focal-release |
Obsolete in eoan-release |
Deleted in eoan-proposed (Reason: moved to release) |
expat (2.2.7-2) unstable; urgency=high * Fix CVE-2019-15903: deny internal entities closing the doctype (closes: #939394). -- Laszlo Boszormenyi (GCS) <email address hidden> Wed, 04 Sep 2019 18:01:00 +0000
Available diffs
- diff from 2.2.7-1 to 2.2.7-2 (2.7 KiB)
expat (2.2.7-1) unstable; urgency=medium * New upstream release. * Update libexpat1 symbols. -- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 13 Jul 2019 21:46:00 +0000
Available diffs
- diff from 2.2.6-2 to 2.2.7-1 (15.6 KiB)
expat (2.1.0-7ubuntu0.16.04.4) xenial-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-20843.patch: adds a break in setElementTypePrefix avoiding consume a high amount of RAM and CPU in lib/xmlparser.c - CVE-2018-20843 -- <email address hidden> (Leonidas S. Barbosa) Wed, 26 Jun 2019 12:09:36 -0300
Available diffs
expat (2.2.5-3ubuntu0.1) bionic-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-20843.patch: adds a break in setElementTypePrefix avoiding consume a high amount of RAM and CPU in expat/lib/xmlparser.c - CVE-2018-20843 -- <email address hidden> (Leonidas S. Barbosa) Wed, 26 Jun 2019 12:14:29 -0300
Available diffs
expat (2.2.6-1ubuntu0.18.10) cosmic-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-20843.patch: adds a break in setElementTypePrefix avoiding consume a high amount of RAM and CPU in expat/lib/xmlparser.c - CVE-2018-20843 -- <email address hidden> (Leonidas S. Barbosa) Wed, 26 Jun 2019 13:15:47 -0300
Available diffs
expat (2.2.6-1ubuntu0.19.04) disco-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-20843.patch: adds a break in setElementTypePrefix avoiding consume a high amount of RAM and CPU in expat/lib/xmlparser.c - CVE-2018-20843 -- <email address hidden> (Leonidas S. Barbosa) Wed, 26 Jun 2019 13:21:50 -0300
Available diffs
expat (2.2.6-2) unstable; urgency=high * Fix extraction of namespace prefix from XML name (CVE-2018-20843) (closes: #931031). -- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 24 Jun 2019 21:18:31 +0000
Available diffs
- diff from 2.2.6-1 to 2.2.6-2 (778 bytes)
Superseded in eoan-release |
Obsolete in disco-release |
Obsolete in cosmic-release |
Deleted in cosmic-proposed (Reason: moved to release) |
expat (2.2.6-1) unstable; urgency=medium * New upstream release. * Disable Vcs-* fields for now. * Update Standards-Version to 4.1.5 . -- Laszlo Boszormenyi (GCS) <email address hidden> Wed, 15 Aug 2018 15:18:15 +0000
Available diffs
- diff from 2.2.5-3 to 2.2.6-1 (23.8 KiB)
Superseded in cosmic-release |
Published in bionic-release |
Deleted in bionic-proposed (Reason: moved to release) |
expat (2.2.5-3) unstable; urgency=medium * Don't install irrelevant README.md (closes: #884818). -- Laszlo Boszormenyi (GCS) <email address hidden> Wed, 20 Dec 2017 00:17:04 +0000
Available diffs
- diff from 2.2.5-0ubuntu2 (in Ubuntu) to 2.2.5-3 (8.1 MiB)
- diff from 2.2.5-2 to 2.2.5-3 (358 bytes)
expat (2.2.5-2) unstable; urgency=medium * Upload to Sid. * Install AUTHORS file. * Update project homepage. * Migrate d/copyright to format 1.0 . * Update debhelper level to 11 . -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 17 Dec 2017 07:33:25 +0000
Available diffs
expat (2.2.5-0ubuntu2) bionic; urgency=medium * New upstream version. * Bump standards version. * Adjust build system for upstream change to autotools. -- Matthias Klose <email address hidden> Wed, 06 Dec 2017 17:40:35 +0100
Available diffs
- diff from 2.2.3-2 (in Debian) to 2.2.5-0ubuntu2 (184.7 KiB)
- diff from 2.2.5-0ubuntu1 to 2.2.5-0ubuntu2 (497 bytes)
Superseded in bionic-proposed |
expat (2.2.5-0ubuntu1) bionic; urgency=medium * New upstream version. * Bump standards version. * Adjust build system for upstream change to autotools. -- Matthias Klose <email address hidden> Wed, 06 Dec 2017 17:40:35 +0100
Available diffs
- diff from 2.2.3-2 (in Debian) to 2.2.5-0ubuntu1 (184.7 KiB)
expat (2.2.3-2) unstable; urgency=medium * Do not install .la files (closes: #880110). * Don't expose libbsd-dev dependency on libexpat1-dev . * Update Standards-Version to 4.1.1: - change libexpat1-udeb priority to optional. -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 05 Nov 2017 13:01:19 +0000
Available diffs
- diff from 2.2.3-1 to 2.2.3-2 (937 bytes)
Superseded in bionic-release |
Obsolete in artful-release |
Deleted in artful-proposed (Reason: moved to release) |
expat (2.2.3-1) unstable; urgency=medium * New upstream release. * Remove dh-autoreconf build dependency. -- Laszlo Boszormenyi (GCS) <email address hidden> Wed, 02 Aug 2017 19:54:40 +0000
Available diffs
- diff from 2.2.2-2 to 2.2.3-1 (74.4 KiB)
expat (2.2.2-2) unstable; urgency=medium * Build with libbsd on Hurd as well. -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 16 Jul 2017 14:23:03 +0000
Available diffs
- diff from 2.2.1-2 to 2.2.2-2 (25.3 KiB)
- diff from 2.2.2-1 to 2.2.2-2 (687 bytes)
expat (2.2.2-1) unstable; urgency=high * New upstream release: - fix non-NULL parser parameter validation in XML_Parse; resulted in NULL dereference. -- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 13 Jul 2017 22:46:33 +0000
Available diffs
- diff from 2.2.1-3 to 2.2.2-1 (24.5 KiB)
expat (2.2.1-3) unstable; urgency=medium * Add libbsd-dev dependency to libexpat1-dev on kFreeBSD architectures (closes: #867252). -- Laszlo Boszormenyi (GCS) <email address hidden> Wed, 05 Jul 2017 17:45:36 +0000
Available diffs
- diff from 2.2.1-2 to 2.2.1-3 (821 bytes)
expat (2.1.0-4ubuntu1.4) trusty-security; urgency=medium * SECURITY UPDATE: external entity infinite loop - debian/patches/CVE-2017-9233.patch: add check to lib/xmlparse.c. - CVE-2017-9233 -- Marc Deslauriers <email address hidden> Tue, 27 Jun 2017 09:05:59 -0400
Available diffs
- diff from 2.1.0-4ubuntu1.3 to 2.1.0-4ubuntu1.4 (1006 bytes)
expat (2.1.0-7ubuntu0.16.04.3) xenial-security; urgency=medium * SECURITY UPDATE: external entity infinite loop - debian/patches/CVE-2017-9233.patch: add check to lib/xmlparse.c. - CVE-2017-9233 -- Marc Deslauriers <email address hidden> Tue, 27 Jun 2017 09:05:33 -0400
Available diffs
expat (2.2.0-1ubuntu0.1) yakkety-security; urgency=medium * SECURITY UPDATE: external entity infinite loop - debian/patches/CVE-2017-9233.patch: add check to lib/xmlparse.c. - CVE-2017-9233 -- Marc Deslauriers <email address hidden> Tue, 27 Jun 2017 09:05:06 -0400
Available diffs
expat (2.2.0-2ubuntu0.1) zesty-security; urgency=medium * SECURITY UPDATE: external entity infinite loop - debian/patches/CVE-2017-9233.patch: add check to lib/xmlparse.c. - CVE-2017-9233 -- Marc Deslauriers <email address hidden> Tue, 27 Jun 2017 08:23:49 -0400
Available diffs
expat (2.2.1-2) unstable; urgency=medium * Fix mis-detection of getrandom() on kFreeBSD. * Utilize libbsd for arc4random_buf() on kFreeBSD. -- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 22 Jun 2017 21:05:46 +0000
Available diffs
- diff from 2.2.1-1 to 2.2.1-2 (1.4 KiB)
expat (2.2.1-1) unstable; urgency=high * New upstream release: - upstream fix for CVE-2016-9063 to prevent undefined behavior from signed integer overflow, - fix CVE-2017-9233: external entity infinite loop DoS, - fix regression from fix to CVE-2016-0718 cutting off longer tag names, - use high quality entropy for hash initialization for part of CVE-2016-5300, - change hash algorithm to William Ahern's version of SipHash to go further with fixing CVE-2012-0876. -- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 17 Jun 2017 20:48:02 +0000
Available diffs
- diff from 2.2.0-2 to 2.2.1-1 (85.9 KiB)
Superseded in artful-release |
Obsolete in zesty-release |
Deleted in zesty-proposed (Reason: moved to release) |
expat (2.2.0-2) unstable; urgency=high * Use fix from Mozilla for CVE-2016-9063: integer overflow during the parsing of XML. * Replace deprecated -s debhelper switch with the -a one. -- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 02 Jan 2017 21:12:32 +0000
Available diffs
- diff from 2.2.0-1 to 2.2.0-2 (1.3 KiB)
Superseded in zesty-release |
Obsolete in yakkety-release |
Deleted in yakkety-proposed (Reason: moved to release) |
expat (2.2.0-1) unstable; urgency=low * New upstream release, update symbols accordingly. * Use upstream manpage for xmlwf. * Drop all patches as this release contains those. -- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 21 Jun 2016 15:29:58 +0000
Available diffs
- diff from 2.1.1-1ubuntu2 (in Ubuntu) to 2.2.0-1 (248.0 KiB)
expat (2.1.0-4ubuntu1.3) trusty-security; urgency=medium * SECURITY UPDATE: unanticipated internal calls to srand - debian/patches/CVE-2012-6702-1.patch: remove srand, use more entropy in lib/xmlparse.c. - debian/patches/CVE-2012-6702-2.patch: use a prime that fits 32bits on 32bit platforms in lib/xmlparse.c. - CVE-2012-6702 * SECURITY UPDATE: use of too little entropy - debian/patches/CVE-2016-5300-1.patch: extract method gather_time_entropy in lib/xmlparse.c. - debian/patches/CVE-2016-5300-2.patch: extract entropy from XML_Parser address in lib/xmlparse.c. - CVE-2016-5300 -- Marc Deslauriers <email address hidden> Fri, 10 Jun 2016 08:50:53 -0400
Available diffs
expat (2.1.0-7ubuntu0.16.04.2) xenial-security; urgency=medium * SECURITY UPDATE: unanticipated internal calls to srand - debian/patches/CVE-2012-6702-1.patch: remove srand, use more entropy in lib/xmlparse.c. - debian/patches/CVE-2012-6702-2.patch: use a prime that fits 32bits on 32bit platforms in lib/xmlparse.c. - CVE-2012-6702 * SECURITY UPDATE: use of too little entropy - debian/patches/CVE-2016-5300-1.patch: extract method gather_time_entropy in lib/xmlparse.c. - debian/patches/CVE-2016-5300-2.patch: extract entropy from XML_Parser address in lib/xmlparse.c. - CVE-2016-5300 -- Marc Deslauriers <email address hidden> Fri, 10 Jun 2016 08:48:04 -0400
Available diffs
expat (2.1.0-7ubuntu0.15.10.2) wily-security; urgency=medium * SECURITY UPDATE: unanticipated internal calls to srand - debian/patches/CVE-2012-6702-1.patch: remove srand, use more entropy in lib/xmlparse.c. - debian/patches/CVE-2012-6702-2.patch: use a prime that fits 32bits on 32bit platforms in lib/xmlparse.c. - CVE-2012-6702 * SECURITY UPDATE: use of too little entropy - debian/patches/CVE-2016-5300-1.patch: extract method gather_time_entropy in lib/xmlparse.c. - debian/patches/CVE-2016-5300-2.patch: extract entropy from XML_Parser address in lib/xmlparse.c. - CVE-2016-5300 -- Marc Deslauriers <email address hidden> Fri, 10 Jun 2016 08:50:11 -0400
Available diffs
expat (2.0.1-7.2ubuntu1.4) precise-security; urgency=medium * SECURITY UPDATE: unanticipated internal calls to srand - debian/patches/CVE-2012-6702-1.dpatch: remove srand, use more entropy in lib/xmlparse.c. - debian/patches/CVE-2012-6702-2.dpatch: use a prime that fits 32bits on 32bit platforms in lib/xmlparse.c. - CVE-2012-6702 * SECURITY UPDATE: use of too little entropy - debian/patches/CVE-2016-5300-1.dpatch: extract method gather_time_entropy in lib/xmlparse.c. - debian/patches/CVE-2016-5300-2.dpatch: extract entropy from XML_Parser address in lib/xmlparse.c. - CVE-2016-5300 -- Marc Deslauriers <email address hidden> Fri, 10 Jun 2016 08:54:12 -0400
Available diffs
expat (2.1.1-1ubuntu2) yakkety; urgency=medium * SECURITY UPDATE: unanticipated internal calls to srand - debian/patches/CVE-2012-6702-1.patch: remove srand, use more entropy in lib/xmlparse.c. - debian/patches/CVE-2012-6702-2.patch: use a prime that fits 32bits on 32bit platforms in lib/xmlparse.c. - CVE-2012-6702 * SECURITY UPDATE: use of too little entropy - debian/patches/CVE-2016-5300-1.patch: extract method gather_time_entropy in lib/xmlparse.c. - debian/patches/CVE-2016-5300-2.patch: extract entropy from XML_Parser address in lib/xmlparse.c. - CVE-2016-5300 -- Marc Deslauriers <email address hidden> Fri, 10 Jun 2016 07:58:42 -0400
Available diffs
1 → 75 of 123 results | First • Previous • Next • Last |