expat 2.2.9-1ubuntu0.4 source package in Ubuntu


expat (2.2.9-1ubuntu0.4) focal-security; urgency=medium

  * SECURITY UPDATE: Stack exhaustion
    - debian/patches/CVE-2022-25313.patch: prevent
      stack exhaustion in build_model in expat/lib/xmlparse.c.
    - debian/patches/fix-build_model-regression.patch: fix build_model
      regression in expat/lib/xmlparse.c.
    - debian/patches/protect-against-nested-element*: in expat/lib/xmlparse.
    - CVE-2022-25313
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2022-25314.patch: prevent integer overflow in
      copyString in expat/lib/xmlparse.c.
    - CVE-2022-25314
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2022-25315.patch: prevent integer overflow in
      storeRawNames in expat/lib/xmlparse.c.
    - CVE-2022-25315
  * SECURITY UPDATE: relax fix to CVE-2022-25236 with regard to
    RFC 3986 URI characters and possibly regressions
    - debian/patches/CVE-2022-25236-3.patch: add a note on namespace URI
      validation in expat/doc/reference.html, expat/lib/expat.h.
    - debian/patches/CVE-2022-25236-4.patch: document namespace separator
      effect right in header expat/lib/expat.h.
    - debian/patches/CVE-2022-25236-5.patch: cover relaxed fix in tests.
    - debian/patches/CVE-2022-25236-6.patch: relax fix with regard to
      RFC 3986 URI characters in expat/lib/xmlparse.c. (LP: #1963903)
  * removing duplicated tests
    - debian/patches/fix_test_dup.patch: removing tests were duplicated in

 -- Leonidas Da Silva Barbosa <email address hidden>  Mon, 21 Feb 2022 15:48:46 -0300

Upload details

Uploaded by:
Leonidas S. Barbosa
Uploaded to:
Original maintainer:
Ubuntu Developers
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section


File Size SHA-256 Checksum
expat_2.2.9.orig.tar.gz 7.9 MiB c341ac8c79e021cc3392a6d76e138e62d1dd287592cb455148540331756a2208
expat_2.2.9-1ubuntu0.4.debian.tar.xz 25.4 KiB 7cd206d9a6bf9be890a46962cffb472fbf8d20b058f335369001e08a533ecdc1
expat_2.2.9-1ubuntu0.4.dsc 2.0 KiB 41709458bb2acbf75320c03a95ee1263c8b5bb0228810fe30c88c6274f962239

View changes file

Binary packages built by this source

expat: XML parsing C library - example application

 This package contains xmlwf, an example application of expat, the C
 library for parsing XML. The arguments to xmlwf are one or more
 files which are each to be checked for XML well-formedness.

expat-dbgsym: debug symbols for expat
libexpat1: XML parsing C library - runtime library

 This package contains the runtime, shared library of expat, the C
 library for parsing XML. Expat is a stream-oriented parser in
 which an application registers handlers for things the parser
 might find in the XML document (like start tags).

libexpat1-dbgsym: debug symbols for libexpat1
libexpat1-dev: XML parsing C library - development kit

 This package contains the header file and development libraries of
 expat, the C library for parsing XML. Expat is a stream oriented XML
 parser. This means that you register handlers with the parser prior
 to starting the parse. These handlers are called when the parser
 discovers the associated structures in the document being parsed. A
 start tag is an example of the kind of structures for which you may
 register handlers.

libexpat1-udeb: XML parsing C library - runtime library

 This package contains the runtime, shared library of expat, the C
 library for parsing XML.