expat 2.2.9-1ubuntu0.7 source package in Ubuntu

Changelog

expat (2.2.9-1ubuntu0.7) focal-security; urgency=medium

  * SECURITY UPDATE: invalid input length
    - CVE-2024-45490-*.patch: adds a check to the XML_ParseBuffer function of
      expat/lib/xmlparse.c to identify and error out if a negative length is
      provided.
    - CVE-2024-45490
  * SECURITY UPDATE: integer overflow
    - CVE-2024-45491.patch: adds a check to the dtdCopy function of
      expat/lib/xmlparse.c to detect and prevent an integer overflow.
    - CVE-2024-45491
  * SECURITY UPDATE: integer overflow
    - CVE-2024-45492.patch: adds a check to the nextScaffoldPart function of
      expat/lib/xmlparse.c to detect and prevent an integer overflow.
    - CVE-2024-45492

 -- Ian Constantin <email address hidden>  Tue, 10 Sep 2024 13:17:46 +0300

Upload details

Uploaded by:
Ian Constantin
Uploaded to:
Focal
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
text
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Focal updates main text
Focal security main text

Downloads

File Size SHA-256 Checksum
expat_2.2.9.orig.tar.gz 7.9 MiB c341ac8c79e021cc3392a6d76e138e62d1dd287592cb455148540331756a2208
expat_2.2.9-1ubuntu0.7.debian.tar.xz 28.2 KiB 45d7694d75636dd1422c5b03fa8e8604cdec31001567dc39fd1b7657220501fe
expat_2.2.9-1ubuntu0.7.dsc 1.9 KiB 0c1a8ac1e13c3555e8ab0965fd5d334173566dadb84dfeea9629a0a7d9da7f76

View changes file

Binary packages built by this source

expat: XML parsing C library - example application

 This package contains xmlwf, an example application of expat, the C
 library for parsing XML. The arguments to xmlwf are one or more
 files which are each to be checked for XML well-formedness.

expat-dbgsym: debug symbols for expat
libexpat1: XML parsing C library - runtime library

 This package contains the runtime, shared library of expat, the C
 library for parsing XML. Expat is a stream-oriented parser in
 which an application registers handlers for things the parser
 might find in the XML document (like start tags).

libexpat1-dbgsym: debug symbols for libexpat1
libexpat1-dev: XML parsing C library - development kit

 This package contains the header file and development libraries of
 expat, the C library for parsing XML. Expat is a stream oriented XML
 parser. This means that you register handlers with the parser prior
 to starting the parse. These handlers are called when the parser
 discovers the associated structures in the document being parsed. A
 start tag is an example of the kind of structures for which you may
 register handlers.

libexpat1-udeb: XML parsing C library - runtime library

 This package contains the runtime, shared library of expat, the C
 library for parsing XML.