Format: 1.8 Date: Thu, 17 Feb 2022 20:09:12 -0300 Source: expat Binary: expat libexpat1 libexpat1-dev libexpat1-udeb Architecture: arm64 Version: 2.2.9-1ubuntu0.2 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Leonidas Da Silva Barbosa Description: expat - XML parsing C library - example application libexpat1 - XML parsing C library - runtime library libexpat1-dev - XML parsing C library - development kit libexpat1-udeb - XML parsing C library - runtime library (udeb) Changes: expat (2.2.9-1ubuntu0.2) focal-security; urgency=medium . * SECURITY UPDATE: Realloc misbehavior - debian/patches/CVE-2021-45960.patch: detect and prevent troublesome left shifts in function storeAtts in expat/lib/xmlparse.c. - CVE-2021-45960 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2021-46143.patch: prevent integer overflow on m_groupSize in function doProlog in expat/lib/xmlparse.c. - CVE-2021-46143 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-22822-to-CVE-2022-22827.patch: prevent integer overflow in multiple places in expat/lib/xmlparse.c. - CVE-2022-22822 - CVE-2022-22823 - CVE-2022-22824 - CVE-2022-22825 - CVE-2022-22826 - CVE-2022-22827 * SECURITY UPDATE: Signed integer overflow - debian/patches/CVE-2022-23852-*.patch: detect and prevent integer overflow in XML_GetBuffer in expat/lib/xmlparse.c and adds test to cover it in expat/tests/runtests.c. - CVE-2022-23852 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-23990.patch: prevent integer overflow in doProlog in expat/lib/xmlparse.c. - CVE-2022-23990 * SECURITY UPDATE: Incomplete validation encoding - debian/patches/CVE-2022-25235-*.patch: adds missing validation and adds tests in expat/lib/xmltok_impl.c, expat/tests/runtests.c. - CVE-2022-25235 * SECURITY UPDATE: Namespace-separator insertions - debian/patches/CVE-2022-25236-*.patch: Protect against malicious namespace declarations in expat/lib/xmlparse.c, expat/tests/runtests.c. - CVE-2022-25236 Checksums-Sha1: 8b44805de23f14bfaea1e6a59fe1b45afeefb2be 30572 expat-dbgsym_2.2.9-1ubuntu0.2_arm64.ddeb 9e08d571497737f8eaaba774d69459f9fce2dbbd 8063 expat_2.2.9-1ubuntu0.2_arm64.buildinfo 9168d568199445c0f66075d66f3f8e561258db0b 14932 expat_2.2.9-1ubuntu0.2_arm64.deb 3f90a3dc9c5cf8e38ba1654c7b53ded9950d8568 289148 libexpat1-dbgsym_2.2.9-1ubuntu0.2_arm64.ddeb 79f832bd6e3b49d6c15228e36591bc1769047cac 103516 libexpat1-dev_2.2.9-1ubuntu0.2_arm64.deb c867be004eac47305c5e24ef5d0ebb27c9c5ed5a 50364 libexpat1-udeb_2.2.9-1ubuntu0.2_arm64.udeb 8550447727bd6e448a3090da2cb5224e4cbd1559 62232 libexpat1_2.2.9-1ubuntu0.2_arm64.deb Checksums-Sha256: 53138f9185b50916cc8714639bbecdd89b1cfbc7fd404f5e9760f3384e0652a4 30572 expat-dbgsym_2.2.9-1ubuntu0.2_arm64.ddeb f05ec8ccb06f1c5702e54d85998c0850c464467b39745e6462434bd96aebaaff 8063 expat_2.2.9-1ubuntu0.2_arm64.buildinfo 580e43fc0f618642558988a99478d5d94769c6f13545431852fba74d79754020 14932 expat_2.2.9-1ubuntu0.2_arm64.deb 147610e649bd3df9f08e5aee9b8945e80ab4530c6b92bcc226d6fd6adad94b05 289148 libexpat1-dbgsym_2.2.9-1ubuntu0.2_arm64.ddeb 5eb23820b356f140ed5443a8c6f312940f7019fa3c06d9579a1e3123c43a626c 103516 libexpat1-dev_2.2.9-1ubuntu0.2_arm64.deb b3e834aa9829524a593b5a34cbc63e518d11e8f17a801f98cdeb26d0ab29432e 50364 libexpat1-udeb_2.2.9-1ubuntu0.2_arm64.udeb ca665f0cd21a5005ea75318d025f1ddac23540fe9ff9cbae74b51dc0e7848910 62232 libexpat1_2.2.9-1ubuntu0.2_arm64.deb Files: ed0b1c9dd3670479c6f82018bb5e174f 30572 debug optional expat-dbgsym_2.2.9-1ubuntu0.2_arm64.ddeb ef5beb9787908ef89f203ac7a69bed7b 8063 text optional expat_2.2.9-1ubuntu0.2_arm64.buildinfo 8ad53f8ba8f8838ba4b78668a3340762 14932 text optional expat_2.2.9-1ubuntu0.2_arm64.deb c9c9598ed8e7b90211abd8f4d0c212f9 289148 debug optional libexpat1-dbgsym_2.2.9-1ubuntu0.2_arm64.ddeb c841d7d7ca4be8c7b9be646ead01741f 103516 libdevel optional libexpat1-dev_2.2.9-1ubuntu0.2_arm64.deb f0b9a5486fa674f4c2df6f261412e341 50364 debian-installer optional libexpat1-udeb_2.2.9-1ubuntu0.2_arm64.udeb ba1c3e276da8d3c255dcb6c261860dbf 62232 libs optional libexpat1_2.2.9-1ubuntu0.2_arm64.deb Original-Maintainer: Laszlo Boszormenyi (GCS) Package-Type: udeb