Please sync expat 2.1.0-7 (main) from Debian unstable (main)
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| expat (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Please sync expat 2.1.0-7 (main) from Debian unstable (main).
Explanation of the Ubuntu delta and why it can be droppped:
expat (2.1.0-6ubuntu1) utopic; urgency=medium
* No-change rebuild to get debug symbols on all architectures.
-- Brian Murray <email address hidden> Tue, 21 Oct 2014 11:56:11 -0700
Unless I'm missing something, this was just a rebuild without any changes.
Changes in Debian since 2.1.0-6:
expat (2.1.0-7) unstable; urgency=high
* Fix CVE-2015-1283, multiple integer overflows in the XML_GetBuffer
function (closes: #793484).
* Update Standards-Version to 3.9.6 .
-- Laszlo Boszormenyi (GCS) <email address hidden> Fri, 24 Jul 2015 14:48:45 +0000
Note that this includes fix for a CVE. I don't know what the policy is regarding syncs with the ongoing gcc5 transition, so please let me know if this will need to wait until that has been sorted out.
CVE References
| Daniel Holbach (dholbach) wrote | #1 |
| Changed in expat (Ubuntu): | |
| status: | New → Fix Released |
| djcj (djcj) wrote | #2 |
This bug was fixed in the package expat - 2.1.0-7
Sponsored for Hans Joachim Desserud (hjd)
---------------
expat (2.1.0-7) unstable; urgency=high
* Fix CVE-2015-1283, multiple integer overflows in the XML_GetBuffer
function (closes: #793484).
* Update Standards-Version to 3.9.6 .
-- Laszlo Boszormenyi (GCS) <email address hidden> Fri, 24 Jul 2015 14:48:45 +0000