Sync expat 2.2.0-1 (main) from Debian unstable (main)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
expat (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
Please sync expat 2.2.0-1 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: unanticipated internal calls to srand
- debian/
in lib/xmlparse.c.
- debian/
32bit platforms in lib/xmlparse.c.
- CVE-2012-6702
* SECURITY UPDATE: use of too little entropy
- debian/
gather_
- debian/
address in lib/xmlparse.c.
- CVE-2016-5300
* SECURITY UPDATE: denial of service and possible code execution via
malformed documents
- debian/
and integer overflow in lib/xmlparse.c, lib/xmltok.c, lib/xmltok.h,
lib/
- CVE-2016-0718
* SECURITY UPDATE: integer overflows in XML_GetBuffer
- debian/
lib/
- CVE-2015-1283
Everything is part of Debian and the new upstream release.
Changelog entries since current yakkety version 2.1.1-1ubuntu2:
expat (2.2.0-1) unstable; urgency=low
* New upstream release, update symbols accordingly.
* Use upstream manpage for xmlwf.
* Drop all patches as this release contains those.
-- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 21 Jun 2016 15:29:58 +0000
expat (2.1.1-3) unstable; urgency=high
* Use upstream fix for the following security vulnerabilities:
- CVE-2012-6702, unanticipated internal calls to srand
- CVE-2016-5300, use of too little entropy
-- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 05 Jun 2016 00:17:46 +0000
expat (2.1.1-2) unstable; urgency=high
* Avoid relying on undefined behavior in CVE-2015-1283 fix.
* Apply upstream patch to fix the root cause of CVE-2016-0718 and
CVE-2016-0719 vulnerabilities.
* Update Standards-Version to 3.9.8 .
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 16 May 2016 05:35:08 +0000
Changed in expat (Ubuntu): | |
importance: | Undecided → Wishlist |
This bug was fixed in the package expat - 2.2.0-1 franco)
Sponsored for LocutusOfBorg (costamagnagian
---------------
expat (2.2.0-1) unstable; urgency=low
* New upstream release, update symbols accordingly.
* Use upstream manpage for xmlwf.
* Drop all patches as this release contains those.
-- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 21 Jun 2016 15:29:58 +0000
expat (2.1.1-3) unstable; urgency=high
* Use upstream fix for the following security vulnerabilities:
- CVE-2012-6702, unanticipated internal calls to srand
- CVE-2016-5300, use of too little entropy
-- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 05 Jun 2016 00:17:46 +0000
expat (2.1.1-2) unstable; urgency=high
* Avoid relying on undefined behavior in CVE-2015-1283 fix.
* Apply upstream patch to fix the root cause of CVE-2016-0718 and
CVE-2016-0719 vulnerabilities.
* Update Standards-Version to 3.9.8 .
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 16 May 2016 05:35:08 +0000