expat 2.2.5-3ubuntu0.4 source package in Ubuntu


expat (2.2.5-3ubuntu0.4) bionic-security; urgency=medium

  * SECURITY UPDATE: Realloc misbehavior
    - debian/patches/CVE-2021-45960.patch: detect and prevent troublesome
      left shifts in function storeAtts in expat/lib/xmlparse.c.
    - CVE-2021-45960
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2021-46143.patch: prevent integer overflow
      on m_groupSize in function doProlog in expat/lib/xmlparse.c.
    - CVE-2021-46143
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2022-22822-to-CVE-2022-22827.patch: prevent integer overflow
      in multiple places in expat/lib/xmlparse.c.
    - CVE-2022-22822
    - CVE-2022-22823
    - CVE-2022-22824
    - CVE-2022-22825
    - CVE-2022-22826
    - CVE-2022-22827
  * SECURITY UPDATE: Signed integer overflow
    - debian/patches/CVE-2022-23852-*.patch: detect and prevent
      integer overflow in XML_GetBuffer in expat/lib/xmlparse.c and
      adds test to cover it in expat/tests/runtests.c.
    - CVE-2022-23852
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2022-23990.patch: prevent integer overflow in
      doProlog in expat/lib/xmlparse.c.
    - CVE-2022-23990
  * SECURITY UPDATE: Incomplete validation encoding
    - debian/patches/CVE-2022-25235-*.patch: adds missing validation
      and adds tests in expat/lib/xmltok_impl.c, expat/tests/runtests.c.
    - CVE-2022-25235
  * SECURITY UPDATE: Namespace-separator insertions
    - debian/patches/CVE-2022-25236-*.patch: Protect against malicious
      namespace declarations in expat/lib/xmlparse.c, expat/tests/runtests.c.
    - CVE-2022-25236

 -- Leonidas Da Silva Barbosa <email address hidden>  Thu, 17 Feb 2022 20:38:16 -0300

Upload details

Uploaded by:
Leonidas S. Barbosa
Uploaded to:
Original maintainer:
Ubuntu Developers
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section


File Size SHA-256 Checksum
expat_2.2.5.orig.tar.gz 7.9 MiB b3781742738611eaa737543ee94264dd511c52a3ba7e53111f7d705f6bff65a8
expat_2.2.5-3ubuntu0.4.debian.tar.xz 18.0 KiB 825a6d71771b2080719d6a708fe0106a3f213212eb32a8a2d216a1e0bc239f13
expat_2.2.5-3ubuntu0.4.dsc 2.2 KiB 16fe1b6b52089e833ec6a36f927e3576cc2932327e15a8e3c17446022e23e44b

View changes file

Binary packages built by this source

expat: XML parsing C library - example application

 This package contains xmlwf, an example application of expat, the C
 library for parsing XML. The arguments to xmlwf are one or more
 files which are each to be checked for XML well-formedness.

expat-dbgsym: debug symbols for expat
libexpat1: XML parsing C library - runtime library

 This package contains the runtime, shared library of expat, the C
 library for parsing XML. Expat is a stream-oriented parser in
 which an application registers handlers for things the parser
 might find in the XML document (like start tags).

libexpat1-dbgsym: debug symbols for libexpat1
libexpat1-dev: XML parsing C library - development kit

 This package contains the header file and development libraries of
 expat, the C library for parsing XML. Expat is a stream oriented XML
 parser. This means that you register handlers with the parser prior
 to starting the parse. These handlers are called when the parser
 discovers the associated structures in the document being parsed. A
 start tag is an example of the kind of structures for which you may
 register handlers.

libexpat1-udeb: XML parsing C library - runtime library

 This package contains the runtime, shared library of expat, the C
 library for parsing XML.