ubuntu/+source/expat:applied/ubuntu/precise-devel

Last commit made on 2016-06-20
Get this branch:
git clone -b applied/ubuntu/precise-devel https://git.launchpad.net/ubuntu/+source/expat
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/precise-devel
Repository:
lp:ubuntu/+source/expat

Recent commits

1e4d0bf... by Marc Deslauriers on 2016-06-10

Import patches-applied version 2.0.1-7.2ubuntu1.4 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 0da779fe9813a7872e088155564ae000972f0055
Unapplied parent: 1c67df1c257b98b41b9fb49d7a54759bb32c842b

New changelog entries:
  * SECURITY UPDATE: unanticipated internal calls to srand
    - debian/patches/CVE-2012-6702-1.dpatch: remove srand, use more entropy
      in lib/xmlparse.c.
    - debian/patches/CVE-2012-6702-2.dpatch: use a prime that fits 32bits
      on 32bit platforms in lib/xmlparse.c.
    - CVE-2012-6702
  * SECURITY UPDATE: use of too little entropy
    - debian/patches/CVE-2016-5300-1.dpatch: extract method
      gather_time_entropy in lib/xmlparse.c.
    - debian/patches/CVE-2016-5300-2.dpatch: extract entropy from
      XML_Parser address in lib/xmlparse.c.
    - CVE-2016-5300

1c67df1... by Marc Deslauriers on 2016-06-10

Import patches-unapplied version 2.0.1-7.2ubuntu1.4 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 98f379285a89763b3646c8d93dd5a872f78d5d11

New changelog entries:
  * SECURITY UPDATE: unanticipated internal calls to srand
    - debian/patches/CVE-2012-6702-1.dpatch: remove srand, use more entropy
      in lib/xmlparse.c.
    - debian/patches/CVE-2012-6702-2.dpatch: use a prime that fits 32bits
      on 32bit platforms in lib/xmlparse.c.
    - CVE-2012-6702
  * SECURITY UPDATE: use of too little entropy
    - debian/patches/CVE-2016-5300-1.dpatch: extract method
      gather_time_entropy in lib/xmlparse.c.
    - debian/patches/CVE-2016-5300-2.dpatch: extract entropy from
      XML_Parser address in lib/xmlparse.c.
    - CVE-2016-5300

0da779f... by Marc Deslauriers on 2016-05-16

Import patches-applied version 2.0.1-7.2ubuntu1.3 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 4c97553d8ded4fe947bc3702b179b443c2d93d2d
Unapplied parent: 98f379285a89763b3646c8d93dd5a872f78d5d11

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution via
    malformed documents
    - debian/patches/CVE-2016-0718.dpatch: fix out of bounds memory access
      and integer overflow in lib/xmlparse.c, lib/xmltok.c, lib/xmltok.h,
      lib/xmltok_impl.c.
    - CVE-2016-0718
  * SECURITY UPDATE: integer overflows in XML_GetBuffer
    - debian/patches/CVE-2015-1283-refix.dpatch: improved existing fix in
      lib/xmlparse.c.
    - CVE-2015-1283

98f3792... by Marc Deslauriers on 2016-05-16

Import patches-unapplied version 2.0.1-7.2ubuntu1.3 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: c91f0bd3c004da0575c235d0e56b3b3b0a5b01d0

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution via
    malformed documents
    - debian/patches/CVE-2016-0718.dpatch: fix out of bounds memory access
      and integer overflow in lib/xmlparse.c, lib/xmltok.c, lib/xmltok.h,
      lib/xmltok_impl.c.
    - CVE-2016-0718
  * SECURITY UPDATE: integer overflows in XML_GetBuffer
    - debian/patches/CVE-2015-1283-refix.dpatch: improved existing fix in
      lib/xmlparse.c.
    - CVE-2015-1283

4c97553... by Marc Deslauriers on 2015-08-28

Import patches-applied version 2.0.1-7.2ubuntu1.2 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: a2718c2fe76929bd792c4ac21c5bfa246bf00bb4
Unapplied parent: c91f0bd3c004da0575c235d0e56b3b3b0a5b01d0

New changelog entries:
  * SECURITY UPDATE: integer overflows in XML_GetBuffer
    - debian/patches/CVE-2015-1283.dpatch: add checks to lib/xmlparse.c.
    - CVE-2015-1283

c91f0bd... by Marc Deslauriers on 2015-08-28

Import patches-unapplied version 2.0.1-7.2ubuntu1.2 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 8eed1ad1e60edf81c319780ba06246fb4cee7aef

New changelog entries:
  * SECURITY UPDATE: integer overflows in XML_GetBuffer
    - debian/patches/CVE-2015-1283.dpatch: add checks to lib/xmlparse.c.
    - CVE-2015-1283

a2718c2... by Tyler Hicks on 2012-08-09

Import patches-applied version 2.0.1-7.2ubuntu1.1 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 3ea60cf1a7d5733a3a7c2f0f74bae5d9ec577b9e
Unapplied parent: 8eed1ad1e60edf81c319780ba06246fb4cee7aef

New changelog entries:
  * SECURITY UPDATE: Denial of service via memory leak
    - debian/patches/788888_CVE_2012_1148.dpatch: Properly reallocate memory.
      Based on upstream patch.
    - CVE-2012-1148

8eed1ad... by Tyler Hicks on 2012-08-09

Import patches-unapplied version 2.0.1-7.2ubuntu1.1 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: edc8fb2108427d0ee0eabe51591ec18b8e0203d1

New changelog entries:
  * SECURITY UPDATE: Denial of service via memory leak
    - debian/patches/788888_CVE_2012_1148.dpatch: Properly reallocate memory.
      Based on upstream patch.
    - CVE-2012-1148

3ea60cf... by Matthias Klose on 2012-03-15

Import patches-applied version 2.0.1-7.2ubuntu1 to applied/ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: 73bca881537c0cbdb605f6669fab6af9c838a209
Unapplied parent: edc8fb2108427d0ee0eabe51591ec18b8e0203d1

New changelog entries:
  * CVE-2012-0876: Randomize hashes of xml attributes in the expat library
    to avoid a denial of service due to hash collisions. Patch by David
    Malcolm with some modifications by the expat project.

edc8fb2... by Matthias Klose on 2012-03-15

Import patches-unapplied version 2.0.1-7.2ubuntu1 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: 5f5306f16b6f8f813ef0ac8bc48d483549e02cba

New changelog entries:
  * CVE-2012-0876: Randomize hashes of xml attributes in the expat library
    to avoid a denial of service due to hash collisions. Patch by David
    Malcolm with some modifications by the expat project.