ubuntu/+source/expat:ubuntu/precise-security

Last commit made on 2016-06-20
Get this branch:
git clone -b ubuntu/precise-security https://git.launchpad.net/ubuntu/+source/expat
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/precise-security
Repository:
lp:ubuntu/+source/expat

Recent commits

1c67df1... by Marc Deslauriers on 2016-06-10

Import patches-unapplied version 2.0.1-7.2ubuntu1.4 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 98f379285a89763b3646c8d93dd5a872f78d5d11

New changelog entries:
  * SECURITY UPDATE: unanticipated internal calls to srand
    - debian/patches/CVE-2012-6702-1.dpatch: remove srand, use more entropy
      in lib/xmlparse.c.
    - debian/patches/CVE-2012-6702-2.dpatch: use a prime that fits 32bits
      on 32bit platforms in lib/xmlparse.c.
    - CVE-2012-6702
  * SECURITY UPDATE: use of too little entropy
    - debian/patches/CVE-2016-5300-1.dpatch: extract method
      gather_time_entropy in lib/xmlparse.c.
    - debian/patches/CVE-2016-5300-2.dpatch: extract entropy from
      XML_Parser address in lib/xmlparse.c.
    - CVE-2016-5300

98f3792... by Marc Deslauriers on 2016-05-16

Import patches-unapplied version 2.0.1-7.2ubuntu1.3 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: c91f0bd3c004da0575c235d0e56b3b3b0a5b01d0

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution via
    malformed documents
    - debian/patches/CVE-2016-0718.dpatch: fix out of bounds memory access
      and integer overflow in lib/xmlparse.c, lib/xmltok.c, lib/xmltok.h,
      lib/xmltok_impl.c.
    - CVE-2016-0718
  * SECURITY UPDATE: integer overflows in XML_GetBuffer
    - debian/patches/CVE-2015-1283-refix.dpatch: improved existing fix in
      lib/xmlparse.c.
    - CVE-2015-1283

c91f0bd... by Marc Deslauriers on 2015-08-28

Import patches-unapplied version 2.0.1-7.2ubuntu1.2 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 8eed1ad1e60edf81c319780ba06246fb4cee7aef

New changelog entries:
  * SECURITY UPDATE: integer overflows in XML_GetBuffer
    - debian/patches/CVE-2015-1283.dpatch: add checks to lib/xmlparse.c.
    - CVE-2015-1283

8eed1ad... by Tyler Hicks on 2012-08-09

Import patches-unapplied version 2.0.1-7.2ubuntu1.1 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: edc8fb2108427d0ee0eabe51591ec18b8e0203d1

New changelog entries:
  * SECURITY UPDATE: Denial of service via memory leak
    - debian/patches/788888_CVE_2012_1148.dpatch: Properly reallocate memory.
      Based on upstream patch.
    - CVE-2012-1148

edc8fb2... by Matthias Klose on 2012-03-15

Import patches-unapplied version 2.0.1-7.2ubuntu1 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: 5f5306f16b6f8f813ef0ac8bc48d483549e02cba

New changelog entries:
  * CVE-2012-0876: Randomize hashes of xml attributes in the expat library
    to avoid a denial of service due to hash collisions. Patch by David
    Malcolm with some modifications by the expat project.

5f5306f... by Robert Millan on 2011-11-02

Import patches-unapplied version 2.0.1-7.2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 0f48dc52aba54f3bd873ffc328b5a61286298868

New changelog entries:
  * Non-maintainer upload.
  * Fix symlink breakage introduced with my last upload. (Closes: #647340)

0f48dc5... by Robert Millan on 2011-10-22

Import patches-unapplied version 2.0.1-7.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 6a34ce190b04d3678719916acdd1340feb0e348e

New changelog entries:
  * Non-maintainer upload.
  * Multi-arch support (patch from Steve Langaseck). (Closes: #632261)
  * Move libexpat.so.1 to /lib. (Closes: #637101)

6a34ce1... by Daniel Leidert on 2009-12-29

Import patches-unapplied version 2.0.1-7 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 0e39878ab66bfb0811ca0aa228c97b1ea8a3700b

New changelog entries:
  * debian/control (Depends): Fixed debhelper-but-no-misc-depends.
  * debian/patches/560901_CVE_2009_3560.dpatch: Adjusted.
    - lib/xmlparse.c (doProlog): Revised patch for CVE-2009-3560 after
      regressions have been detected (closes: #561658). Many thanks to
      Niko Tyni and Karl Waclawek for their help and the fix.

0e39878... by Daniel Leidert on 2009-12-13

Import patches-unapplied version 2.0.1-6 to debian/squeeze

Imported using git-ubuntu import.

Changelog parent: 2c38fca4a137508b6456ec2fdab8cd0034a14da5

New changelog entries:
  * debian/patches/560901_CVE_2009_3560.dpatch: Added.
    - lib/xmlparse.c (doProlog): Fix DoS vulnerability CVE-2009-3560 (closes:
      #560901).
  * debian/patches/00list: Adjusted.

2c38fca... by Daniel Leidert on 2009-11-03

Import patches-unapplied version 2.0.1-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 25a71bd0b46b95c8dca4c7c6e013287a33cbe599

New changelog entries:
  * debian/control (Standards-Version): Bumped to 3.8.3.
    (Priority, Section): Fixed binary-control-field-duplicates-source.
    (Description): Fixed extended-description-is-probably-too-short and
    duplicate-long-description.
  * debian/rules (CFLAGS): Drop useless '-pthread -D_REENTRANT' from version
    1.95-8-1 (closes: #551079).
  * debian/README.source: Added for policy compliance.
  * debian/patches/551936_CVE_2009_2625.dpatch: Added.
    - lib/xmltok_impl.c (updatePosition): Fix DoS vulnerability CVE-2009-2625
      (closes: #551936).
  * debian/patches/00list: Adjusted.