ubuntu/+source/expat:ubuntu/xenial-updates

Last commit made on 2019-09-12
Get this branch:
git clone -b ubuntu/xenial-updates https://git.launchpad.net/ubuntu/+source/expat
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/xenial-updates
Repository:
lp:ubuntu/+source/expat

Recent commits

a0ac2a9... by Leonidas S. Barbosa on 2019-09-10

Import patches-unapplied version 2.1.0-7ubuntu0.16.04.5 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: f5181d74efdcca75d0ba0bcdc53fbd822ea710f7

New changelog entries:
  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches/CVE-2019-15903.patch: Deny internal
      entities closing the doctype in lib/xmlparse.c.
    - CVE-2019-15903

f5181d7... by Leonidas S. Barbosa on 2019-06-26

Import patches-unapplied version 2.1.0-7ubuntu0.16.04.4 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 93841e93cae04cae6367e15343fe547bfcb483c9

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-20843.patch: adds a break in
      setElementTypePrefix avoiding consume a high amount of RAM
      and CPU in lib/xmlparser.c
    - CVE-2018-20843

93841e9... by Marc Deslauriers on 2017-06-27

Import patches-unapplied version 2.1.0-7ubuntu0.16.04.3 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 39ba2aba884199177940fd471f9794dd2ab0b87c

New changelog entries:
  * SECURITY UPDATE: external entity infinite loop
    - debian/patches/CVE-2017-9233.patch: add check to lib/xmlparse.c.
    - CVE-2017-9233

39ba2ab... by Marc Deslauriers on 2016-06-10

Import patches-unapplied version 2.1.0-7ubuntu0.16.04.2 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 9d66a1224d70a47c371cbb88067446759203d866

New changelog entries:
  * SECURITY UPDATE: unanticipated internal calls to srand
    - debian/patches/CVE-2012-6702-1.patch: remove srand, use more entropy
      in lib/xmlparse.c.
    - debian/patches/CVE-2012-6702-2.patch: use a prime that fits 32bits on
      32bit platforms in lib/xmlparse.c.
    - CVE-2012-6702
  * SECURITY UPDATE: use of too little entropy
    - debian/patches/CVE-2016-5300-1.patch: extract method
      gather_time_entropy in lib/xmlparse.c.
    - debian/patches/CVE-2016-5300-2.patch: extract entropy from XML_Parser
      address in lib/xmlparse.c.
    - CVE-2016-5300

9d66a12... by Marc Deslauriers on 2016-05-16

Import patches-unapplied version 2.1.0-7ubuntu0.16.04.1 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 78e195ce6ffe0a0671aac957fe5096198115c4b3

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution via
    malformed documents
    - debian/patches/CVE-2016-0718.patch: fix out of bounds memory access
      and integer overflow in lib/xmlparse.c, lib/xmltok.c, lib/xmltok.h,
      lib/xmltok_impl.c.
    - CVE-2016-0718
  * SECURITY UPDATE: integer overflows in XML_GetBuffer
    - debian/patches/CVE-2015-1283-refix.patch: improved existing fix in
      lib/xmlparse.c.
    - CVE-2015-1283

78e195c... by Laszlo Boszormenyi on 2015-07-24

Import patches-unapplied version 2.1.0-7 to debian/sid

Imported using git-ubuntu import.

Changelog parent: e264354f2a5855192d8c01e4b48db0be60ec39d3

New changelog entries:
  * Fix CVE-2015-1283, multiple integer overflows in the XML_GetBuffer
    function (closes: #793484).
  * Update Standards-Version to 3.9.6 .

e264354... by Laszlo Boszormenyi on 2014-06-04

Import patches-unapplied version 2.1.0-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: dac77b79e50f2db70c29747a3055db8c212c48e6

New changelog entries:
  * Really do the Ubuntu sync (closes: #748250).

dac77b7... by Laszlo Boszormenyi on 2014-05-18

Import patches-unapplied version 2.1.0-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 358e8d7c9b17c3057cdea8b11fec027a81d57ba1

New changelog entries:
  * Move to Standards-Version 3.9.5 and to debhelper level 9 .
  * Sync with Ubuntu.
  [ Matthias Klose <email address hidden> ]
  * Use dh-autoreconf (closes: #748250).
  * Enable parallel builds.

358e8d7... by Laszlo Boszormenyi on 2013-07-07

Import patches-unapplied version 2.1.0-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 56501817bbee0bbe490646138061d47a90c25179

New changelog entries:
  * New maintainer (closes: #660681).
  * Update to Standards-Version 3.9.4 , no changes needed.
  * Move to compat level 8 .

5650181... by Matthias Klose on 2013-05-08

Import patches-unapplied version 2.1.0-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 135cd0bb85508cf1975d3deb942b5a9a60d1b65b

New changelog entries:
  * QA upload, set maintainer address to the QA team.
  * Move expat_config.h into the multiarch include location.
  * Make libexpat1-dev Multi-Arch: same.
  * Update config.{guess,sub} for aarch64 (Wookey). Closes: #689619.
  * Don't ship the pkgconfig file in lib64expat1-dev. Closes: #706932.