Back to expat PTS page

Accepted expat 2.1.0-1+deb7u3 (source amd64) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted expat 2.1.0-1+deb7u3 (source amd64) into oldstable
From: dak@security.debian.org
Date: Thu, 19 May 2016 19:30:13 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1b3Te9-0000WU-C6@seger.debian.org>
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 19 May 2016 20:52:37 +0200
Source: expat
Binary: lib64expat1-dev lib64expat1 libexpat1-dev libexpat1 libexpat1-udeb expat
Architecture: source amd64
Version: 2.1.0-1+deb7u3
Distribution: wheezy-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description: 
 expat      - XML parsing C library - example application
 lib64expat1 - XML parsing C library - runtime library (64bit)
 lib64expat1-dev - XML parsing C library - development kit (64bit)
 libexpat1  - XML parsing C library - runtime library
 libexpat1-dev - XML parsing C library - development kit
 libexpat1-udeb - XML parsing C library - runtime library (udeb)
Changes: 
 expat (2.1.0-1+deb7u3) wheezy-security; urgency=high
 .
   *  Add CVE-2015-1283.refix.patch:
      Avoid relying on undefined behavior in CVE-2015-1283 fix.
   *  Add CVE-2016-0719.patch:
      Apply upstream patch to fix the root cause of CVE-2016-0718 and
      CVE-2016-0719 vulnerabilities.
      The Expat XML parser mishandles certain kinds of malformed input
      documents, resulting in buffer overflows during processing and error
      reporting. The overflows can manifest as a segmentation fault or as memory
      corruption during a parse operation. The bugs allow for a denial of
      service attack in many applications by an unauthenticated attacker, and
      could conceivably result in remote code execution.
Checksums-Sha1: 
 7e92328f25b5a5ee52559be49d08ecb465b3c644 2307 expat_2.1.0-1+deb7u3.dsc
 b1064eda8363601954f20c9a71427ff47573151e 18053 expat_2.1.0-1+deb7u3.debian.tar.gz
 7995139ae1038ddd769a127c121add4678324831 225192 libexpat1-dev_2.1.0-1+deb7u3_amd64.deb
 98ce4de3b3de5d3cd170baea4afdcf9183a41be0 138872 libexpat1_2.1.0-1+deb7u3_amd64.deb
 33a60907ee0ad68aa5fc8023018db9306faabc6e 52686 libexpat1-udeb_2.1.0-1+deb7u3_amd64.udeb
 5ea30f805bc4bb5735e45f3c1a0d7705fffba3e9 26272 expat_2.1.0-1+deb7u3_amd64.deb
Checksums-Sha256: 
 51495f73e7f2ab1075c602ac8fa1842618a8a75c4fb53e0e43d50dbc73e7dbbe 2307 expat_2.1.0-1+deb7u3.dsc
 8a2a90540a2f302fa4e9f35b7f8d43ccce44dcdd234a2c04e84b95b2dd05fc26 18053 expat_2.1.0-1+deb7u3.debian.tar.gz
 6273f0db41014865c9e02d3095baf3d3de0cafc97a7c1784166731845e7c40c9 225192 libexpat1-dev_2.1.0-1+deb7u3_amd64.deb
 4b69f351c6dedad1f58b12b1fdf2b6bd82634057860e8ffc66afa4904e55007b 138872 libexpat1_2.1.0-1+deb7u3_amd64.deb
 70093f87003fe29513cc52002d9034d0d5d16e5dde258e6921e5ae99caf531d0 52686 libexpat1-udeb_2.1.0-1+deb7u3_amd64.udeb
 1eff366eb7e7c515f213c328ec63b4a30c14bebcbe1ad4b3f4d47c5bb019c74b 26272 expat_2.1.0-1+deb7u3_amd64.deb
Files: 
 393470e8b89740df1865cf9a9b9a15b1 2307 text optional expat_2.1.0-1+deb7u3.dsc
 fdde7adf44f43aa237f99afd06886444 18053 text optional expat_2.1.0-1+deb7u3.debian.tar.gz
 ea27702147e3740f6c278e3c025662ad 225192 libdevel optional libexpat1-dev_2.1.0-1+deb7u3_amd64.deb
 5a10623318739cca7bd276128968d8f2 138872 libs optional libexpat1_2.1.0-1+deb7u3_amd64.deb
 a2e0431ea9c993b17e77fe4af96670f5 52686 debian-installer extra libexpat1-udeb_2.1.0-1+deb7u3_amd64.udeb
 7a72e88247823521ea93d9b09c52774a 26272 text optional expat_2.1.0-1+deb7u3_amd64.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJXPhPsXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkVgsP/itbKxY3a4Y/3mvTvqyR4Qvp
G5uVK36Y7PejsndvWWsQKr46UVvCu+cv3QPH/Ks7w3VEttGF/i18xMrvxuvbo1is
l60E/pCUgbNPGAhVznK9SzsWfSyyyJDv202qy0IycD9hLIUO86Yxpi+ISV3XgyAJ
oEkuR4JQfZndqj12EdPqgn6IlYkVKKRfzY2XTno+UpcTU5zg4DRVe67MVrnfQDx6
epV9mYazsy2A3LyPwKc1e1QTPi+iWm/cZWSjwDD3pe9JcsY/heGDXmFtU+Dwv8hO
QrNaUEtKUMtKx3ftqHgPq5a6TkmRA2WFeYzu2S6nd2+oaRrAcMw0zPpqlnKjWqhS
fVrItV+UeMnt5JeExqGIZv109TtcTUD2s+FAK4xOShHIGjNRK9ex2qNY5b74ztoA
f2BVmGUDLxbUhDFOak62E2ZVtshYikcqDMM/VNzPaeuXjxGKYDOFA7N8BqqM8f8E
aYDrEbsrcHcRRv7Tgkd0BOM61iSpuwNJ7i3tY6XvQkKGVp2nxexzJNyIjxaiTqIh
C9bvzLU0o7zO37NaMs3FlFBJ2AzaAYpI0Ayrx7DU84vUYmcagqEVD8eaeQhn9TLg
PXk6FYv7/Le47g6obifuYcyns3cCMnOIqLo7S4rW2XxCL4THxn8tZevg0ogJ1UgB
/XKH6a3NNYv8koO8DeHp
=fzFK
-----END PGP SIGNATURE-----