Back to expat PTS page

Accepted expat 2.4.5-1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted expat 2.4.5-1 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sat, 19 Feb 2022 07:34:06 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1nLKFq-0003gS-5M@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 19 Feb 2022 07:34:25 +0100
Source: expat
Architecture: source
Version: 2.4.5-1
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Closes: 1005894 1005895
Changes:
 expat (2.4.5-1) unstable; urgency=high
 .
   * New upstream release:
     - fixes CVE-2022-25235: certain validation of encoding, such as checks
       for whether a UTF-8 character is valid can cause code execution
       (closes: #1005894),
     - fixes CVE-2022-25236: passing namespace separator characters can cause
       code execution (closes: #1005895),
     - fixes CVE-2022-25313: an attacker can trigger stack exhaustion in
       build_model via a large nesting depth in the DTD element,
     - fixes CVE-2022-25314: integer overflow in function copyString() ,
     - fixes CVE-2022-25315: integer overflow in function storeRawNames() .
Checksums-Sha1:
 0503fcfe35ea8658f0d7b0c6657c5e45e06558db 1981 expat_2.4.5-1.dsc
 d344f8949c3d889e8999bf3a5dfabe5393679f69 8312969 expat_2.4.5.orig.tar.gz
 da35bb11135dc91e2b90b7876d067a2f756053f3 12456 expat_2.4.5-1.debian.tar.xz
Checksums-Sha256:
 c8fd4daf9d8ff8be7c4bf22776332e6861383c889098a4b43c54e8d39409709c 1981 expat_2.4.5-1.dsc
 c53865ca8bb7159500ab819ee141eb30da56277b9921047f800b633ae8e5f12c 8312969 expat_2.4.5.orig.tar.gz
 03d5fde1333193d8ad480ce9640a23b59b5484e475e3e6f5211db366e14432cb 12456 expat_2.4.5-1.debian.tar.xz
Files:
 65a04e60068098ee54077ac928ee16dd 1981 text optional expat_2.4.5-1.dsc
 89fe97319d8d7900c98f4f0044ff0cb2 8312969 text optional expat_2.4.5.orig.tar.gz
 f873f811d3cabdeed0e7528ad8e423a7 12456 text optional expat_2.4.5-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmIQmn4ACgkQ3OMQ54ZM
yL9GaRAAtaa5U+F5ZvRwSma09qiMv+8MtzfBshdXYp8AAuOc4AIYgRSpY5CeZ8/6
6D4gkeAFjxtLE+o/vvxpv/Rqv04EOPuuEFNXHi9EdvPDt+hv7izNbn9/uzavofmz
WTMwtcdqrYbdIOrdx4T6aM8oFgJJGmu3QLRihcpeZC6eRdFGIOkUb2l2Mj8AMeyo
/9C+PDem5bugvPCWV1CMIJPl2mMJ+8vkouw5UEifPcERsgsqMZf97tfThefejrRM
/0D6X2n1CGYYPWOZqLSUNmsblp4Q1VKPJUgkt6zF/2I8eSUycqh7OQjshR+xC7Jk
5P3srtWquxIAbQgKJNn7BwA7pHrQ+hKfQU5Er/2pm4vO7vzgTIC9GFQUYkGstquJ
yV68So8IzmVGAteIpEuFPefHU8+w/zVCW3IWYtMRMy9WoIfWw3E1JDo1GYJ1QGJG
uRdti19rjAJ+FX5DBVAzdGZTMbEdAeUAXQ04j/5qhelWzW2zETve8oUudBmmKTsW
aH/ZjoeYr2b+1osyGCn6LYDZUA6D7HHJFdUU+w5Vc7/5Ec+d/+lubexGRvPsnt9n
gtD3YWSW6dbOnYlUzSOcol8M3dYKAhmqBYE/diDZO1Gr4aO+nin4dpHDMhKaT4pn
7aEZmKLoEj45M5oAizv7ZpRxGApF8LEQ7YviFxyKZKBQrzNb3IY=
=kwPN
-----END PGP SIGNATURE-----