Package "expat"
Name: |
expat
|
Description: |
XML parsing C library - example application
|
Latest version: |
2.2.9-1ubuntu0.8 |
Release: |
focal (20.04) |
Level: |
updates |
Repository: |
universe |
Homepage: |
https://libexpat.github.io/ |
Links
Download "expat"
Other versions of "expat" in Focal
Changelog
expat (2.2.9-1ubuntu0.8) focal-security; urgency=medium
* SECURITY UPDATE: denial-of-service via XML_ResumeParser
- debian/patches/CVE-2024-50602-1.patch: Make function XML_StopParser of
expat/lib/xmlparse.c refuse to stop/suspend an unstarted parser
- debian/patches/CVE-2024-50602-2.patch: Add XML_PARSING case to parser
state in function XML_StopParser of expat/lib/xmlparse.c
- debian/patches/CVE-2024-50602-3.patch: Add tests for CVE-2024-50602 to
expat/tests/runtests.c
- CVE-2024-50602
-- Nicolas Campuzano Jimenez <email address hidden> Sun, 01 Dec 2024 22:26:34 -0500
|
Source diff to previous version |
CVE-2024-50602 |
An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an un |
|
expat (2.2.9-1ubuntu0.7) focal-security; urgency=medium
* SECURITY UPDATE: invalid input length
- CVE-2024-45490-*.patch: adds a check to the XML_ParseBuffer function of
expat/lib/xmlparse.c to identify and error out if a negative length is
provided.
- CVE-2024-45490
* SECURITY UPDATE: integer overflow
- CVE-2024-45491.patch: adds a check to the dtdCopy function of
expat/lib/xmlparse.c to detect and prevent an integer overflow.
- CVE-2024-45491
* SECURITY UPDATE: integer overflow
- CVE-2024-45492.patch: adds a check to the nextScaffoldPart function of
expat/lib/xmlparse.c to detect and prevent an integer overflow.
- CVE-2024-45492
-- Ian Constantin <email address hidden> Tue, 10 Sep 2024 13:17:46 +0300
|
Source diff to previous version |
CVE-2024-45490 |
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. |
CVE-2024-45491 |
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT |
CVE-2024-45492 |
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (wh |
|
expat (2.2.9-1ubuntu0.6) focal-security; urgency=medium
* SECURITY UPDATE: use-after-free
- debian/patches/CVE-2022-43680-1.patch: adds tests to cover
DTD destruction in XML_ExternalEntityParserCreate in
expat/tests/runtests.c.
- debian/patches/CVE-2022-43680-2.patch: fix overeager DTD
destruction in XML_ExternalEntityParserCreate in
expat/lib/xmlparse.c.
- CVE-2022-43680
-- David Fernandez Gonzalez <email address hidden> Fri, 18 Nov 2022 11:29:59 +0100
|
Source diff to previous version |
CVE-2022-43680 |
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memo |
|
expat (2.2.9-1ubuntu0.5) focal-security; urgency=medium
* SECURITY UPDATE: Use-after-free in doContent
- debian/patches/CVE-2022-40674.patch: ensure storeRawNames()
is always called in func internalEntityProcessor if handling
unbalanced tags in expat/lib/xmlparse.c.
- CVE-2022-40674
-- David Fernandez Gonzalez <email address hidden> Tue, 15 Nov 2022 16:11:03 +0100
|
Source diff to previous version |
CVE-2022-40674 |
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. |
|
expat (2.2.9-1ubuntu0.4) focal-security; urgency=medium
* SECURITY UPDATE: Stack exhaustion
- debian/patches/CVE-2022-25313.patch: prevent
stack exhaustion in build_model in expat/lib/xmlparse.c.
- debian/patches/fix-build_model-regression.patch: fix build_model
regression in expat/lib/xmlparse.c.
- debian/patches/protect-against-nested-element*: in expat/lib/xmlparse.
- CVE-2022-25313
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2022-25314.patch: prevent integer overflow in
copyString in expat/lib/xmlparse.c.
- CVE-2022-25314
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2022-25315.patch: prevent integer overflow in
storeRawNames in expat/lib/xmlparse.c.
- CVE-2022-25315
* SECURITY UPDATE: relax fix to CVE-2022-25236 with regard to
RFC 3986 URI characters and possibly regressions
- debian/patches/CVE-2022-25236-3.patch: add a note on namespace URI
validation in expat/doc/reference.html, expat/lib/expat.h.
- debian/patches/CVE-2022-25236-4.patch: document namespace separator
effect right in header expat/lib/expat.h.
- debian/patches/CVE-2022-25236-5.patch: cover relaxed fix in tests.
- debian/patches/CVE-2022-25236-6.patch: relax fix with regard to
RFC 3986 URI characters in expat/lib/xmlparse.c. (LP: #1963903)
* removing duplicated tests
- debian/patches/fix_test_dup.patch: removing tests were duplicated in
expat/tests/runtests.c.
-- Leonidas Da Silva Barbosa <email address hidden> Mon, 21 Feb 2022 15:48:46 -0300
|
1963903 |
expat relax fix for CVE-2022-25236 and possible regressions |
CVE-2022-25313 |
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. |
CVE-2022-25314 |
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. |
CVE-2022-25315 |
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. |
CVE-2022-25236 |
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. |
|
About
-
Send Feedback to @ubuntu_updates