Package "expat"
Name: |
expat
|
Description: |
XML parsing C library - example application
|
Latest version: |
2.6.1-2ubuntu0.2 |
Release: |
noble (24.04) |
Level: |
updates |
Repository: |
universe |
Homepage: |
https://libexpat.github.io/ |
Links
Download "expat"
Other versions of "expat" in Noble
Changelog
expat (2.6.1-2ubuntu0.2) noble-security; urgency=medium
* SECURITY UPDATE: denial-of-service via XML_ResumeParser
- debian/patches/CVE-2024-50602-1.patch: Make function XML_StopParser of
expat/lib/xmlparse.c refuse to stop/suspend an unstarted parser
- debian/patches/CVE-2024-50602-2.patch: Add XML_PARSING case to parser
state in function XML_StopParser of expat/lib/xmlparse.c
- debian/patches/CVE-2024-50602-3.patch: Add tests for CVE-2024-50602 to
expat/tests/misc_tests.c
- CVE-2024-50602
-- Nicolas Campuzano Jimenez <email address hidden> Sun, 01 Dec 2024 15:52:41 -0500
|
Source diff to previous version |
CVE-2024-50602 |
An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an un |
|
expat (2.6.1-2ubuntu0.1) noble-security; urgency=medium
* SECURITY UPDATE: invalid input length
- CVE-2024-45490-*.patch: adds a check to the XML_ParseBuffer function of
expat/lib/xmlparse.c to identify and error out if a negative length is
provided.
- CVE-2024-45490
* SECURITY UPDATE: integer overflow
- CVE-2024-45491.patch: adds a check to the dtdCopy function of
expat/lib/xmlparse.c to detect and prevent an integer overflow.
- CVE-2024-45491
* SECURITY UPDATE: integer overflow
- CVE-2024-45492.patch: adds a check to the nextScaffoldPart function of
expat/lib/xmlparse.c to detect and prevent an integer overflow.
- CVE-2024-45492
-- Ian Constantin <email address hidden> Tue, 10 Sep 2024 13:17:43 +0300
|
CVE-2024-45490 |
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. |
CVE-2024-45491 |
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT |
CVE-2024-45492 |
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (wh |
|
About
-
Send Feedback to @ubuntu_updates