UbuntuUpdates.org

Package "libexpat1-dev"

Name: libexpat1-dev

Description:

XML parsing C library - development kit

Latest version: 2.5.0-2ubuntu0.1
Release: mantic (23.10)
Level: updates
Repository: main
Head package: expat
Homepage: https://libexpat.github.io/

Links


Download "libexpat1-dev"


Other versions of "libexpat1-dev" in Mantic

Repository Area Version
base main 2.5.0-2
security main 2.5.0-2ubuntu0.1

Changelog

Version: 2.5.0-2ubuntu0.1 2024-03-14 15:06:58 UTC

  expat (2.5.0-2ubuntu0.1) mantic-security; urgency=medium

  * SECURITY UPDATE: denial-of-service
    - debian/patches/CVE-2023-52425.patch: Speed up parsing of big tokens.
    - CVE-2023-52425
  * SECURITY UPDATE: denial-of-service
    - debian/patches/CVE-2024-28757.patch: Detect billion laughs attack with
      isolated external parser.
    - CVE-2024-28757

 -- Fabian Toepfer <email address hidden> Wed, 13 Mar 2024 16:05:10 +0100

CVE-2023-52425 libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for w
CVE-2024-28757 libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCrea



About   -   Send Feedback to @ubuntu_updates