UbuntuUpdates.org

Package "expat"

Name: expat

Description:

XML parsing C library - example application

Latest version: 2.2.5-3ubuntu0.9
Release: bionic (18.04)
Level: updates
Repository: universe
Homepage: https://libexpat.github.io/

Links


Download "expat"


Other versions of "expat" in Bionic

Repository Area Version
base universe 2.2.5-3
base main 2.2.5-3
security main 2.2.5-3ubuntu0.9
security universe 2.2.5-3ubuntu0.9
updates main 2.2.5-3ubuntu0.9

Changelog

Version: 2.2.5-3ubuntu0.9 2022-11-23 15:06:22 UTC

  expat (2.2.5-3ubuntu0.9) bionic-security; urgency=medium

  * SECURITY REGRESSION: Tests failed
    - debian/patches/CVE-2022-43680-1.patch: backport patch
      to work for this version in expat/tests/runtests.c.

 -- David Fernandez Gonzalez <email address hidden> Fri, 18 Nov 2022 11:57:30 +0100

Source diff to previous version
CVE-2022-43680 In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memo

Version: 2.2.5-3ubuntu0.8 2022-11-17 12:06:24 UTC

  expat (2.2.5-3ubuntu0.8) bionic-security; urgency=medium

  * SECURITY UPDATE: use-after-free
    - debian/patches/CVE-2022-40674.patch: adds a conditional call to
      storeRawNames() in func internalEntityProcessor following a call
      to doCOntent() that could result in unbalanced tags upon returning.
    - CVE-2022-40674
  * SECURITY UPDATE: use-after-free
    - debian/patches/CVE-2022-43680-1.patch: adds tests to cover
      DTD destruction in XML_ExternalEntityParserCreate in
      expat/tests/runtests.c.
    - debian/patches/CVE-2022-43680-2.patch: fix overeager DTD
      destruction in XML_ExternalEntityParserCreate in
      expat/lib/xmlparse.c.
    - CVE-2022-43680

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 08 Nov 2022 07:13:44 -0300

Source diff to previous version
CVE-2022-40674 libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
CVE-2022-43680 In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memo

Version: 2.2.5-3ubuntu0.7 2022-03-10 16:07:20 UTC

  expat (2.2.5-3ubuntu0.7) bionic-security; urgency=medium

  * SECURITY UPDATE: Stack exhaustion
    - debian/patches/CVE-2022-25313.patch: prevent
      stack exhaustion in build_model in expat/lib/xmlparse.c.
    - debian/patches/fix-build_model-regression.patch: fix build_model
      regression in expat/lib/xmlparse.c.
    - CVE-2022-25313
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2022-25314.patch: prevent integer overflow in
      copyString in expat/lib/xmlparse.c.
    - CVE-2022-25314
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2022-25315.patch: prevent integer overflow in
      storeRawNames in expat/lib/xmlparse.c.
    - CVE-2022-25315
  * SECURITY UPDATE: relax fix to CVE-2022-25236 with regard to
    RFC 3986 URI characters and possibly regressions
    - debian/patches/CVE-2022-25236-3.patch: add a note on namespace URI
      validation in expat/doc/reference.html, expat/lib/expat.h.
    - debian/patches/CVE-2022-25236-4.patch: document namespace separator
      effect right in header expat/lib/expat.h.
    - debian/patches/CVE-2022-25236-5.patch: cover relaxed fix in tests.
    - debian/patches/CVE-2022-25236-6.patch: relax fix with regard to
      RFC 3986 URI characters in expat/lib/xmlparse.c. (LP: #1963903)

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 08 Mar 2022 09:28:37 -0300

Source diff to previous version
1963903 expat relax fix for CVE-2022-25236 and possible regressions
CVE-2022-25313 In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
CVE-2022-25314 In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
CVE-2022-25315 In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
CVE-2022-25236 xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

Version: 2.2.5-3ubuntu0.4 2022-02-21 16:06:25 UTC

  expat (2.2.5-3ubuntu0.4) bionic-security; urgency=medium

  * SECURITY UPDATE: Realloc misbehavior
    - debian/patches/CVE-2021-45960.patch: detect and prevent troublesome
      left shifts in function storeAtts in expat/lib/xmlparse.c.
    - CVE-2021-45960
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2021-46143.patch: prevent integer overflow
      on m_groupSize in function doProlog in expat/lib/xmlparse.c.
    - CVE-2021-46143
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2022-22822-to-CVE-2022-22827.patch: prevent integer overflow
      in multiple places in expat/lib/xmlparse.c.
    - CVE-2022-22822
    - CVE-2022-22823
    - CVE-2022-22824
    - CVE-2022-22825
    - CVE-2022-22826
    - CVE-2022-22827
  * SECURITY UPDATE: Signed integer overflow
    - debian/patches/CVE-2022-23852-*.patch: detect and prevent
      integer overflow in XML_GetBuffer in expat/lib/xmlparse.c and
      adds test to cover it in expat/tests/runtests.c.
    - CVE-2022-23852
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2022-23990.patch: prevent integer overflow in
      doProlog in expat/lib/xmlparse.c.
    - CVE-2022-23990
  * SECURITY UPDATE: Incomplete validation encoding
    - debian/patches/CVE-2022-25235-*.patch: adds missing validation
      and adds tests in expat/lib/xmltok_impl.c, expat/tests/runtests.c.
    - CVE-2022-25235
  * SECURITY UPDATE: Namespace-separator insertions
    - debian/patches/CVE-2022-25236-*.patch: Protect against malicious
      namespace declarations in expat/lib/xmlparse.c, expat/tests/runtests.c.
    - CVE-2022-25236

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 17 Feb 2022 20:38:16 -0300

Source diff to previous version
CVE-2021-45960 In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.
CVE-2021-46143 In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
CVE-2022-22822 addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22827 storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22823 build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22824 defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22825 lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22826 nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-23852 Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
CVE-2022-23990 Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
CVE-2022-25235 xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a c
CVE-2022-25236 xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

Version: 2.2.5-3ubuntu0.2 2019-09-12 19:06:57 UTC

  expat (2.2.5-3ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches/CVE-2019-15903.patch: Deny internal
      entities closing the doctype in expat/lib/xmlparse.c.
    - CVE-2019-15903

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 10 Sep 2019 15:05:44 -0300

CVE-2019-15903 In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to



About   -   Send Feedback to @ubuntu_updates