UbuntuUpdates.org

Package "expat"

Name: expat

Description:

XML parsing C library - example application

Latest version: 2.4.8-2ubuntu0.22.10.1
Release: kinetic (22.10)
Level: updates
Repository: universe
Homepage: https://libexpat.github.io/

Links


Download "expat"


Other versions of "expat" in Kinetic

Repository Area Version
base main 2.4.8-2
base universe 2.4.8-2
security main 2.4.8-2ubuntu0.22.10.1
security universe 2.4.8-2ubuntu0.22.10.1
updates main 2.4.8-2ubuntu0.22.10.1

Changelog

Version: 2.4.8-2ubuntu0.22.10.1 2022-11-23 15:06:28 UTC

  expat (2.4.8-2ubuntu0.22.10.1) kinetic-security; urgency=medium

  * SECURITY UPDATE: use-after-free
    - debian/patches/CVE-2022-43680-1.patch: adds tests to cover
      DTD destruction in XML_ExternalEntityParserCreate in
      expat/tests/runtests.c.
    - debian/patches/CVE-2022-43680-2.patch: fix overeager DTD
      destruction in XML_ExternalEntityParserCreate in
      expat/lib/xmlparse.c.
    - CVE-2022-43680

 -- David Fernandez Gonzalez <email address hidden> Fri, 18 Nov 2022 12:22:47 +0100

CVE-2022-43680 In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memo



About   -   Send Feedback to @ubuntu_updates