UbuntuUpdates.org

Package "lib64expat1"

Name: lib64expat1

Description:

XML parsing C library - runtime library (64bit)

Latest version: 2.0.1-7.2ubuntu1.4
Release: precise (12.04)
Level: updates
Repository: main
Head package: expat
Homepage: http://expat.sourceforge.net

Links


Download "lib64expat1"


Other versions of "lib64expat1" in Precise

Repository Area Version
base main 2.0.1-7.2ubuntu1
security main 2.0.1-7.2ubuntu1.4

Changelog

Version: 2.0.1-7.2ubuntu1.4 2016-06-20 19:06:52 UTC

  expat (2.0.1-7.2ubuntu1.4) precise-security; urgency=medium

  * SECURITY UPDATE: unanticipated internal calls to srand
    - debian/patches/CVE-2012-6702-1.dpatch: remove srand, use more entropy
      in lib/xmlparse.c.
    - debian/patches/CVE-2012-6702-2.dpatch: use a prime that fits 32bits
      on 32bit platforms in lib/xmlparse.c.
    - CVE-2012-6702
  * SECURITY UPDATE: use of too little entropy
    - debian/patches/CVE-2016-5300-1.dpatch: extract method
      gather_time_entropy in lib/xmlparse.c.
    - debian/patches/CVE-2016-5300-2.dpatch: extract entropy from
      XML_Parser address in lib/xmlparse.c.
    - CVE-2016-5300

 -- Marc Deslauriers <email address hidden> Fri, 10 Jun 2016 08:54:12 -0400

Source diff to previous version
CVE-2012-6702 Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat
CVE-2016-5300 The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of servic

Version: 2.0.1-7.2ubuntu1.3 2016-05-18 15:06:46 UTC

  expat (2.0.1-7.2ubuntu1.3) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    malformed documents
    - debian/patches/CVE-2016-0718.dpatch: fix out of bounds memory access
      and integer overflow in lib/xmlparse.c, lib/xmltok.c, lib/xmltok.h,
      lib/xmltok_impl.c.
    - CVE-2016-0718
  * SECURITY UPDATE: integer overflows in XML_GetBuffer
    - debian/patches/CVE-2015-1283-refix.dpatch: improved existing fix in
      lib/xmlparse.c.
    - CVE-2015-1283

 -- Marc Deslauriers <email address hidden> Mon, 16 May 2016 12:54:36 -0400

Source diff to previous version
CVE-2015-1283 Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, all

Version: 2.0.1-7.2ubuntu1.2 2015-08-31 18:06:40 UTC

  expat (2.0.1-7.2ubuntu1.2) precise-security; urgency=medium

  * SECURITY UPDATE: integer overflows in XML_GetBuffer
    - debian/patches/CVE-2015-1283.dpatch: add checks to lib/xmlparse.c.
    - CVE-2015-1283

 -- Marc Deslauriers Fri, 28 Aug 2015 09:33:57 -0400

Source diff to previous version
CVE-2015-1283 Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, all

Version: 2.0.1-7.2ubuntu1.1 2012-08-10 12:07:07 UTC

  expat (2.0.1-7.2ubuntu1.1) precise-security; urgency=low

  * SECURITY UPDATE: Denial of service via memory leak
    - debian/patches/788888_CVE_2012_1148.dpatch: Properly reallocate memory.
      Based on upstream patch.
    - CVE-2012-1148
 -- Tyler Hicks <email address hidden> Thu, 09 Aug 2012 11:15:38 -0700

CVE-2012-1148 Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (me



About   -   Send Feedback to @ubuntu_updates