UbuntuUpdates.org

Package "libexpat1-dev"

Name: libexpat1-dev

Description:

XML parsing C library - development kit

Latest version: 2.1.0-4ubuntu1.4
Release: trusty (14.04)
Level: security
Repository: main
Head package: expat
Homepage: http://expat.sourceforge.net

Links


Download "libexpat1-dev"


Other versions of "libexpat1-dev" in Trusty

Repository Area Version
base main 2.1.0-4ubuntu1
updates main 2.1.0-4ubuntu1.4

Changelog

Version: 2.1.0-4ubuntu1.4 2017-07-19 18:07:15 UTC

  expat (2.1.0-4ubuntu1.4) trusty-security; urgency=medium

  * SECURITY UPDATE: external entity infinite loop
    - debian/patches/CVE-2017-9233.patch: add check to lib/xmlparse.c.
    - CVE-2017-9233

 -- Marc Deslauriers <email address hidden> Tue, 27 Jun 2017 09:05:59 -0400

Source diff to previous version

Version: 2.1.0-4ubuntu1.3 2016-06-20 18:06:52 UTC

  expat (2.1.0-4ubuntu1.3) trusty-security; urgency=medium

  * SECURITY UPDATE: unanticipated internal calls to srand
    - debian/patches/CVE-2012-6702-1.patch: remove srand, use more entropy
      in lib/xmlparse.c.
    - debian/patches/CVE-2012-6702-2.patch: use a prime that fits 32bits on
      32bit platforms in lib/xmlparse.c.
    - CVE-2012-6702
  * SECURITY UPDATE: use of too little entropy
    - debian/patches/CVE-2016-5300-1.patch: extract method
      gather_time_entropy in lib/xmlparse.c.
    - debian/patches/CVE-2016-5300-2.patch: extract entropy from XML_Parser
      address in lib/xmlparse.c.
    - CVE-2016-5300

 -- Marc Deslauriers <email address hidden> Fri, 10 Jun 2016 08:50:53 -0400

Source diff to previous version
CVE-2012-6702 Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat
CVE-2016-5300 The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of servic

Version: 2.1.0-4ubuntu1.2 2016-05-18 12:07:29 UTC

  expat (2.1.0-4ubuntu1.2) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    malformed documents
    - debian/patches/CVE-2016-0718.patch: fix out of bounds memory access
      and integer overflow in lib/xmlparse.c, lib/xmltok.c, lib/xmltok.h,
      lib/xmltok_impl.c.
    - CVE-2016-0718
  * SECURITY UPDATE: integer overflows in XML_GetBuffer
    - debian/patches/CVE-2015-1283-refix.patch: improved existing fix in
      lib/xmlparse.c.
    - CVE-2015-1283

 -- Marc Deslauriers <email address hidden> Mon, 16 May 2016 12:51:23 -0400

Source diff to previous version
CVE-2015-1283 Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, all

Version: 2.1.0-4ubuntu1.1 2015-08-31 18:06:41 UTC

  expat (2.1.0-4ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: integer overflows in XML_GetBuffer
    - debian/patches/CVE-2015-1283.patch: add checks to lib/xmlparse.c.
    - CVE-2015-1283

 -- Marc Deslauriers Fri, 28 Aug 2015 09:33:01 -0400

CVE-2015-1283 Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, all



About   -   Send Feedback to @ubuntu_updates