New Debian expat 2.2.0-2+deb9u5 fixes: This update addresses the following issues: * Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. (CVE-2022-23852) * malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) * namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236) * stack exhaustion in doctype parsing (CVE-2022-25313) * integer overflow in storeRawNames() (CVE-2022-25315)
--- mirror/ftp/4.4/unmaintained/component/4.4-8-errata/source/expat_2.2.0-2+deb9u4.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/expat_2.2.0-2+deb9u5.dsc @@ -1,3 +1,16 @@ +2.2.0-2+deb9u5 [Thu, 03 Mar 2022 10:03:00 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: + + * Non-maintainer upload by the LTS team. + * Run the upstream tests during the build. + * CVE-2022-25235: arbitrary code execution due to malformed 2- and 3-byte + UTF-8. + * CVE-2022-25236: arbitrary code execution due to namespace-separator + characters. + * CVE-2022-25313: stack exhaustion in build_model. + * CVE-2022-25315: integer overflow in storeRawNames. + * Include follow-up fix for CVE-2022-25236. + * Fix build issue in the tests of CVE-2022-23852. + 2.2.0-2+deb9u4 [Sun, 30 Jan 2022 17:51:06 +0100] Markus Koschany <apo@debian.org>: * Non-maintainer upload by the LTS team. <http://piuparts.knut.univention.de/4.4-8/#6398635680563345078>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] cdab7b71a5 Bug #54516: expat 2.2.0-2+deb9u5 doc/errata/staging/expat.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1187>