New Debian expat 2.2.6-2+deb10u8 fixes: This update addresses the following issues: 2.2.6-2+deb10u8 (Wed, 25 Sep 2024 04:26:59 +0200) * Non-maintainer upload by the ELTS Team. * Fix CVE-2024-45490: xmlparse.c does not reject a negative length for XML_ParseBuffer(), which may cause memory corruption or code execution. * Fix CVE-2024-45491: Integer overflow for nDefaultAtts on 32-bit platforms. * Fix CVE-2024-45492: Integer overflow for m_groupSize on 32-bit platforms.
--- mirror/ftp/pool/main/e/expat/expat_2.2.6-2+deb10u7.dsc +++ apt/ucs_5.0-0-errata5.0-9/source/expat_2.2.6-2+deb10u8.dsc @@ -1,3 +1,14 @@ +2.2.6-2+deb10u8 [Wed, 25 Sep 2024 04:26:59 +0200] Guilhem Moulin <guilhem@debian.org>: + + * Non-maintainer upload by the ELTS Team. + * Fix CVE-2024-45490: xmlparse.c does not reject a negative length for + XML_ParseBuffer(), which may cause memory corruption or code execution. + (Closes: #1080149) + * Fix CVE-2024-45491: Integer overflow for nDefaultAtts on 32-bit platforms. + (Closes: #1080150) + * Fix CVE-2024-45492: Integer overflow for m_groupSize on 32-bit platforms. + (Closes: #1080152) + 2.2.6-2+deb10u7 [Sat, 06 Apr 2024 18:16:16 +0200] Tobias Frost <tobi@debian.org>: * Non-maintainer upload by the LTS Team. <http://piuparts.knut.univention.de/5.0-9/#3617946276866532804>
OK: bug OK: yaml OK: announce_errata OK: patch ~OK: piuparts Freexian ships dbgsym packages [5.0-9] 3409d8f44c Bug #57644: expat 2.2.6-2+deb10u8 doc/errata/staging/expat.yaml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) [5.0-9] 037e484e10 Bug #57644: expat 2.2.6-2+deb10u8 doc/errata/staging/expat.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x1136>