Your message dated Thu, 15 Sep 2022 19:50:34 +0000
with message-id <[email protected]>
and subject line Bug#1019761: fixed in expat 2.4.8-2
has caused the Debian Bug report #1019761,
regarding expat: CVE-2022-40674
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1019761: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019761
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: expat
Version: 2.4.8-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/libexpat/libexpat/pull/629
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for expat.
CVE-2022-40674[0]:
| libexpat before 2.4.9 has a use-after-free in the doContent function
| in xmlparse.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-40674
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40674
[1] https://github.com/libexpat/libexpat/pull/629
[2] https://github.com/libexpat/libexpat/pull/640
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: expat
Source-Version: 2.4.8-2
Done: Laszlo Boszormenyi (GCS) <[email protected]>
We believe that the bug you reported is fixed in the latest version of
expat, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated expat package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 15 Sep 2022 20:53:15 +0200
Source: expat
Architecture: source
Version: 2.4.8-2
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Closes: 1019761
Changes:
expat (2.4.8-2) unstable; urgency=high
.
* Backport security fix for CVE-2022-40674: heap use-after-free issue in
doContent() (closes: #1019761).
Checksums-Sha1:
3680175786dad8c7d026cd142de843e445502f92 1981 expat_2.4.8-2.dsc
3aab94b92ac6b18b43bf981858750cc8b5ab4495 14544 expat_2.4.8-2.debian.tar.xz
Checksums-Sha256:
0f58efc0a3fc2940d14c676d72abf63c2fc355773fcf272a9911d6fa8a224be1 1981
expat_2.4.8-2.dsc
f25ea73ce0e8c2fa532b31fb0687a78a0994864119645a8682a374ae36bf36cc 14544
expat_2.4.8-2.debian.tar.xz
Files:
a4347edeb1c5cffc0628e1e75324665a 1981 text optional expat_2.4.8-2.dsc
8b83f4f87c42d84bbda4dbd7bd1c3fe8 14544 text optional
expat_2.4.8-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmMje20ACgkQ3OMQ54ZM
yL8+gg/9ELGOITsc3fSwqGbMe13WBrR56PkZrHYc7NAROXYSrdUaAHzzcBM+70Zq
DcOWKCzn3rRtHKBetiq0A4QUe64moYyeQX+YgXq9o+rPi/m8BH+Bdar1wt+f8UNx
JRjj/RNaFDomyAZhCv62CTEjDUKPDj7s3ZwV6X1sKvXnFM4UgJlE5jBBmcleohKx
n7xz1MgxIybR3j3Px2dK3F6j/6CdJy6Ll58uz+JSoFXV++3GZ+m5LF1wqdhVXhkT
dMNXsZG5GmqqSXgLUz7mqsKaIYOcqpPJ4aj8XKrQH/yTEU74xnMQY+tzF69877op
VVrAf3QF/WyUCmQt+8RymfQgPr1+2bXgzB11y8KHHe4iG7TADZqSW+G2MV1VxGYH
L1kpDBQXPU7cOeAX/rnhgH7zB5m+g2EUCqj29HY+/SvsvQppLUm6IKE+cATw73ij
r7USXVrGRDVF9fQKulTfq6sa9u8xyiZsVvq5xLbGxxrCTCji84RpwNRpU7poTz9V
9O541NMTd9qCtYnyhAbc41EoO+rpywP+vU+h29wIvbKshatxSlEdPAJAhbntzPQW
pmnodijbKC+6wR6dH98FlyE0wRAEp8l5+f0+1nwSAzRj7w+7LglaRS88hY0Aeo6+
NMr7QuDLSXpc1wREedOH30Nm8aTe/6NiOGmc4fMhrABAUtaiaOU=
=z6QE
-----END PGP SIGNATURE-----
--- End Message ---
