Your message dated Sat, 24 Sep 2022 19:02:25 +0000
with message-id <[email protected]>
and subject line Bug#1019761: fixed in expat 2.2.10-2+deb11u4
has caused the Debian Bug report #1019761,
regarding expat: CVE-2022-40674
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1019761: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019761
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: expat
Version: 2.4.8-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/libexpat/libexpat/pull/629
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for expat.
CVE-2022-40674[0]:
| libexpat before 2.4.9 has a use-after-free in the doContent function
| in xmlparse.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-40674
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40674
[1] https://github.com/libexpat/libexpat/pull/629
[2] https://github.com/libexpat/libexpat/pull/640
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: expat
Source-Version: 2.2.10-2+deb11u4
Done: Laszlo Boszormenyi (GCS) <[email protected]>
We believe that the bug you reported is fixed in the latest version of
expat, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated expat package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 17 Sep 2022 11:30:56 +0200
Source: expat
Architecture: source
Version: 2.2.10-2+deb11u4
Distribution: bullseye-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Closes: 1019761
Changes:
expat (2.2.10-2+deb11u4) bullseye-security; urgency=high
.
* Backport security fix for CVE-2022-40674: heap use-after-free issue in
doContent() (closes: #1019761).
Checksums-Sha1:
a3ecc467ed18bacbc4b14492653e3c1919d522fb 2020 expat_2.2.10-2+deb11u4.dsc
a1bad76a0bf0d2d6c7ff6a250a543337556d2424 28500
expat_2.2.10-2+deb11u4.debian.tar.xz
Checksums-Sha256:
a86fa66526a76b784044975e978a070d5b17154c0b76e264fda802811ca7ec74 2020
expat_2.2.10-2+deb11u4.dsc
54ecdf492d5c77cefe6aab7ea5cff6e448f073a258fc7031cafe2c76fd699d09 28500
expat_2.2.10-2+deb11u4.debian.tar.xz
Files:
9620e988e3cb2aac8aa2e6b52dd3100b 2020 text optional expat_2.2.10-2+deb11u4.dsc
a38e7b3d1c97fa26739e4a72c63b25d4 28500 text optional
expat_2.2.10-2+deb11u4.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmMp74wACgkQ3OMQ54ZM
yL/sVBAAo3UwyfiY+Wzu7h+yUqgRJDn/Z25XJwP9+XBVkAbU/IQWBLRPeiyjjnVJ
oRj0z9xGSY7Otvyqc2Jl2w7EEbMwDHSE1c+VeA8+I/dpDIRzr4MQov/w43k0W/RS
qJ9N5YqVnVT6DSuVr7gshs4Ly8TcCv86Q+Z0tySGILqstWzUhCzIohKwS7SNutnc
XL75pV/8KMkqLJ3gDiP3/+p9HnemCarAQ5u/c8l0bHGGsJqXqFKEkkX79TCwVYwe
EH1rMvHlVeRdAUfP0YWDcv/wkDrgMY2B6X4J3uErAzaPU8qOQY/+q83bdn0wbRf4
Zk5K9hoBArUvhL8XYV3jCkWRaqgSZAzYJn/poYRn2MOxnqwS/3ggYZMdvAU4iAs6
Ny5PGjMTQHgCodIq6BdjhljSBiUIwX8kf5VpuMzNHJEj4UqGb1KUGua5VgYlFP5x
eCQLfXMMSGaZOjCx7G318iZzAK5kR3lpAjZ0x3Grk/Pr97pXi5kmxPCW9Gfi/DCK
ibH1qarQDR5zwrm+zslyyWqdxixpZltBWcyUkSxh0oN1GogoGj6RFHHAMeCSIS8X
XGZRcg5y94Avm5o+DZsixoBhyVEaKjRXXpdxeAeG+elMfQwmtlj7/qlHfHiSO4Pf
hhw9SOvcb2jWEojLOSpZdGi30RjOua+8bwF6FTfqkb+FKLEssOY=
=38BV
-----END PGP SIGNATURE-----
--- End Message ---
