This bug was fixed in the package expat - 2.2.5-3ubuntu0.7 --------------- expat (2.2.5-3ubuntu0.7) bionic-security; urgency=medium
* SECURITY UPDATE: Stack exhaustion - debian/patches/CVE-2022-25313.patch: prevent stack exhaustion in build_model in expat/lib/xmlparse.c. - debian/patches/fix-build_model-regression.patch: fix build_model regression in expat/lib/xmlparse.c. - CVE-2022-25313 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-25314.patch: prevent integer overflow in copyString in expat/lib/xmlparse.c. - CVE-2022-25314 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-25315.patch: prevent integer overflow in storeRawNames in expat/lib/xmlparse.c. - CVE-2022-25315 * SECURITY UPDATE: relax fix to CVE-2022-25236 with regard to RFC 3986 URI characters and possibly regressions - debian/patches/CVE-2022-25236-3.patch: add a note on namespace URI validation in expat/doc/reference.html, expat/lib/expat.h. - debian/patches/CVE-2022-25236-4.patch: document namespace separator effect right in header expat/lib/expat.h. - debian/patches/CVE-2022-25236-5.patch: cover relaxed fix in tests. - debian/patches/CVE-2022-25236-6.patch: relax fix with regard to RFC 3986 URI characters in expat/lib/xmlparse.c. (LP: #1963903) -- Leonidas Da Silva Barbosa <leo.barb...@canonical.com> Tue, 08 Mar 2022 09:28:37 -0300 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to expat in Ubuntu. https://bugs.launchpad.net/bugs/1963903 Title: expat relax fix for CVE-2022-25236 and possible regressions Status in expat package in Ubuntu: Fix Released Bug description: Sebastian Pipping report to us that these additional fixes are required to fix properly CVE-2022-25236 in regard to RCF 3986 URI characters and possibly regressions as the merge request points. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/expat/+bug/1963903/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp