This bug was fixed in the package expat - 2.4.1-2 Sponsored for Rico Tzschichholz (ricotz)
--------------- expat (2.4.1-2) unstable; urgency=medium * Upload to Sid. -- Laszlo Boszormenyi (GCS) <[email protected]> Thu, 09 Sep 2021 21:26:21 +0200 expat (2.4.1-1) experimental; urgency=high * New upstream release: - fix CVE-2013-0340: protect against billion laughs attacks (denial-of-service; flavors targeting CPU time or RAM or both, leveraging general entities or parameter entities or both). * Update libexpat1 symbols. -- Laszlo Boszormenyi (GCS) <[email protected]> Mon, 24 May 2021 10:14:11 +0200 ** Changed in: expat (Ubuntu) Status: Triaged => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0340 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1943133 Title: [FFe] Sync expat 2.4.1-1 (main) from Debian experimental (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/expat/+bug/1943133/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
