This bug was fixed in the package expat - 2.2.5-3ubuntu0.7
---------------
expat (2.2.5-3ubuntu0.7) bionic-security; urgency=medium
* SECURITY UPDATE: Stack exhaustion
- debian/patches/CVE-2022-25313.patch: prevent
stack exhaustion in build_model in expat/lib/xmlparse.c.
- debian/patches/fix-build_model-regression.patch: fix build_model
regression in expat/lib/xmlparse.c.
- CVE-2022-25313
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2022-25314.patch: prevent integer overflow in
copyString in expat/lib/xmlparse.c.
- CVE-2022-25314
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2022-25315.patch: prevent integer overflow in
storeRawNames in expat/lib/xmlparse.c.
- CVE-2022-25315
* SECURITY UPDATE: relax fix to CVE-2022-25236 with regard to
RFC 3986 URI characters and possibly regressions
- debian/patches/CVE-2022-25236-3.patch: add a note on namespace URI
validation in expat/doc/reference.html, expat/lib/expat.h.
- debian/patches/CVE-2022-25236-4.patch: document namespace separator
effect right in header expat/lib/expat.h.
- debian/patches/CVE-2022-25236-5.patch: cover relaxed fix in tests.
- debian/patches/CVE-2022-25236-6.patch: relax fix with regard to
RFC 3986 URI characters in expat/lib/xmlparse.c. (LP: #1963903)
-- Leonidas Da Silva Barbosa <[email protected]> Tue, 08 Mar
2022 09:28:37 -0300
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1963903
Title:
expat relax fix for CVE-2022-25236 and possible regressions
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/expat/+bug/1963903/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
