expat (2.5.0-1) unstable; urgency=high
* New upstream release:
- fixes CVE-2022-43680: heap use-after-free after overeager destruction of
a shared DTD in XML_ExternalEntityParserCreate() (closes: #1022743).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Wed, 26 Oct 2022 15:31:29 +0200
expat (2.4.9-1) unstable; urgency=medium
* New upstream release.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Wed, 21 Sep 2022 18:42:18 +0200
expat (2.4.8-2) unstable; urgency=high
* Backport security fix for CVE-2022-40674: heap use-after-free issue in
doContent() (closes: #1019761).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 15 Sep 2022 20:53:15 +0200
expat (2.4.8-1) unstable; urgency=medium
* New upstream release.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Tue, 29 Mar 2022 22:01:08 +0200
expat (2.4.7-1) unstable; urgency=medium
* New upstream release:
- relax fix to CVE-2022-25236 with regard to all valid URI characters
(RFC 3986).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 05 Mar 2022 07:11:48 +0100
expat (2.4.6-1) unstable; urgency=medium
* New upstream release.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 21 Feb 2022 21:08:18 +0100
expat (2.4.5-2) unstable; urgency=medium
* Fix build_model regression (closes: #1006162).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 20 Feb 2022 16:26:07 +0100
expat (2.4.5-1) unstable; urgency=high
* New upstream release:
- fixes CVE-2022-25235: certain validation of encoding, such as checks
for whether a UTF-8 character is valid can cause code execution
(closes: #1005894),
- fixes CVE-2022-25236: passing namespace separator characters can cause
code execution (closes: #1005895),
- fixes CVE-2022-25313: an attacker can trigger stack exhaustion in
build_model via a large nesting depth in the DTD element,
- fixes CVE-2022-25314: integer overflow in function copyString() ,
- fixes CVE-2022-25315: integer overflow in function storeRawNames() .
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 19 Feb 2022 07:34:25 +0100
expat (2.4.4-1) unstable; urgency=medium
* New upstream release.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Tue, 01 Feb 2022 18:51:12 +0100
expat (2.4.3-3) unstable; urgency=high
* Backport security fix for CVE-2022-23990: integer overflow in
doProlog() .
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 27 Jan 2022 06:44:50 +0100
expat (2.4.3-2) unstable; urgency=high
* Backport security fix for CVE-2022-23852: XML_GetBuffer() signed integer
overflow.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 24 Jan 2022 18:18:59 +0100
expat (2.4.3-1) unstable; urgency=high
* New upstream release:
- fixes CVE-2021-45960: left shifts by >=29 places resulting in realloc
acting as free, realloc allocating too few bytes, undefined behavior
depending on architecture,
- fixes CVE-2021-46143: integer overflow leading to realloc acting
as free,
- fixes CVE-2022-22822: integer overflow in function addBinding,
- fixes CVE-2022-22823: integer overflow in function build_model,
- fixes CVE-2022-22824: integer overflow in function defineAttribute,
- fixes CVE-2022-22825: integer overflow in function lookup,
- fixes CVE-2022-22826: integer overflow in function nextScaffoldPart,
- fixes CVE-2022-22827: integer overflow in function storeAtts.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 16 Jan 2022 21:48:09 +0100
expat (2.4.2-1) unstable; urgency=medium
* New upstream release.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 23 Dec 2021 19:05:43 +0100
expat (2.4.1-3) unstable; urgency=medium
* Update watch file.
* Update Standards-Version to 4.6.0 .
[ Andrius Merkys <merkys@debian.org> ]
* Fix incorrect path for expat library in expat-noconfig.cmake
(closes: #995907).
* Fix incorrect path for INTERFACE_INCLUDE_DIRECTORIES in expat.cmake
(closes: #996612).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 24 Oct 2021 18:48:18 +0200
expat (2.4.1-2) unstable; urgency=medium
* Upload to Sid.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 09 Sep 2021 21:26:21 +0200
expat (2.4.1-1) experimental; urgency=high
* New upstream release:
- fix CVE-2013-0340: protect against billion laughs attacks
(denial-of-service; flavors targeting CPU time or RAM or both,
leveraging general entities or parameter entities or both).
* Update libexpat1 symbols.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 24 May 2021 10:14:11 +0200
expat (2.3.0-1) experimental; urgency=medium
* New upstream release.
* Update debhelper level to 13 .
* Update Standards-Version to 4.5.1 .
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 10 May 2021 19:20:19 +0200
expat (2.2.10-2) unstable; urgency=medium
* Provide stage1 (bootstrap) build profile (closes: #896011).
[ Matthias Klose <doko@ubuntu.com> ]
* Don't build the udeb package when requested (closes: #983324).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Tue, 23 Feb 2021 17:54:13 +0100
expat (2.2.10-1) unstable; urgency=medium
* New upstream release.
* Update Standards-Version to 4.5.0 .
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 04 Oct 2020 07:39:41 +0200
expat (2.2.9-1) unstable; urgency=medium
* New upstream release.
* Update Standards-Version to 4.4.0 .
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 28 Sep 2019 18:49:55 +0000
expat (2.2.7-2) unstable; urgency=high
* Fix CVE-2019-15903: deny internal entities closing the doctype
(closes: #939394).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Wed, 04 Sep 2019 18:01:00 +0000
expat (2.2.7-1) unstable; urgency=medium
* New upstream release.
* Update libexpat1 symbols.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 13 Jul 2019 21:46:00 +0000
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog libexpat1`.
Generated by dwww version 1.15 on Sat May 18 11:37:28 CEST 2024.