-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 06 Sep 2019 15:07:59 +0100 Source: expat Binary: lib64expat1-dev lib64expat1 libexpat1-dev libexpat1 libexpat1-udeb expat Architecture: source amd64 Version: 2.1.0-6+deb8u6 Distribution: jessie-security Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changed-By: Chris Lamb <lamby@debian.org> Description: expat - XML parsing C library - example application lib64expat1 - XML parsing C library - runtime library (64bit) lib64expat1-dev - XML parsing C library - development kit (64bit) libexpat1 - XML parsing C library - runtime library libexpat1-dev - XML parsing C library - development kit libexpat1-udeb - XML parsing C library - runtime library (udeb) Changes: expat (2.1.0-6+deb8u6) jessie-security; urgency=high . * CVE-2019-15903: Prevent an issue where a specially-crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer overread. (Closes: #CVE-2019-15903) Checksums-Sha1: a88b0bca771c096168a68ac818c9ae42f5e94c1c 2292 expat_2.1.0-6+deb8u6.dsc b08197d146930a5543a7b99e871cba3da614f6f0 562616 expat_2.1.0.orig.tar.gz a01a19dee61447e093f698fc3c9c0bcd34a5ffb2 23672 expat_2.1.0-6+deb8u6.debian.tar.xz 211571971e392579e8516d08496a0548f2174de3 126230 libexpat1-dev_2.1.0-6+deb8u6_amd64.deb cc00dacf4a7923d4c771d76f4b5a4294164794b9 80294 libexpat1_2.1.0-6+deb8u6_amd64.deb 7fe2fe8cd7e1d15e5dd88cab187133946c395690 52270 libexpat1-udeb_2.1.0-6+deb8u6_amd64.udeb a807ed54f76e48081756bfb079f1cffaad7692ef 24528 expat_2.1.0-6+deb8u6_amd64.deb Checksums-Sha256: b54613edbbacde7b879be9d21b5d711c2cb2c90ed3d5e0968bdaf4c55bbcd8be 2292 expat_2.1.0-6+deb8u6.dsc 823705472f816df21c8f6aa026dd162b280806838bb55b3432b0fb1fcca7eb86 562616 expat_2.1.0.orig.tar.gz 7d61123e76076598e3026fff5570ccdfbb90a540a1fdd310e13224b28e52c24a 23672 expat_2.1.0-6+deb8u6.debian.tar.xz 6177fda2af2aa76249e98e472e9017fec52d30fa9922382e19631be08fc60368 126230 libexpat1-dev_2.1.0-6+deb8u6_amd64.deb b89fdf61edfd84355f8ded3431ee54359ead07800da175a076acc222a46507d6 80294 libexpat1_2.1.0-6+deb8u6_amd64.deb 1b7096c5025942d28cf58da3d6becce76fd21e6abacc020537172da742f6d188 52270 libexpat1-udeb_2.1.0-6+deb8u6_amd64.udeb 77a86fe60e663cb1295c3c0bc132ce991b6d83cb23e0e2100f52f2c3c74933c9 24528 expat_2.1.0-6+deb8u6_amd64.deb Files: 5367a19ee1826fcb753f6ebbb14e2e3b 2292 text optional expat_2.1.0-6+deb8u6.dsc dd7dab7a5fea97d2a6a43f511449b7cd 562616 text optional expat_2.1.0.orig.tar.gz 832ef7fcbd10eb9c6abd6015abff7ad5 23672 text optional expat_2.1.0-6+deb8u6.debian.tar.xz 0b6b40c721533e1acaa817e26ac8c33d 126230 libdevel optional libexpat1-dev_2.1.0-6+deb8u6_amd64.deb 75e8ab0592a0d40914b52f32ff5bed25 80294 libs optional libexpat1_2.1.0-6+deb8u6_amd64.deb b9f3ba40088b924afc9c15f728015b05 52270 debian-installer extra libexpat1-udeb_2.1.0-6+deb8u6_amd64.udeb 6b4e6d886658c09c3813bbe984ec35b6 24528 text optional expat_2.1.0-6+deb8u6_amd64.deb Package-Type: udeb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl1yaqUACgkQHpU+J9Qx Hlj0+RAAjyCs0t4h3zudBX+Prt1tzjRWYvQaVHd0t2IjIJAgFrRH/hlXvwgKLkdy wyKRA2YUdSzzvOy9K4Ljx67QvmydaAt3xXAR2TzjDDtzugLfz/yY6hpxNpQIpyGN ioyb9ONQxmGgfok6mOUk4HCC29ddqND5X2QqNsJu83MtmjQ7U70AuQofKoEpwTS0 aidIQwhRzT7KNVke08ymIyC6K3ZEOkWnKmSGYRaFW+T1zzNUiZgRJ2JPiefC7dxW jpWVDc1h+cTKHhxVvf0owyKwMn6DiCxG52d8wvGntBlOYdch7gNjrlcqw5wATl5M nYXHQXoVS8TWNvyQ5kPNvGeYf3HyQc9bIDRJQuu6xSEHkQuexT9/o4PaszIFU48b 11/Co5i+nk21TMKrKd0+ugt4TPkgKkve21vIflBsSD+v/rPZBrPoRQ3La2rUVM1f /YaNO1EnZ736ODLGJYEnibpYI+JcZEQjendYIYxXFaf9Wsn9DrEyyek7YYKWJITb jD5tCYEs5VU+E3ALAXSvWllkEL6kREb+kXH9XPHc0a8NwUINwTen5FvQ5srdoooa rvR31msMuE34ECBxtTASUiM1ApixpDKBxTaB4mCrmcYY3q3rKW7HYes0wwEpaH+i mBHfDRP5D2jCQ8ywbS/fnzoikzjtKS0vKthIweKha9s+KZ7iK+s= =Uyro -----END PGP SIGNATURE-----
