Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted expat 2.4.3-1 (source) into unstable
Date: Sun, 16 Jan 2022 22:03:38 +0000
Signed by: Laszlo Boszormenyi <gcs@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 16 Jan 2022 21:48:09 +0100
Source: expat
Architecture: source
Version: 2.4.3-1
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changes:
 expat (2.4.3-1) unstable; urgency=high
 .
   * New upstream release:
     - fixes CVE-2021-45960: left shifts by >=29 places resulting in realloc
       acting as free, realloc allocating too few bytes, undefined behavior
       depending on architecture,
     - fixes CVE-2021-46143: integer overflow leading to realloc acting
       as free,
     - fixes CVE-2022-22822: integer overflow in function addBinding,
     - fixes CVE-2022-22823: integer overflow in function build_model,
     - fixes CVE-2022-22824: integer overflow in function defineAttribute,
     - fixes CVE-2022-22825: integer overflow in function lookup,
     - fixes CVE-2022-22826: integer overflow in function nextScaffoldPart,
     - fixes CVE-2022-22827: integer overflow in function storeAtts.
Checksums-Sha1:
 34a78e57ed280a482cf8611234594e4fc734fbcc 1981 expat_2.4.3-1.dsc
 5983dfbff19b3eca57cf5785e1daccc6b8534a90 8311959 expat_2.4.3.orig.tar.gz
 9c3977803c171ad10beef715b3f393b1cf1d4838 12188 expat_2.4.3-1.debian.tar.xz
Checksums-Sha256:
 30122d6411559157415dcb26ece0a49d6c5ecc2cb54ae52424d2204cdf9dbd24 1981 expat_2.4.3-1.dsc
 edd734dbc54668839185f95f530f45e2221c478929eb47ca9647c5ec803c1417 8311959 expat_2.4.3.orig.tar.gz
 73058dee32607be8e8cb9df740f4b215b3229d6766fa86705b1b7fefe92a53cf 12188 expat_2.4.3-1.debian.tar.xz
Files:
 7327579a0e92f0c00244caee015976b1 1981 text optional expat_2.4.3-1.dsc
 0e81bfaafdd60524f7b0d09c8aae8cd0 8311959 text optional expat_2.4.3.orig.tar.gz
 b86ef868cc6a5f27906335e501574f2b 12188 text optional expat_2.4.3-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmHkkk8ACgkQ3OMQ54ZM
yL+wIBAAnVY9LLvpKg4WRqxAVwM7MXeBaogVkmwAqTRdr9HVOnjRX84vNcgVpwKb
RphiIT9K86BChR2S1HXS28lX5oeHQp97QrXpB7fQd92oMoZr3F/4cBDuFVcm0GGB
ZK0gaEbkmAjA4WFcpqPlTwHe/+nrWYWI5GmSM6GsGXE59uXHNmeEf/tRv5jjWSAc
GlW55m2Qa8fYTGi2DjvpwHj/dJ25EfzzCgW2w3BclpJJIhgrupO5/nQoWEsPDicM
m+NevV6nkCEnUIPZg9Zljiuo7A3Z1xyKq7ObstOESkWskyNmnWrHT7Y514TgE/+u
708VR8vHWyuVszgmcq3CsJH+5m+gIObhc9QU/U8BTsyJr7LrQ/VdRx4AdYEwqFAL
t/6FaYJnXPwkvLrZREgjznjIJhdsfjYqjKwM4q5fUL4T7p9TAx3W9AxhlSzx3i3l
HxpXyww7BK5vW8oAziPeRj3Cf/ePUsOIawSHVoV4AIfkid4GNx9deIPsKnt+PL+j
C3L2l1ti1IJkudxE0AUrwKaSbxiTdac+QU+aQzKuWhGHlXUGq2hJpOp3WH2VIncY
3R6vPQ5MvQ4wi8sdvSyIqmsH4DKI/yGTNVL/DAjlfuMuHTiAIZrpxZl2WA1r/17/
s2KwNL5Z7dtKMCVo0calEF8MSVf5dsZZwm37OO0xqQDaOZ8Svcg=
=ptIs
-----END PGP SIGNATURE-----
News for package expat
