Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To:
Subject: Accepted expat 2.2.10-2+deb11u1 (source) into stable-security->embargoed, stable-security
Date: Sat, 12 Feb 2022 13:29:18 +0000
Signed by: Salvatore Bonaccorso <carnil@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 07 Feb 2022 22:26:48 +0100
Source: expat
Architecture: source
Version: 2.2.10-2+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1002994 1003474
Changes:
 expat (2.2.10-2+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * lib: Detect and prevent troublesome left shifts in function storeAtts
     (CVE-2021-45960) (Closes: #1002994)
   * lib: Prevent integer overflow on m_groupSize in function doProlog
     (CVE-2021-46143)
   * lib: Prevent integer overflow at multiple places (CVE-2022-22822,
     CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826,
     CVE-2022-22827) (Closes: #1003474)
   * lib: Detect and prevent integer overflow in XML_GetBuffer (CVE-2022-23852)
   * tests: Cover integer overflow in XML_GetBuffer (CVE-2022-23852)
   * lib: Prevent integer overflow in doProlog (CVE-2022-23990)
Package-Type: udeb
Checksums-Sha1: 
 e1248c679e831b37e56e6f560cfb0648b6e44430 2175 expat_2.2.10-2+deb11u1.dsc
 a2a0f172dd3346b520918331b7480d4d30557439 8276395 expat_2.2.10.orig.tar.gz
 0ac9c7a13c20be2ca64c74d4178fc610801264e9 15052 expat_2.2.10-2+deb11u1.debian.tar.xz
Checksums-Sha256: 
 bf6b9e6736306c24b3e1b3f9b57d7577136caff6973dbbdbb76d9937fe0cd331 2175 expat_2.2.10-2+deb11u1.dsc
 62e280f5fd29a5b70973f623e20a7412c3e3912c2684cb0e462e2c881be129e1 8276395 expat_2.2.10.orig.tar.gz
 5c44eb525fdc4843c3b5fb8efc2d9699292100ff5b76ee148f58e9bae72057b9 15052 expat_2.2.10-2+deb11u1.debian.tar.xz
Files: 
 1e36c367128c873bb463c4d59e971e44 2175 text optional expat_2.2.10-2+deb11u1.dsc
 7ca5f09959fcb9a57618368deb627b9f 8276395 text optional expat_2.2.10.orig.tar.gz
 c5beb3046c00d969154ead254bb9018b 15052 text optional expat_2.2.10-2+deb11u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIBkbZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EjMQP/0iqrD2UoonYu92rOXoBQTC3/TB8Qjt5
fgU6LlMkfw1Xxt9zCZBGD3Z2SRZQeD6yN2vZZIiPorj8zozxuIcjCKvOpAVkruAd
Sby4dy8vCwJX/7p8mzEsHWs8NM2hpxP96+bPc+/0o8mkZortEJhjQDqTvoSwlrjQ
m/pJiINVma4xITj83G5ba8j3pHLC+7h/tBhCpVkKgXPBBN8DjUzglH56E0j6cHWh
zJmUSDTT0Nr1daWCxq1tMJKACsXDCbztZ/SOPbf9R+KsbtfCwYD3c3hUymNaeX+l
sdUPNIFHOnFwb5YLPjKv4LjEhav2n4dpjxcr1d75QS431v0IDvC6zmq5FciNLuIh
y0A8r9wLREzVqait9aPoO50K0UcNliy85CN8nBDf8l6ylvJYpFNf7g5eEstCGxGz
t3WcwwtgWd4nppDnt3ryePytBnhx67AzdwG4Q7kWq4KzrSU4hcLhtmyYG3SPJHJE
2BiDzXen9G+JpwCFdsKzAv8uodSqvFxg8l43Nncaq+2CGlw3LzxuoI5U50tsDjLi
tEh3fQJ20oot8fexZEjpy9VmWtGEAaLvSjeayDTL9ss3rkIvaw+fQNmrD8aolUs1
HlzJOaSCrCze8COLiRxzJN+sbH6VC7UrrJpR7WAkk2nhmfNAkOvgDuyLCj2v+cFg
7jxgebMK3ZKJ
=uP4e
-----END PGP SIGNATURE-----
News for package expat
