-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 09 Feb 2022 15:18:06 +0100 Source: expat Architecture: source Version: 2.2.6-2+deb10u2 Distribution: buster-security Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 1002994 1003474 Changes: expat (2.2.6-2+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * lib: Detect and prevent troublesome left shifts in function storeAtts (CVE-2021-45960) (Closes: #1002994) * lib: Prevent integer overflow on m_groupSize in function doProlog (CVE-2021-46143) * lib: Prevent integer overflow at multiple places (CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827) (Closes: #1003474) * lib: Detect and prevent integer overflow in XML_GetBuffer (CVE-2022-23852) * lib: Prevent integer overflow in doProlog (CVE-2022-23990) Package-Type: udeb Checksums-Sha1: df8f5e4afc305ea065b10a1eee2ec131c5b73177 2136 expat_2.2.6-2+deb10u2.dsc d85d401ad1298db714e6596d08e18d7120e55928 15204 expat_2.2.6-2+deb10u2.debian.tar.xz Checksums-Sha256: c15b50bd0c9b75abc53b3c2702da3cec19fc63d32f1858550649e876e3abfd89 2136 expat_2.2.6-2+deb10u2.dsc a0cdfd961e0ce50714cd881ae5ed8a0105b52c02916f9d6a7955b6e51e4ffb24 15204 expat_2.2.6-2+deb10u2.debian.tar.xz Files: eb4ec8c5f6407c01af6397ee649c6bed 2136 text optional expat_2.2.6-2+deb10u2.dsc 5732eca37f135e639552ad4512ea1821 15204 text optional expat_2.2.6-2+deb10u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmID3y5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EWZwP/jgDBltx3sPNORJKY0hdvYWcOgpO8EcC a3oO85K4DqXifEoUqhQ7Fer7e21l2eaft9nLA414ZGa9v305T0jMCz0g+mhzFx44 EhYz0MnaHPU49Yyn/gR4EUcl0vxQBzKKsQfzTfHDE7phwPbYBlf2+OjnR+8p1EMR /aVOwCDHrTMjOKC691ptyubVF9RpyB84DB4Il87AVp4TR1zOO9aJRBXWBFbTp93N cK/DL5m45aAsEGA5KhIFTU5Ac1imDbB4OfCj5dEOEUEuPj/0FxGoag/A8qRP2WUP ImVbonPyfu6F+1aDrY8LpFlfRdVySLMDgkthwYvDrAWyK6e25eWmUg0CYbXTSqL+ /hE3pWMCuUKf0H/3xWIRGJWGvKrpiPdRV+MgOpwuXx7wyuCU7j6PRBCpRiSmUDJQ F6BZ1bQfjMhXyng/6KHUf7f7jkRT9siEsJnriTS+D8f6H34YWF5z2mdEmwu+NU0q f1UQrBA7IlgFcm6pGpTfgloPDNQf/UskZppf6zHK+GrBKJXd2jt4U3lXxoV7kap0 BqcugAiAnQXQhOEvNCbGI7X6jN/n4V1QQex/oSeAOYWOpu9Z5DFYIJNh0+IueXk9 JUOtTSr3btJpEHrYOrIWMTY9/JviA9A5QqlmQPTuZay6WDlJNWGRkVxB/afwqOKT 4LwpsVtecQLV =G1wy -----END PGP SIGNATURE-----