-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 19 Feb 2022 07:34:25 +0100 Source: expat Architecture: source Version: 2.4.5-1 Distribution: unstable Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org> Closes: 1005894 1005895 Changes: expat (2.4.5-1) unstable; urgency=high . * New upstream release: - fixes CVE-2022-25235: certain validation of encoding, such as checks for whether a UTF-8 character is valid can cause code execution (closes: #1005894), - fixes CVE-2022-25236: passing namespace separator characters can cause code execution (closes: #1005895), - fixes CVE-2022-25313: an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element, - fixes CVE-2022-25314: integer overflow in function copyString() , - fixes CVE-2022-25315: integer overflow in function storeRawNames() . Checksums-Sha1: 0503fcfe35ea8658f0d7b0c6657c5e45e06558db 1981 expat_2.4.5-1.dsc d344f8949c3d889e8999bf3a5dfabe5393679f69 8312969 expat_2.4.5.orig.tar.gz da35bb11135dc91e2b90b7876d067a2f756053f3 12456 expat_2.4.5-1.debian.tar.xz Checksums-Sha256: c8fd4daf9d8ff8be7c4bf22776332e6861383c889098a4b43c54e8d39409709c 1981 expat_2.4.5-1.dsc c53865ca8bb7159500ab819ee141eb30da56277b9921047f800b633ae8e5f12c 8312969 expat_2.4.5.orig.tar.gz 03d5fde1333193d8ad480ce9640a23b59b5484e475e3e6f5211db366e14432cb 12456 expat_2.4.5-1.debian.tar.xz Files: 65a04e60068098ee54077ac928ee16dd 1981 text optional expat_2.4.5-1.dsc 89fe97319d8d7900c98f4f0044ff0cb2 8312969 text optional expat_2.4.5.orig.tar.gz f873f811d3cabdeed0e7528ad8e423a7 12456 text optional expat_2.4.5-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmIQmn4ACgkQ3OMQ54ZM yL9GaRAAtaa5U+F5ZvRwSma09qiMv+8MtzfBshdXYp8AAuOc4AIYgRSpY5CeZ8/6 6D4gkeAFjxtLE+o/vvxpv/Rqv04EOPuuEFNXHi9EdvPDt+hv7izNbn9/uzavofmz WTMwtcdqrYbdIOrdx4T6aM8oFgJJGmu3QLRihcpeZC6eRdFGIOkUb2l2Mj8AMeyo /9C+PDem5bugvPCWV1CMIJPl2mMJ+8vkouw5UEifPcERsgsqMZf97tfThefejrRM /0D6X2n1CGYYPWOZqLSUNmsblp4Q1VKPJUgkt6zF/2I8eSUycqh7OQjshR+xC7Jk 5P3srtWquxIAbQgKJNn7BwA7pHrQ+hKfQU5Er/2pm4vO7vzgTIC9GFQUYkGstquJ yV68So8IzmVGAteIpEuFPefHU8+w/zVCW3IWYtMRMy9WoIfWw3E1JDo1GYJ1QGJG uRdti19rjAJ+FX5DBVAzdGZTMbEdAeUAXQ04j/5qhelWzW2zETve8oUudBmmKTsW aH/ZjoeYr2b+1osyGCn6LYDZUA6D7HHJFdUU+w5Vc7/5Ec+d/+lubexGRvPsnt9n gtD3YWSW6dbOnYlUzSOcol8M3dYKAhmqBYE/diDZO1Gr4aO+nin4dpHDMhKaT4pn 7aEZmKLoEj45M5oAizv7ZpRxGApF8LEQ7YviFxyKZKBQrzNb3IY= =kwPN -----END PGP SIGNATURE-----