Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted expat 2.2.6-2+deb10u3 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
Date: Sat, 26 Feb 2022 19:47:34 +0000
Signed by: Salvatore Bonaccorso <carnil@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 20 Feb 2022 17:19:40 +0100
Source: expat
Architecture: source
Version: 2.2.6-2+deb10u3
Distribution: buster-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1005894 1005895
Changes:
 expat (2.2.6-2+deb10u3) buster-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Prevent stack exhaustion in build_model (CVE-2022-25313)
   * Prevent integer overflow in storeRawNames (CVE-2022-25315)
   * Prevent integer overflow in copyString (CVE-2022-25314)
   * lib: Fix (harmless) use of uninitialized memory
   * lib: Protect against malicious namespace declarations (CVE-2022-25236)
     (Closes: #1005895)
   * tests: Cover CVE-2022-25236
   * lib: Drop unused macro UTF8_GET_NAMING
   * lib: Add missing validation of encoding (CVE-2022-25235)
     (Closes: #1005894)
   * tests: Cover missing validation of encoding (CVE-2022-25235)
   * Fix build_model regression.
   * tests: Protect against nested element declaration model regressions
Package-Type: udeb
Checksums-Sha1: 
 2d2f037225288140c25fadf648ee5c029279e072 2136 expat_2.2.6-2+deb10u3.dsc
 3f2ca2ee5db7b68a647122320424edb7278dc087 25028 expat_2.2.6-2+deb10u3.debian.tar.xz
Checksums-Sha256: 
 2b58ea166b515d88311e65047aaa81b701a3a4581fbb56e5dd76933a86883a93 2136 expat_2.2.6-2+deb10u3.dsc
 99ccca69578e5bfff55b0fd5d21bf24ca2eda1a9e2f5a10610bc27409ca3f1b0 25028 expat_2.2.6-2+deb10u3.debian.tar.xz
Files: 
 4f5240df4513afd5a160db2289a2e932 2136 text optional expat_2.2.6-2+deb10u3.dsc
 9880ac9da76b4cf265135e1d5d24853a 25028 text optional expat_2.2.6-2+deb10u3.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmISaoxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EqTsP/1UfvYc3yblKf43pzqesYtq+R6Ut33CH
dxzJVLZhmkhMdnXnzNPMk3llEzKcNkINS+wT7C7qzIeLuz9HvIESSosJiC9E1MJQ
PAmydb5TJgH2T/Eai+dSYtUxcrfWJFAVrC0R5WB4jBX8KocbwQbCyWm3olehdDp2
9ae2nsTj2Q6Bo8b0QQk4w9I3GlAwgTTqYYvfEEs3158Kip2x243TR108+gJkVHTD
7FPFXfy/BWJQe6Lb4XytBUNwByzsTMIXJZzFHJbgqCQ4NktgvwGZ8NPMdtbXm9AL
M2Qh30TL8mRpRP7iXMvMa+UoPusMJnzmdOSJQ3TSCfSKBacZPQPHztILB5fzAVQO
kDsz1r54t7+e9zCZ1CO4+BL/LJ5YhTJ5qQdWomKq4YVeYMi8++EqZRM7m3YlWdKq
R42Kun1xGuyixppY7SMr77U4JUk+l1PCdPxSDd8YDQDFTQOnqOi82mY/hX613WpV
pR7fKUiv5PSGBzpjJZ6IzOVXUhF57ZwSGeDE4SzVVANZ9a9MfRQN1SMepMfiEqjj
OctMHUfrC1o1nwk9uBPA4YNspi4rB7mDt9BHaJnSs1HNLnJ8GePKbviSn9nVXK+1
y68FJPi3ptJmNsxxQVZySOj4G/TUOfOi5PqHmKWQy0il7QfKzmoH5msLigZl9IOr
6RwRuuYg8Gqv
=My1P
-----END PGP SIGNATURE-----

News for package expat