Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted expat 2.6.0-1 (source) into unstable
Date: Tue, 06 Feb 2024 21:49:30 +0000
Signed by: Laszlo Boszormenyi <gcs@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 06 Feb 2024 22:00:26 +0100
Source: expat
Architecture: source
Version: 2.6.0-1
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Closes: 1063238 1063240
Changes:
 expat (2.6.0-1) unstable; urgency=high
 .
   * New upstream release:
     - fixes CVE-2023-52425: fix quadratic runtime issues with big tokens that
       can cause denial of service (closes: #1063238),
     - fixes CVE-2023-52426: fix billion laughs attacks for users compiling
       without XML_DTD defined (which is not common) (closes: #1063240).
Checksums-Sha1:
 68913585cf4c600408c97782d2559ef7af83d2ee 1964 expat_2.6.0-1.dsc
 6cd4f2cdafaa7f3176200542736c7d40c9438362 8414635 expat_2.6.0.orig.tar.gz
 4e5a46ceb154dcc24e724e2ba97a9161f2478706 12920 expat_2.6.0-1.debian.tar.xz
Checksums-Sha256:
 6473ff559f741ff08b95d3b3a8e16fab89a9b7e195215f23fe4eb19f353468d6 1964 expat_2.6.0-1.dsc
 87e35fde768baf3b31a78dd2807eb456618acf4d6c512660a1796c684b2515f9 8414635 expat_2.6.0.orig.tar.gz
 dd9d930c64e310b281ccab88d76babe8e6d67d0ea386d30fac66efd931e1173e 12920 expat_2.6.0-1.debian.tar.xz
Files:
 e0e9960787865ff4e36651e81b2e7b73 1964 text optional expat_2.6.0-1.dsc
 aa424e56fe6378bb4b9f26b903f42119 8414635 text optional expat_2.6.0.orig.tar.gz
 a679de87fc12b80d698a424c59180ed9 12920 text optional expat_2.6.0-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmXCpKAACgkQ3OMQ54ZM
yL8kZg//ULL2imt7oNCqdeRn2qlFvRB9ePsZih5yBZatU2qPeXlGVJxuIFfr3B+O
sDiXHBo476GDHmAhKoVZTcQOz7pGT8JWUgZKuIW4GzJllrMdNDY9XWLkqZnI0lns
6j34VhK89L6l2PU0cVGIlf9Ffr3c4MUCAeJ/QFmcTgwny23vR34HDcHbHPh2bwg8
QubEJpe6Uxix2zZIRAE4MIIjvNXRpR33hbd5IegmB1ujPC8jQYSuuO84Ahr9FD6u
nbf5/V7+CTQlhSuGdWZnPH4cLzBk/BHaXORiTH3GwNtFqLB0MIFsxtHgwkZpiSC9
pNKwL45v2QDoQxsPsuZBJV0mEZroH0+QT6Yyewt+DL+2MPcmFRQB2SgdkOX1mcxk
kOCJ3fS+W8MQICvgO5I+WnIc4RTt2862P7e8SmbLC+HLNWJnL6IMvE0im7WZ1DZl
Nzj2EJPcjOxeohu2TYGHISXxzTwXgP37nhNQLdwvpAc2GXe+h9WPl9bvNS+U6aiS
lAta7u9NOA8qMLeupTKk1TTEzO6tknAGr1U5ssHX2Mc38HVZFh/EBy8CcK6pkjTz
XVAfRjQ2O+eb1ikzMzN0edX71HUR4gtzjKqrjNK6tZYREb8LZYezpoHKLloPH7PD
oK/wcuA5w8h0KXYPgLFuk3fGh8kD2w7lUFx71BtrGzIAGPiIaxo=
=jrTI
-----END PGP SIGNATURE-----

News for package expat