-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 08 Sep 2024 08:44:19 +0200 Source: expat Architecture: source Version: 2.5.0-1+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org> Closes: 1080149 1080150 1080152 Changes: expat (2.5.0-1+deb12u1) bookworm-security; urgency=medium . * Backport security fix for CVE-2024-45490: reject negative len for XML_ParseBuffer() (closes: #1080149). * Backport security fix for CVE-2024-45491: detect integer overflow in dtdCopy() (closes: #1080150). * Backport security fix for CVE-2024-45492: detect integer overflow in function nextScaffoldPart() (closes: #1080152). Checksums-Sha1: a090f14a8bbb40759949fd4f00db7aedbbf4b8d8 2013 expat_2.5.0-1+deb12u1.dsc 03d9882ede56aa48919fbf50fe17614630257a82 8320988 expat_2.5.0.orig.tar.gz 1d6311c2981fcb0425efbba1cb5417905fbac3fe 13724 expat_2.5.0-1+deb12u1.debian.tar.xz 25416e403e0c246a662c691a92f20a7d670c3c8f 9004 expat_2.5.0-1+deb12u1_amd64.buildinfo Checksums-Sha256: 6507e647ff25e88be44b413089b357b4a837a461f11353dd38d7686e3e5733a4 2013 expat_2.5.0-1+deb12u1.dsc ab00ee05c7067fd10a35c5d2a4922ebba746ddd50ff83b79c828da17bbdf1757 8320988 expat_2.5.0.orig.tar.gz 32e9a953f5a240fca186e077ca957fe9352777707b650a58ff989650b9fa0a80 13724 expat_2.5.0-1+deb12u1.debian.tar.xz 510a44ed4b4de580aab5b4035ee2f708986a09bf1c826984ab01bf68a90f2a18 9004 expat_2.5.0-1+deb12u1_amd64.buildinfo Files: 293b800314254ac85eaaa734eb21c3e1 2013 text optional expat_2.5.0-1+deb12u1.dsc d375fa3571c0abb945873f5061a8f2e2 8320988 text optional expat_2.5.0.orig.tar.gz df8f2ce3e9ef757f1b1799b7ce326488 13724 text optional expat_2.5.0-1+deb12u1.debian.tar.xz b320d197550f5aa1d3bfdf2da6bdca90 9004 text optional expat_2.5.0-1+deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmblRLgACgkQ3OMQ54ZM yL/DGhAAms5NIjOKNnyPzYqBY1UbBPfY1ft6SHMGWV1Rrz1IHsU3mT0Rf2M3r/UI 5K08HgAh9hrd7E607eLvW8oJNYEQbzZ62yTGuVfzDvON1OhBJDhgbaOkB2qaFrmi 2vVvhp2k6ALHXpoG+dGIoEFNWKLNQQa9TirkEgBG/vfx5SLhLkYDuB/6lO7XFl0P drEz+i9caf2JMHC4tHm7yQ2y4YACKiJt5bXKExxNe/Yprt98xHIapmzauY53Uudf RUOX9tdskLAtpWsoPHxY4GTBrvDuJxDVY+Xs4Pu1HHBwZSaywi3iWTRfq8AN4PrE YykGtHMMOaM1i1QhWkcJ4ZxjYncXm0SxXMQFkkoNjq55p1Wkf0glARtRUBtAGcLV v8X+MR4Cpq2YVZaj8RhF53LIaZxTSztZk0pKSjO65ks93Ikxi57HJXgaAdagcqIk jVW66FG1eyseur2rHkYoR/jiLEKWsHyV5AAIFrmKfquimsrvcZ0IMkm2/cdPPdd8 j4m6xgJB/tWbYGGjJAuPCRRFIzR7C/149Ja6qSgQFXdcrpcr/QtRsUy2k8OuMwFe JplYx3dtAXD5Emlmff8a/ySYDc07g04fslukD+jpjtA6fKUY9CB24m2TdOfij0T0 pF6VzSUEk2WGrWCiWqUNO+gxdiIvF17/4yiwQu43NS1X0FfYOCw= =deJw -----END PGP SIGNATURE-----