Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted expat 2.2.10-2+deb11u6 (source) into oldstable-security
Date: Thu, 19 Sep 2024 01:20:19 +0000
Signed by: Guilhem Moulin <guilhem@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 17 Sep 2024 03:07:40 +0200
Source: expat
Architecture: source
Version: 2.2.10-2+deb11u6
Distribution: bullseye-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Closes: 1063238 1080149 1080150 1080152
Changes:
 expat (2.2.10-2+deb11u6) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * Fix CVE-2023-52425: Denial of Service (resource consumption) when parsing
     a large token for which multiple buffer fills are needed.
     (Closes: #1063238)
   * Fix CVE-2024-45490: xmlparse.c does not reject a negative length for
     XML_ParseBuffer(), which may cause memory corruption or code execution.
     (Closes: #1080149)
   * Fix CVE-2024-45491: Integer overflow for nDefaultAtts on 32-bit platforms.
     (Closes: #1080150)
   * Fix CVE-2024-45492: Integer overflow for m_groupSize on 32-bit platforms.
     (Closes: #1080152)
   * Run upstream test suite at build time.
Checksums-Sha1:
 8c1bbe253db356f97ddc52280db9ea4f673b3f47 2020 expat_2.2.10-2+deb11u6.dsc
 ac24b7866455082b20c477a59b39cd120f997a54 67904 expat_2.2.10-2+deb11u6.debian.tar.xz
 ab25db20f160b282126e3d24d52529971437feb8 9007 expat_2.2.10-2+deb11u6_amd64.buildinfo
Checksums-Sha256:
 7227fe4cce0d7b0d43bab1d5662cf060fbd8fabe9e82a36827a9265a29ee2a5a 2020 expat_2.2.10-2+deb11u6.dsc
 74ea952e8094b333125dde907c29618724946cef660828d1f48d1bfc3bef574d 67904 expat_2.2.10-2+deb11u6.debian.tar.xz
 56b89075da5cc8046dfff5cc62ad2697d352b2eeb8e5070fc562c1a3502dc399 9007 expat_2.2.10-2+deb11u6_amd64.buildinfo
Files:
 41dc6b80f547f2bd8e6f0274072891aa 2020 text optional expat_2.2.10-2+deb11u6.dsc
 7dfc9002e7b79a65a583c86d21acf9e6 67904 text optional expat_2.2.10-2+deb11u6.debian.tar.xz
 db9e5ddcdb8bf876706c782558daf934 9007 text optional expat_2.2.10-2+deb11u6_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmbra8kACgkQ05pJnDwh
pVLjfhAAiox35gSMxQy9jkPd67tkao0aZaw1hZxUuEzw1SQ58cHtTQfa1ta1eh4+
RHtJWyEg++8GLx2x+XyV1RhSxHI2gcY9T5GcdDj77JVDEkr537FXcSpciX7n6N3R
y56/9duTsGxDz7KP0f4DSYiMPxLbUJ2vRmRGnBTNB9Yw7aJLuv0jF5Q1Rpp8ySBc
EXG61fN9/ey5iR3ppMeEo3RZRBHSNLGIOs+2ERA5Xn9/7U2S6Qjcfqg/V8gXY0UG
V1Gnf0HRUjW+J7mVfXSsYh73YChyfg9IjVVXHTBmyRY0K9PPozJOWXEdoaSILu8G
PtaDRO2F4MaIq0VtP4znBKiOBCNU80jbz4qu0cS3l80KqB0FQ3Xao9yu0WlvTHeB
jGI6rYi9nEdA3ifu1tdcGlTkCpQsoC1lnuhz4pEeIwINsyRVBfaFZoZiM9LbeXxA
i65tS6DLbQWuRPUyforFxamOYryZ8WYEGJJUsy58nME1RRfx3zanEeIUn/SL5Pgr
6fSO4SvhqIWqhdu4ryoVcpLJpZ8ejKCX1TErNJcOAuGXgLaNq6Lb5dmjHjq/dMmF
9BTa0z3nMZnYaNRiPw9DImEAAZbCjHEXFdu2TWTfllURukgG2FoyO+jIAhyvFPKn
IU1pZ8SvB3gE8lfcHv3QC1fqvTUyBeVSPvWDNnKOCcbrOfLb0ck=
=repk
-----END PGP SIGNATURE-----

News for package expat