-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 19 May 2016 20:52:37 +0200 Source: expat Binary: lib64expat1-dev lib64expat1 libexpat1-dev libexpat1 libexpat1-udeb expat Architecture: source amd64 Version: 2.1.0-1+deb7u3 Distribution: wheezy-security Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: expat - XML parsing C library - example application lib64expat1 - XML parsing C library - runtime library (64bit) lib64expat1-dev - XML parsing C library - development kit (64bit) libexpat1 - XML parsing C library - runtime library libexpat1-dev - XML parsing C library - development kit libexpat1-udeb - XML parsing C library - runtime library (udeb) Changes: expat (2.1.0-1+deb7u3) wheezy-security; urgency=high . * Add CVE-2015-1283.refix.patch: Avoid relying on undefined behavior in CVE-2015-1283 fix. * Add CVE-2016-0719.patch: Apply upstream patch to fix the root cause of CVE-2016-0718 and CVE-2016-0719 vulnerabilities. The Expat XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs allow for a denial of service attack in many applications by an unauthenticated attacker, and could conceivably result in remote code execution. Checksums-Sha1: 7e92328f25b5a5ee52559be49d08ecb465b3c644 2307 expat_2.1.0-1+deb7u3.dsc b1064eda8363601954f20c9a71427ff47573151e 18053 expat_2.1.0-1+deb7u3.debian.tar.gz 7995139ae1038ddd769a127c121add4678324831 225192 libexpat1-dev_2.1.0-1+deb7u3_amd64.deb 98ce4de3b3de5d3cd170baea4afdcf9183a41be0 138872 libexpat1_2.1.0-1+deb7u3_amd64.deb 33a60907ee0ad68aa5fc8023018db9306faabc6e 52686 libexpat1-udeb_2.1.0-1+deb7u3_amd64.udeb 5ea30f805bc4bb5735e45f3c1a0d7705fffba3e9 26272 expat_2.1.0-1+deb7u3_amd64.deb Checksums-Sha256: 51495f73e7f2ab1075c602ac8fa1842618a8a75c4fb53e0e43d50dbc73e7dbbe 2307 expat_2.1.0-1+deb7u3.dsc 8a2a90540a2f302fa4e9f35b7f8d43ccce44dcdd234a2c04e84b95b2dd05fc26 18053 expat_2.1.0-1+deb7u3.debian.tar.gz 6273f0db41014865c9e02d3095baf3d3de0cafc97a7c1784166731845e7c40c9 225192 libexpat1-dev_2.1.0-1+deb7u3_amd64.deb 4b69f351c6dedad1f58b12b1fdf2b6bd82634057860e8ffc66afa4904e55007b 138872 libexpat1_2.1.0-1+deb7u3_amd64.deb 70093f87003fe29513cc52002d9034d0d5d16e5dde258e6921e5ae99caf531d0 52686 libexpat1-udeb_2.1.0-1+deb7u3_amd64.udeb 1eff366eb7e7c515f213c328ec63b4a30c14bebcbe1ad4b3f4d47c5bb019c74b 26272 expat_2.1.0-1+deb7u3_amd64.deb Files: 393470e8b89740df1865cf9a9b9a15b1 2307 text optional expat_2.1.0-1+deb7u3.dsc fdde7adf44f43aa237f99afd06886444 18053 text optional expat_2.1.0-1+deb7u3.debian.tar.gz ea27702147e3740f6c278e3c025662ad 225192 libdevel optional libexpat1-dev_2.1.0-1+deb7u3_amd64.deb 5a10623318739cca7bd276128968d8f2 138872 libs optional libexpat1_2.1.0-1+deb7u3_amd64.deb a2e0431ea9c993b17e77fe4af96670f5 52686 debian-installer extra libexpat1-udeb_2.1.0-1+deb7u3_amd64.udeb 7a72e88247823521ea93d9b09c52774a 26272 text optional expat_2.1.0-1+deb7u3_amd64.deb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJXPhPsXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkVgsP/itbKxY3a4Y/3mvTvqyR4Qvp G5uVK36Y7PejsndvWWsQKr46UVvCu+cv3QPH/Ks7w3VEttGF/i18xMrvxuvbo1is l60E/pCUgbNPGAhVznK9SzsWfSyyyJDv202qy0IycD9hLIUO86Yxpi+ISV3XgyAJ oEkuR4JQfZndqj12EdPqgn6IlYkVKKRfzY2XTno+UpcTU5zg4DRVe67MVrnfQDx6 epV9mYazsy2A3LyPwKc1e1QTPi+iWm/cZWSjwDD3pe9JcsY/heGDXmFtU+Dwv8hO QrNaUEtKUMtKx3ftqHgPq5a6TkmRA2WFeYzu2S6nd2+oaRrAcMw0zPpqlnKjWqhS fVrItV+UeMnt5JeExqGIZv109TtcTUD2s+FAK4xOShHIGjNRK9ex2qNY5b74ztoA f2BVmGUDLxbUhDFOak62E2ZVtshYikcqDMM/VNzPaeuXjxGKYDOFA7N8BqqM8f8E aYDrEbsrcHcRRv7Tgkd0BOM61iSpuwNJ7i3tY6XvQkKGVp2nxexzJNyIjxaiTqIh C9bvzLU0o7zO37NaMs3FlFBJ2AzaAYpI0Ayrx7DU84vUYmcagqEVD8eaeQhn9TLg PXk6FYv7/Le47g6obifuYcyns3cCMnOIqLo7S4rW2XxCL4THxn8tZevg0ogJ1UgB /XKH6a3NNYv8koO8DeHp =fzFK -----END PGP SIGNATURE-----
