-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 17 Jun 2017 20:48:02 +0000 Source: expat Binary: lib64expat1-dev lib64expat1 libexpat1-dev libexpat1 libexpat1-udeb expat Architecture: source amd64 Version: 2.2.1-1 Distribution: unstable Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org> Description: expat - XML parsing C library - example application lib64expat1 - XML parsing C library - runtime library (64bit) lib64expat1-dev - XML parsing C library - development kit (64bit) libexpat1 - XML parsing C library - runtime library libexpat1-dev - XML parsing C library - development kit libexpat1-udeb - XML parsing C library - runtime library (udeb) Changes: expat (2.2.1-1) unstable; urgency=high . * New upstream release: - upstream fix for CVE-2016-9063 to prevent undefined behavior from signed integer overflow, - fix CVE-2017-9233: external entity infinite loop DoS, - fix regression from fix to CVE-2016-0718 cutting off longer tag names, - use high quality entropy for hash initialization for part of CVE-2016-5300, - change hash algorithm to William Ahern's version of SipHash to go further with fixing CVE-2012-0876. Checksums-Sha1: d15e5e743f024aa5af63bf4597dc4e29f979e5b3 2267 expat_2.2.1-1.dsc f45eb724f182776a9cacec9ed70d549e87198987 405441 expat_2.2.1.orig.tar.bz2 920bae84af114484fde6aac277f6e5838867fb7a 10368 expat_2.2.1-1.debian.tar.xz 09b924acfb3f9e834dea6e069941132bf4c1689f 23378 expat-dbgsym_2.2.1-1_amd64.deb 6805a0ee540fcdf7f7d697ed02e9c98b8e76a0bf 7646 expat_2.2.1-1_amd64.buildinfo bd7a210c9e8021e2c6c1b224c4a3e3dad6d8bfb3 28532 expat_2.2.1-1_amd64.deb 2637f29dac33288c8c98b7d8e2f9264d01ade8a3 216118 libexpat1-dbgsym_2.2.1-1_amd64.deb e3f756b32c184494477d30d6e44bda928df50096 136698 libexpat1-dev_2.2.1-1_amd64.deb aefcf1d0a7fccdb453be4d15b109ef06306e3f83 54692 libexpat1-udeb_2.2.1-1_amd64.udeb 8e9dd31eabf13920a35daea9de8df16e35a43365 85630 libexpat1_2.2.1-1_amd64.deb Checksums-Sha256: 76d750187f7d31397de023bc943d5baefcaa47bb0c4afaaf91adf5afde2ae219 2267 expat_2.2.1-1.dsc 1868cadae4c82a018e361e2b2091de103cd820aaacb0d6cfa49bd2cd83978885 405441 expat_2.2.1.orig.tar.bz2 822765cb5e5b240e112a3d27dfa45d41b9a2e74f309c65fbbd8d85d89d1e7398 10368 expat_2.2.1-1.debian.tar.xz 8c226f7aa25d65e8f35d32d1d144e6c3c039923f8a0b51652ef15fb934f089db 23378 expat-dbgsym_2.2.1-1_amd64.deb cb3100265673046efa43eca8e24271f5a29a81de192d9053e536eafc6fd10644 7646 expat_2.2.1-1_amd64.buildinfo 26aa5a6e213c1de7018a9962fd7eb8ff8f50de13c7bf2f76e1216c7f1940d4b1 28532 expat_2.2.1-1_amd64.deb 7b7f88252a06f48c254a106fd3e89dcd2ec7f1e688ea912d35c8b8294586cc4d 216118 libexpat1-dbgsym_2.2.1-1_amd64.deb cd8ba625ce7f3030ce6696c5e6088fd7492db2e35743f60d26908bc66e294ce5 136698 libexpat1-dev_2.2.1-1_amd64.deb 7e42b3be86dd5fdcd3c70f8a02f82e0e8e0325171b69df7f0b2726c82956bf29 54692 libexpat1-udeb_2.2.1-1_amd64.udeb 50dbeb5ba7a13b3a32c4274a1c1dbe8dd32fc4cd2ed083cc74adc1f61dfd4c51 85630 libexpat1_2.2.1-1_amd64.deb Files: 4c3a8725eca4b7efed926f9924c1a327 2267 text optional expat_2.2.1-1.dsc d9c3baeab58774cefc2f04faf29f2cf8 405441 text optional expat_2.2.1.orig.tar.bz2 ec51bd3ce2f08e954979eea8bd78f955 10368 text optional expat_2.2.1-1.debian.tar.xz 78ee2a7dd45e3b14797e7fc36903d5f5 23378 debug extra expat-dbgsym_2.2.1-1_amd64.deb 5fa979f25ec47d392e8d67d0dcc4a398 7646 text optional expat_2.2.1-1_amd64.buildinfo 521e0b7d5c09e02ce708dacb4c409c79 28532 text optional expat_2.2.1-1_amd64.deb d0deae6d3724a60e06bca4a7cbf8bc60 216118 debug extra libexpat1-dbgsym_2.2.1-1_amd64.deb 30788b77d3c26a39861bb81cfe8bfff9 136698 libdevel optional libexpat1-dev_2.2.1-1_amd64.deb bba99eeacf85d2d9108d7b7f9dc5dd06 54692 debian-installer extra libexpat1-udeb_2.2.1-1_amd64.udeb d9faa2a84dd468eae33fbc9e67286623 85630 libs optional libexpat1_2.2.1-1_amd64.deb Package-Type: udeb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAllFnToACgkQ3OMQ54ZM yL/KWw//XAMWbJEfgpYfJETHKLfH/Uv8gstuIak103EyGGKA4Bjpx6WZ+lHnNp84 LHfpo3rDsOvVCe/TDlwwmVs0u2Os7Qwv/ZUOwa/7o+XjpttObc7qgO3uhwU2Yl68 gZ0aFw76x+e8SVtYEFSpqrMmwwFVT6/qT118cLZQjDCjlv1BA1Aos+ZKTFQNSmN9 tYS2dgSbYupPXJKO8UYvuST8oDE/lt8Gj9sBQ9mM6PD5QV9QcZLZtcBixY6ZeOsM ToBji9e91SkEM3KUl7+u9/lbxlRF2edJzZNtnVS3DsHj6RoIUI1k5GlVl7A2eMNo ZwlXB3TUxWs2WtYB2YRN2+VuzOPEPlMRwh3fXu/bdNIDyGTrL04u8hdNOwzi5ERw ir7JnZ9y69tNfD3b/HuNiv2SVrrxWpAKjg+jexkiIQ4CZ0RxD0TdHzf0LuSDzPtm KI+ZKBvtfCmPwOq/Da56YDKPeKHnvPegXx738N4NnPoJ29HdpAwIuGbE542Bq41e rYBcn1o8GjV+p6EqM9NDVuOY6AImTvgWpWGP/PFx2eYzyzGqFiVOeikLNOJmYbBi tvY9K7QE4Cw2tn26l16b52HvAaLdteW6FJY7AiwBa38Q6VcEFZ+GSMvq0MbH8dmM ozWdckMYSJZtwFvMPJ2ZlBPoj0I8MP+cCy/Z1Nay1fe5uimc2Gg= =FOt4 -----END PGP SIGNATURE-----