landing-team-changes team mailing list archive

Thread
Date
[stable-overlay] expat (2.1.0-6ubuntu1.2)

To: landing-team-changes@xxxxxxxxxxxxxxxxxxx
From: ubuntu.landing.team@xxxxxxxxx
Date: Tue, 07 Feb 2017 10:30:58 -0800 (PST)
Uploaded to the Stable Phone Overlay PPA (~ci-train-ppa-service/ubuntu/stable-phone-overlay vivid) archive

---------------
Format: 1.8
Date: Thu, 19 Jan 2017 18:04:37 -0600
Source: expat
Binary: lib64expat1-dev lib64expat1 libexpat1-dev libexpat1 libexpat1-udeb expat
Architecture: source
Version: 2.1.0-6ubuntu1.2
Distribution: vivid-security
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@xxxxxxxxxxxxxxxx>
Changed-By: Emily Ratliff <emily.ratliff@xxxxxxxxxxxxx>
Description:
 expat      - XML parsing C library - example application
 lib64expat1 - XML parsing C library - runtime library (64bit)
 lib64expat1-dev - XML parsing C library - development kit (64bit)
 libexpat1  - XML parsing C library - runtime library
 libexpat1-dev - XML parsing C library - development kit
 libexpat1-udeb - XML parsing C library - runtime library (udeb)
Changes:
 expat (2.1.0-6ubuntu1.2) vivid-security; urgency=medium
 .
   * SECURITY UPDATE: unanticipated internal calls to srand
     - debian/patches/CVE-2012-6702-1.patch: remove srand, use more entropy
       in lib/xmlparse.c.
     - debian/patches/CVE-2012-6702-2.patch: use a prime that fits 32bits on
       32bit platforms in lib/xmlparse.c.
     - CVE-2012-6702
   * SECURITY UPDATE: use of too little entropy
     - debian/patches/CVE-2016-5300-1.patch: extract method
       gather_time_entropy in lib/xmlparse.c.
     - debian/patches/CVE-2016-5300-2.patch: extract entropy from XML_Parser
       address in lib/xmlparse.c.
     - CVE-2016-5300
   * SECURITY UPDATE: denial of service and possible code execution via
     malformed documents
     - debian/patches/CVE-2016-0718.patch: fix out of bounds memory access
       and integer overflow in lib/xmlparse.c, lib/xmltok.c, lib/xmltok.h,
       lib/xmltok_impl.c.
     - CVE-2016-0718
   * SECURITY UPDATE: integer overflows in XML_GetBuffer
     - debian/patches/CVE-2015-1283-refix.patch: improved existing fix in
       lib/xmlparse.c.
     - CVE-2016-4472
Checksums-Sha1:
 b6ec81dba51f646557c09c7b17b000ad709fdaab 2363 expat_2.1.0-6ubuntu1.2.dsc
 7badef7b0e556103fb7ffb313a0e80f8c985363b 21676 expat_2.1.0-6ubuntu1.2.debian.tar.xz
Checksums-Sha256:
 dc6b4c6c95159591078950aa1904197cc5f5fe81652cf70605abcecb74d15f13 2363 expat_2.1.0-6ubuntu1.2.dsc
 0846d4770b20e207ad3541de0b33eb3efc7987daf2e2d68f8702f55b3b30f14c 21676 expat_2.1.0-6ubuntu1.2.debian.tar.xz
Files:
 4068bab4d2f7d377e4c20029104bd290 2363 text optional expat_2.1.0-6ubuntu1.2.dsc
 4c9b520875be00c890692ba7c28b8568 21676 text optional expat_2.1.0-6ubuntu1.2.debian.tar.xz
Original-Maintainer: Laszlo Boszormenyi (GCS) <gcs@xxxxxxxxxx>