← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #95458

[Bug 1483033] [NEW] Please sync expat 2.1.0-7 (main) from Debian unstable (main)

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Please sync expat  2.1.0-7 (main) from Debian unstable (main).

Explanation of the Ubuntu delta and why it can be droppped:

expat (2.1.0-6ubuntu1) utopic; urgency=medium

  * No-change rebuild to get debug symbols on all architectures.
 -- Brian Murray <brian@xxxxxxxxxx>   Tue, 21 Oct 2014 11:56:11 -0700

Unless I'm missing something, this was just a rebuild without any
changes.

Changes in Debian since 2.1.0-6:
expat (2.1.0-7) unstable; urgency=high

  * Fix CVE-2015-1283, multiple integer overflows in the XML_GetBuffer
    function (closes: #793484).
  * Update Standards-Version to 3.9.6 .

 -- Laszlo Boszormenyi (GCS) <gcs@xxxxxxxxxx>  Fri, 24 Jul 2015 14:48:45
+0000


Note that this includes fix for a CVE. I don't know what the policy is regarding syncs with the ongoing gcc5 transition, so please let me know if this will need to wait until that has been sorted out.

** Affects: expat (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: upgrade-software-version

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1283

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to expat in Ubuntu.
https://bugs.launchpad.net/bugs/1483033

Title:
  Please sync expat  2.1.0-7 (main) from Debian unstable (main)

Status in expat package in Ubuntu:
  New

Bug description:
  Please sync expat  2.1.0-7 (main) from Debian unstable (main).

  Explanation of the Ubuntu delta and why it can be droppped:

  expat (2.1.0-6ubuntu1) utopic; urgency=medium

    * No-change rebuild to get debug symbols on all architectures.
   -- Brian Murray <brian@xxxxxxxxxx>   Tue, 21 Oct 2014 11:56:11 -0700

  Unless I'm missing something, this was just a rebuild without any
  changes.

  Changes in Debian since 2.1.0-6:
  expat (2.1.0-7) unstable; urgency=high

    * Fix CVE-2015-1283, multiple integer overflows in the XML_GetBuffer
      function (closes: #793484).
    * Update Standards-Version to 3.9.6 .

   -- Laszlo Boszormenyi (GCS) <gcs@xxxxxxxxxx>  Fri, 24 Jul 2015
  14:48:45 +0000

  
  Note that this includes fix for a CVE. I don't know what the policy is regarding syncs with the ongoing gcc5 transition, so please let me know if this will need to wait until that has been sorted out.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/expat/+bug/1483033/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next