-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 08 Sep 2024 08:44:19 +0200 Source: expat Binary: expat expat-dbgsym libexpat1 libexpat1-dbgsym libexpat1-dev libexpat1-udeb Architecture: amd64 Version: 2.5.0-1+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) Changed-By: Laszlo Boszormenyi (GCS) Description: expat - XML parsing C library - example application libexpat1 - XML parsing C library - runtime library libexpat1-dev - XML parsing C library - development kit libexpat1-udeb - XML parsing C library - runtime library (udeb) Closes: 1080149 1080150 1080152 Changes: expat (2.5.0-1+deb12u1) bookworm-security; urgency=medium . * Backport security fix for CVE-2024-45490: reject negative len for XML_ParseBuffer() (closes: #1080149). * Backport security fix for CVE-2024-45491: detect integer overflow in dtdCopy() (closes: #1080150). * Backport security fix for CVE-2024-45492: detect integer overflow in function nextScaffoldPart() (closes: #1080152). Checksums-Sha1: b46fb5a1377217ffd03e6bbcd19b28b89d84ecbd 32148 expat-dbgsym_2.5.0-1+deb12u1_amd64.deb ca83e20b1c9fc74de8869ef406c98705d213b41d 8746 expat_2.5.0-1+deb12u1_amd64-buildd.buildinfo a6d964ff09cfd86bad53b42cce6f2f9d033ac40c 40312 expat_2.5.0-1+deb12u1_amd64.deb 93e768703ce3b16547461b207745a9c9cfebc228 302100 libexpat1-dbgsym_2.5.0-1+deb12u1_amd64.deb 450d0fb50aae0029ce7576520bc863a3ea468b7c 149632 libexpat1-dev_2.5.0-1+deb12u1_amd64.deb f23e7723e7b011905994eee2820b83a96f57794e 57196 libexpat1-udeb_2.5.0-1+deb12u1_amd64.udeb fbab3c40101f8af372869db5060cc5df489c70e4 98936 libexpat1_2.5.0-1+deb12u1_amd64.deb Checksums-Sha256: 62ce739973c1cf6e1a741d12a268ecd47beb92a69e0588c3411081bb7dff7632 32148 expat-dbgsym_2.5.0-1+deb12u1_amd64.deb 40e37bcd02d1dda3ab7710b0a58de041a22149b4012a6a1db76cccd4650857fd 8746 expat_2.5.0-1+deb12u1_amd64-buildd.buildinfo 7c2d71b859e5d44632f25e358ea3db14b5c7f11e75871d5d3dd55b0e8ea3ce39 40312 expat_2.5.0-1+deb12u1_amd64.deb 5df29ee5b8080e0645f2704756c46e52d2fe0e94fb1565a66a73a190df193125 302100 libexpat1-dbgsym_2.5.0-1+deb12u1_amd64.deb 229bd069ed24d30c0a5a41440345e5dc6ac18f98d76f1f0b1b515bbdf7656531 149632 libexpat1-dev_2.5.0-1+deb12u1_amd64.deb b077890fba11ec0eb5582bd1b21163a9a68053f5d580dcd4117fd5154f5b68d4 57196 libexpat1-udeb_2.5.0-1+deb12u1_amd64.udeb c2bd305125bcece5816b2521f293a99499d674cd2dd744416caa4952158ad99d 98936 libexpat1_2.5.0-1+deb12u1_amd64.deb Files: fe3740f42a82ca0027f6d01d98904acd 32148 debug optional expat-dbgsym_2.5.0-1+deb12u1_amd64.deb 1a55feccb1ac3ea40eb0b3c039178000 8746 text optional expat_2.5.0-1+deb12u1_amd64-buildd.buildinfo 440ece41b04f0a2641f93acbf4e8e913 40312 text optional expat_2.5.0-1+deb12u1_amd64.deb eabe771218b9d1e6a3a7ef45ceb2ac42 302100 debug optional libexpat1-dbgsym_2.5.0-1+deb12u1_amd64.deb a4ffe1fbef5e66d2f015d8dd9398cb75 149632 libdevel optional libexpat1-dev_2.5.0-1+deb12u1_amd64.deb 67c3aa3187951db66acb8bae73c396e0 57196 debian-installer optional libexpat1-udeb_2.5.0-1+deb12u1_amd64.udeb 5e550700a77f434e39fc198ed3594ffb 98936 libs optional libexpat1_2.5.0-1+deb12u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEgdRoRGwEM09wlaMzOni7ZmUpKEcFAmblS2YACgkQOni7ZmUp KEcVnRAAsZZi9Cu2o+uumjGQ0+yAG6ukYsxgBqqx2T/SiHUs66SCjF5JFNV2KjUz gT/n0s2jOUDWanm8K/RO199Gdcr47LnQ6szMNmKCtErXNQ387vDcUWp95s3qu13x ffD2Am98N9ZvK9Z0mA3O7//g1C3wziYcNAprvSMsghziQxm4mpwxwk7azPsWHEGH bwJrsGB+kU8Dv1TFGHnIwo0/9fcc55hVwwtzNUGibS8gFfivSFak5eEpXYkuXMnr QNoFkl8L2Jvj46ll/NXbDUD5x4bij62HSQCeUCVuz7nBzsYN44POipUzi5WL9KSk 71TOheot1Apo7kWFD3VMU2MmZQKCj1ajFqG8JFZiIrWtauROoBGJRVvs3+vuMN4k yflXDsuT3gGQcbgGcLYCWnr0cprIzuqtnn0nQxMm1rKtg40LW3i4laQn7x9bO30h DZi8SXKESyA0gD91NSMl8s6E6o22wGm/attjoID7kl2ZgiXAS7IhmJ17Y9avKRK5 STAvDPjQKcA2qGLG93AVkkPAFQtii4LPkfuEwpe6eBNultDR+JQOBjWc4HtZwXVq wbKEU8T/8m9nx7Dw9JCBuj4OIQwxAtYS508Xu3R+wpO3NWCJQM8T/Xp8ILHzU25j sG544FW8IA3+fYMElNB1mSFEG7BLarx65MTBFOe73WJ7kE9GuY4= =z6b2 -----END PGP SIGNATURE-----