Bug#931043: unblock: expat/2.2.6-2

Mon, 24 Jun 2019 22:03:38 -0700 

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock

Hi,

Please unblock package expat, it fixes CVE-2018-20843 and got fixed by
Laszlo cherry-picking the upstream fix. The issue is tracked as
#931031 in the BTS:

> expat (2.2.6-2) unstable; urgency=high
> 
>   * Fix extraction of namespace prefix from XML name (CVE-2018-20843)
>     (closes: #931031).
> 
>  -- Laszlo Boszormenyi (GCS) <g...@debian.org>  Mon, 24 Jun 2019 21:18:31 
> +0000

unblock expat/2.2.6-2

Regards,
Salvatore

diff -Nru expat-2.2.6/debian/changelog expat-2.2.6/debian/changelog
--- expat-2.2.6/debian/changelog        2018-08-15 17:18:15.000000000 +0200
+++ expat-2.2.6/debian/changelog        2019-06-24 23:18:31.000000000 +0200
@@ -1,3 +1,10 @@
+expat (2.2.6-2) unstable; urgency=high
+
+  * Fix extraction of namespace prefix from XML name (CVE-2018-20843)
+    (closes: #931031).
+
+ -- Laszlo Boszormenyi (GCS) <g...@debian.org>  Mon, 24 Jun 2019 21:18:31 +0000
+
 expat (2.2.6-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru 
expat-2.2.6/debian/patches/Fix_extraction_of_namespace_prefix_from_XML_name.patch
 
expat-2.2.6/debian/patches/Fix_extraction_of_namespace_prefix_from_XML_name.patch
--- 
expat-2.2.6/debian/patches/Fix_extraction_of_namespace_prefix_from_XML_name.patch
   1970-01-01 01:00:00.000000000 +0100
+++ 
expat-2.2.6/debian/patches/Fix_extraction_of_namespace_prefix_from_XML_name.patch
   2019-06-24 23:18:31.000000000 +0200
@@ -0,0 +1,23 @@
+From 11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebast...@pipping.org>
+Date: Wed, 12 Jun 2019 15:42:22 +0200
+Subject: [PATCH] xmlparse.c: Fix extraction of namespace prefix from XML name
+ (#186)
+
+---
+ expat/lib/xmlparse.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index 30d55c5c..737d7cd2 100644
+--- a/expat/lib/xmlparse.c
++++ b/expat/lib/xmlparse.c
+@@ -6080,7 +6080,7 @@ setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE 
*elementType)
+       else
+         poolDiscard(&dtd->pool);
+       elementType->prefix = prefix;
+-
++      break;
+     }
+   }
+   return 1;
diff -Nru expat-2.2.6/debian/patches/series expat-2.2.6/debian/patches/series
--- expat-2.2.6/debian/patches/series   1970-01-01 01:00:00.000000000 +0100
+++ expat-2.2.6/debian/patches/series   2019-06-24 23:18:31.000000000 +0200
@@ -0,0 +1 @@
+Fix_extraction_of_namespace_prefix_from_XML_name.patch

Reply via email to