[ubuntu/questing-security] expat 2.7.1-2ubuntu0.2 (Accepted)
Ian Constantin
ian.constantin at canonical.com
Tue Feb 10 10:36:18 UTC 2026
expat (2.7.1-2ubuntu0.2) questing-security; urgency=medium
* SECURITY UPDATE: Large memory allocation.
- debian/patches/CVE-2025-59375-*: Fix large memory allocation in
expat/lib/xmlparse.c, expat/lib/expat.h, expat/tests/basic_tests.c,
expat/tests/nsalloc_tests.c, expat/xmlwf/xmlwf.c,
expat/xmlwf/xmlwf_helpgen.py, expat/lib/internal.h,
expat/tests/alloc_tests.c, expat/fuzz/xml_lpm_fuzzer.cpp,
expat/fuzz/xml_parse_fuzzer.c, expat/tests/misc_tests.c.
- debian/libexpat1.symbols: Add new symbols.
- CVE-2025-59375
* SECURITY UPDATE: Null pointer dereference.
- debian/patches/CVE-2026-24515-*: Add oldUnknownEncodingHandlerData and
assignments in expat/lib/xmlparse.c. Add tests in
expat/tests/basic_tests.c.
- CVE-2026-24515
* SECURITY UPDATE: Integer overflow.
- debian/patches/CVE-2026-25210-*: Change bufSize operation and assignment
and add error check in expat/lib/xmlparse.c.
- CVE-2026-25210
Date: 2026-02-09 14:43:25.646435+00:00
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
Signed-By: Ian Constantin <ian.constantin at canonical.com>
https://launchpad.net/ubuntu/+source/expat/2.7.1-2ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list