[ubuntu/yakkety-proposed] expat 2.1.1-1ubuntu2 (Accepted)

[Marc Deslauriers]

expat (2.1.1-1ubuntu2) yakkety; urgency=medium

  * SECURITY UPDATE: unanticipated internal calls to srand
    - debian/patches/CVE-2012-6702-1.patch: remove srand, use more entropy
      in lib/xmlparse.c.
    - debian/patches/CVE-2012-6702-2.patch: use a prime that fits 32bits on
      32bit platforms in lib/xmlparse.c.
    - CVE-2012-6702
  * SECURITY UPDATE: use of too little entropy
    - debian/patches/CVE-2016-5300-1.patch: extract method
      gather_time_entropy in lib/xmlparse.c.
    - debian/patches/CVE-2016-5300-2.patch: extract entropy from XML_Parser
      address in lib/xmlparse.c.
    - CVE-2016-5300

Date: Fri, 10 Jun 2016 07:58:42 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/expat/2.1.1-1ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 10 Jun 2016 07:58:42 -0400
Source: expat
Binary: lib64expat1-dev lib64expat1 libexpat1-dev libexpat1 libexpat1-udeb expat
Architecture: source
Version: 2.1.1-1ubuntu2
Distribution: yakkety
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 expat      - XML parsing C library - example application
 lib64expat1 - XML parsing C library - runtime library (64bit)
 lib64expat1-dev - XML parsing C library - development kit (64bit)
 libexpat1  - XML parsing C library - runtime library
 libexpat1-dev - XML parsing C library - development kit
 libexpat1-udeb - XML parsing C library - runtime library (udeb)
Changes:
 expat (2.1.1-1ubuntu2) yakkety; urgency=medium
 .
   * SECURITY UPDATE: unanticipated internal calls to srand
     - debian/patches/CVE-2012-6702-1.patch: remove srand, use more entropy
       in lib/xmlparse.c.
     - debian/patches/CVE-2012-6702-2.patch: use a prime that fits 32bits on
       32bit platforms in lib/xmlparse.c.
     - CVE-2012-6702
   * SECURITY UPDATE: use of too little entropy
     - debian/patches/CVE-2016-5300-1.patch: extract method
       gather_time_entropy in lib/xmlparse.c.
     - debian/patches/CVE-2016-5300-2.patch: extract entropy from XML_Parser
       address in lib/xmlparse.c.
     - CVE-2016-5300
Checksums-Sha1:
 b6f5c60d33045f0430525345957754ae9b3c6324 2360 expat_2.1.1-1ubuntu2.dsc
 59926d5899468e99e7c3a549c62e39ffaa56e882 17012 expat_2.1.1-1ubuntu2.debian.tar.xz
Checksums-Sha256:
 669a5fdaaa8b275f850152600cbccfcc833ce86fb8f6156c64595c4d742ee7a6 2360 expat_2.1.1-1ubuntu2.dsc
 f0a7a436379166cc32d28c47abe95424bd2dc92f3f7a65fc2b2a7ee2cc6a61bf 17012 expat_2.1.1-1ubuntu2.debian.tar.xz
Files:
 32fc90ef3700042388c972b5c950e03c 2360 text optional expat_2.1.1-1ubuntu2.dsc
 2f27a980d83a6a9754ffee252d15cd1a 17012 text optional expat_2.1.1-1ubuntu2.debian.tar.xz
Original-Maintainer: Laszlo Boszormenyi (GCS) <gcs at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJXWrwUAAoJEGVp2FWnRL6TIFMP/1TSpNbpXNb52pa25G3TGr9i
CUSuGhnTneeXCUuIFfFmAbAJJ/PHidSVfRHGu2atWfi17OU9KuzLIoiLWd/o89Mi
T0oFnaIAHxIP3XI/SfH2CfXxwIO1p/IYObPZRcl46aJB/M/L88Aom9nMq1rCwDeX
BQ7BshBZvYWP2/5BXtIIBLGQ7SNtswfUuUvhnAcV6YNb/8LhaX5jGpVOo6bkkyoa
Tiqvd33sF59PFCrGWvCm0HSQrH/AL49T3mduB5UdpNuYqJ118U4aw7KWeiSGjBTc
Je+EYF1vEiBSXPSOWs7x6m84UOFdE56Gf/GYzyHd3+apV4UBt3NybBJ6xE1u8V9x
SWjfkRXhF7ticwAwiWdz2fOqboR3ym5a0H1FFRD4ze6hoHnoa31DHod6E5psY7cR
fOIhOqAxzoYwreX2RuGx4HmkuWGqI19Tx6V9OuknAeTRhwbmYyPojgf+G5fBktwd
FAl0vCBop6d1rCyO1yq5vUA8PT5eOPU2nE8Y9IhldoH4pKhcKbtQ4eIxAzwOPW5u
wKlxOXpc2tnzenp1hc8Cxyqhv2IIm+WSIQRdfNBNEGgtD9c1bFwsppQT3FXQc/sC
QPhbgFVdLK6Drt65O3Ibbbgoy7Sxf0k46veFU2UmDu+c21W/eKQQcEuYYqAPwv0/
pvCwLsMkMcAgbOgY4YDg
=MPEf
-----END PGP SIGNATURE-----