[SECURITY] [DLA 1839-1] expat security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1839-1] expat security update
From: Markus Koschany <apo@debian.org>
Date: Sat, 29 Jun 2019 20:59:53 +0200
Message-id: <[🔎] 37da7c30-11d6-73f8-a865-e5beca406097@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : expat
Version        : 2.1.0-6+deb8u5
CVE ID         : CVE-2018-20843
Debian Bug     : 931031

It was discovered that Expat, an XML parsing C library, did not properly
handle XML input including XML names that contain a large number of
colons, potentially resulting in denial of service.

For Debian 8 "Jessie", this problem has been fixed in version
2.1.0-6+deb8u5.

We recommend that you upgrade your expat packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl0XtSlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeS8rQ//ZOHHRwda3z0ijOW+pgj6ra/m5MwJtBxRAwveYBAee5aljNG0ym+OwnO2
TMr9+dQ7+T5qYmXGE7PxZ7jAeyJ9Tqt31o2aeS1h9YEBe2RNt4u5pvsfcRWQcAv5
bRR12FWQ0p97/TTBMB02QEunSWZ+mDqoSQk4ttSrFP1rp0Ny5y5gTQed6xcoe1+G
J2CFaFSeEDMPdsiBHBtEKK567B/4VLiR8LVc0a99I+dXXeGOr56lPel5QxDAs97J
PWkvAV1izrZgkI6lV9g7fzWksxZSIp004rIteEtbQJ33moqL82iFBKZ3ahbEbwuT
zA6fGXl8HFHae4vVR/ZXuiexWfZ9oIIqtoST69dHc46/Er15mzcYzAimrQVDMYlb
LfhG1ro5c2f3D699RqV4dan2YYlcsRXTcSiew20EuQtsKXqJUozRCEu/PrNWfXjs
SpyUpruchwOvcPDCNXsxtQqY6vwPmbqCEe3JNxMO8QnRmiUJf5T0ZHzmtPuq0AD0
9WnCcF+DtexClj+Nbzd9rWRNR1VgO7aECb+ghDn3i38dFROAlZ5b1It6hYsskgTv
taLhTljuCa9S7byBraWHG1WaLOXj4mWJyzNQ6kKY7NniJuzg073Zr+hDmbmZxYzP
2Z4pObWcnW6gy+gESlVV2F3z7eKpZXAkDK7R9XatdPlx4Puws9U=
=wsfk
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1838-1] mupdf security update
Next by Date: [SECURITY] [DLA 1840-1] golang-go.crypto security update
Previous by thread: [SECURITY] [DLA 1838-1] mupdf security update
Next by thread: [SECURITY] [DLA 1840-1] golang-go.crypto security update
Index(es):
- Date
- Thread