-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : expat Version : 2.1.0-6+deb8u6 CVE IDs : CVE-2019-15903 Debian Bug : #939394
It was discovered that there was a heap-based buffer overread vulnerability in expat, an XML parsing library. A specially-crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer overread. For Debian 8 "Jessie", this issue has been fixed in expat version 2.1.0-6+deb8u6. We recommend that you upgrade your expat packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl1ya08ACgkQHpU+J9Qx Hlgg4hAAw3PlG2jksre6RruwAGPVwGNhCRYDtanL3ODUukQiNAlPin6jwPnnkxIs Z3elxwyuO3yy8H7dmdcTpslQ4mD4WDaNCbq/xults+uMaxDxLZpgHG50VY/dJ8Ql iTEJ++RuHi66n4xqSYTkmiVb2UABG/+8Ui3x0oVWuBtvTLsfyPYdxTdKGImGRTx9 iMuayZT/AmcIJ39gssTpZbicfZXzIrpx/Jq5nVzPKzd3UFr4pIpc1Da5jAIQFzOn ivko4+HZK8VB6PjDg5IUj7x1QvYauX0lfK7epdZRjB6WF7jlIQPYGl3nOOCQgZTi uXz44fvkbncV0LsHWB1PdNAWJHtdXbap0Esip2Gj8407CjJIvA3KQEoezPZhdQtx 7FTuAZ1W0vRsMT0U3K5aLnGgqzKlXqYpdx4WPyDPf5gBqrrDREgqCqZIdjw6aLkj evJ9eH/z2+IfPvcqHe7SKWicHLbSQWhZTw6YCN1WVkgEJDdIo2qs93ZvoclpgHVi 1zDna9nqrOFTMUoQ9GX6k0a6tpWvC+pbAA0RltUsjS4Ixf3WQPteMyVt6CTTtzh/ II6SWfrNcKRWdM4crwywu/aPNEb/ahSx8eZlTOy/ydG5zB9HBK5+tSHJmfGn3F4b GSKJ7WDWVPHzjNGTMThpVddioA2RqaqSgLl2t316tW9dLm09qgo= =UaWh -----END PGP SIGNATURE-----