CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827

Source: expat
Version: 2.4.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/libexpat/libexpat/pull/539
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>

Hi,

The following vulnerabilities were published for expat, they are all
covered in upstream's pull request #539.

CVE-2022-22822[0]:
| addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an
| integer overflow.


CVE-2022-22823[1]:
| build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an
| integer overflow.


CVE-2022-22824[2]:
| defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has
| an integer overflow.


CVE-2022-22825[3]:
| lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an
| integer overflow.


CVE-2022-22826[4]:
| nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3
| has an integer overflow.


CVE-2022-22827[5]:
| storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an
| integer overflow.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-22822
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822
[1] https://security-tracker.debian.org/tracker/CVE-2022-22823
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823
[2] https://security-tracker.debian.org/tracker/CVE-2022-22824
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824
[3] https://security-tracker.debian.org/tracker/CVE-2022-22825
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825
[4] https://security-tracker.debian.org/tracker/CVE-2022-22826
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826
[5] https://security-tracker.debian.org/tracker/CVE-2022-22827
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827
[6] https://github.com/libexpat/libexpat/pull/539

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Read more here: Source link