[SECURITY] [DLA 4145-1] expat security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4145-1] expat security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Wed, 30 Apr 2025 17:31:05 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2504301729100.18355@postfach.intern.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4145-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
April 30, 2025                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : expat
Version        : 2.2.10-2+deb11u7
CVE ID         : CVE-2024-50602


An issue has been found in expat, an XML parsing C library.

The issue is related to a crash within XML_ResumeParser() becauseXML_StopParser() can stop/suspend an unstarted parser.



For Debian 11 bullseye, this problem has been fixed in version
2.2.10-2+deb11u7.

We recommend that you upgrade your expat packages.

For the detailed security status of expat please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/expat

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmgSXllfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdelxAAuXt75n3QPYi5vegAIP3iC3cSsmTXI5W/OVd9aI8cDEhhoFT82YSKdUle
nb21KDUXS4kg7bQ7WM1N8H1Efd5HoTv01LJ27VklLojSQBKOA+y1xVdr6urFKd4q
QpxN8sik0SxASvSGEJHNTOdhL9Gz0POz/ggVsRu45huP+iceyUmdxkQU2TsXGhw2
xQhFkJsDFXpBDZSh4OK8qDXQ/Ay3ekAD/miJ4e+OHumoe83auBXTYf17/vU/w3ZQ
60fgKPcKQqGkMP5Oo4lFWh8+OTze8J8gck/FDFluOL21vmz/rcHr+SZKauTYAP4d
gmB0xHh/3Chox7Ir02tVOh8+9GK1nLukq5c2IkC9WMDWaix/AKgnGldhBFWi2eXu
2rxykwI3DxlkekiW6fBA0mpWMLlX70niiDyPwYLziO46siLsd+9Zd26jRRLFtCQ/
oL92cGeMyfQweeTIOawi5WoDAhhZnCqr7nTYeFsuG6iTBnSO559pWdN4DaIqHLQH
2aN5zLUzEsEQElvlvo9VxoLNW8IJO0aVLeqZiGaMEOUyfG9iNu56ON2tSLugt9I8
h6e8ZR+7XGnYEOmMTaXTp+jgqyH4EWjH5PURZsMyVmAoFNdrR/H2ZPWaqli51HLp
IehP1qWzfsu3CvbuSwR7wxcYYl3OhyOez9W8+eEUOpT7IZ0FYAQ=
=UUH+
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4143-1] glibc security update
Next by Date: [SECURITY] [DLA 4146-1] libxml2 security update
Previous by thread: [SECURITY] [DLA 4143-1] glibc security update
Next by thread: [SECURITY] [DLA 4146-1] libxml2 security update
Index(es):
- Date
- Thread