This repository has been archived by the owner on Oct 10, 2023. It is now read-only.
0.274.0
cf-buildpacks-eng
released this
21 Feb 18:00
·
96 commits
to main
since this release
Notably, this release addresses:
USN-5288-1 USN-5288-1: Expat vulnerabilities:
- CVE-2022-22823: build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
- CVE-2021-45960: In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
- CVE-2022-25235: xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
- CVE-2022-25236: xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
- CVE-2022-22825: lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
- CVE-2022-22827: storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
- CVE-2022-22826: nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
- CVE-2021-46143: In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
- CVE-2022-23990: Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
- CVE-2022-22824: defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
- CVE-2022-23852: Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
- CVE-2022-22822: addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
-ii libexpat1:amd64 2.2.5-3ubuntu0.2 amd64 XML parsing C library - runtime library
-ii libexpat1-dev:amd64 2.2.5-3ubuntu0.2 amd64 XML parsing C library - development kit
+ii libexpat1:amd64 2.2.5-3ubuntu0.4 amd64 XML parsing C library - runtime library
+ii libexpat1-dev:amd64 2.2.5-3ubuntu0.4 amd64 XML parsing C library - development kit
-ii libspeex1:amd64 1.2~rc1.2-1ubuntu2 amd64 The Speex codec runtime library
+ii libspeex1:amd64 1.2~rc1.2-1ubuntu2.1 amd64 The Speex codec runtime library
-ii libwbclient0:amd64 2:4.7.6+dfsg~ubuntu-0ubuntu2.27 amd64 Samba winbind client library
+ii libwbclient0:amd64 2:4.7.6+dfsg~ubuntu-0ubuntu2.28 amd64 Samba winbind client library
-ii linux-libc-dev:amd64 4.15.0-166.174 amd64 Linux Kernel Headers for development
+ii linux-libc-dev:amd64 4.15.0-169.177 amd64 Linux Kernel Headers for development
-ii openssh-client 1:7.6p1-4ubuntu0.5 amd64 secure shell (SSH) client, for secure access to remote machines
-ii openssh-server 1:7.6p1-4ubuntu0.5 amd64 secure shell (SSH) server, for secure access from remote machines
-ii openssh-sftp-server 1:7.6p1-4ubuntu0.5 amd64 secure shell (SSH) sftp server module, for SFTP access from remote machines
+ii openssh-client 1:7.6p1-4ubuntu0.6 amd64 secure shell (SSH) client, for secure access to remote machines
+ii openssh-server 1:7.6p1-4ubuntu0.6 amd64 secure shell (SSH) server, for secure access from remote machines
+ii openssh-sftp-server 1:7.6p1-4ubuntu0.6 amd64 secure shell (SSH) sftp server module, for SFTP access from remote machines
-ii ubuntu-advantage-tools 27.5~18.04.1 amd64 management tools for Ubuntu Advantage
+ii ubuntu-advantage-tools 27.6~18.04.1 amd64 management tools for Ubuntu Advantage