Skip to content
This repository has been archived by the owner on Oct 10, 2023. It is now read-only.

0.274.0
Compare
Choose a tag to compare
@cf-buildpacks-eng cf-buildpacks-eng released this 21 Feb 18:00
· 96 commits to main since this release
0.274.0
6e81202

Notably, this release addresses:

USN-5288-1 USN-5288-1: Expat vulnerabilities:

  • CVE-2022-22823: build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
  • CVE-2021-45960: In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
  • CVE-2022-25235: xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
  • CVE-2022-25236: xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
  • CVE-2022-22825: lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
  • CVE-2022-22827: storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
  • CVE-2022-22826: nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
  • CVE-2021-46143: In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
  • CVE-2022-23990: Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
  • CVE-2022-22824: defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
  • CVE-2022-23852: Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
  • CVE-2022-22822: addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
-ii  libexpat1:amd64        2.2.5-3ubuntu0.2                amd64  XML parsing C library - runtime library
-ii  libexpat1-dev:amd64    2.2.5-3ubuntu0.2                amd64  XML parsing C library - development kit
+ii  libexpat1:amd64        2.2.5-3ubuntu0.4                amd64  XML parsing C library - runtime library
+ii  libexpat1-dev:amd64    2.2.5-3ubuntu0.4                amd64  XML parsing C library - development kit
-ii  libspeex1:amd64        1.2~rc1.2-1ubuntu2              amd64  The Speex codec runtime library
+ii  libspeex1:amd64        1.2~rc1.2-1ubuntu2.1            amd64  The Speex codec runtime library
-ii  libwbclient0:amd64     2:4.7.6+dfsg~ubuntu-0ubuntu2.27 amd64  Samba winbind client library
+ii  libwbclient0:amd64     2:4.7.6+dfsg~ubuntu-0ubuntu2.28 amd64  Samba winbind client library
-ii  linux-libc-dev:amd64   4.15.0-166.174                  amd64  Linux Kernel Headers for development
+ii  linux-libc-dev:amd64   4.15.0-169.177                  amd64  Linux Kernel Headers for development
-ii  openssh-client         1:7.6p1-4ubuntu0.5              amd64  secure shell (SSH) client, for secure access to remote machines
-ii  openssh-server         1:7.6p1-4ubuntu0.5              amd64  secure shell (SSH) server, for secure access from remote machines
-ii  openssh-sftp-server    1:7.6p1-4ubuntu0.5              amd64  secure shell (SSH) sftp server module, for SFTP access from remote machines
+ii  openssh-client         1:7.6p1-4ubuntu0.6              amd64  secure shell (SSH) client, for secure access to remote machines
+ii  openssh-server         1:7.6p1-4ubuntu0.6              amd64  secure shell (SSH) server, for secure access from remote machines
+ii  openssh-sftp-server    1:7.6p1-4ubuntu0.6              amd64  secure shell (SSH) sftp server module, for SFTP access from remote machines
-ii  ubuntu-advantage-tools 27.5~18.04.1                    amd64  management tools for Ubuntu Advantage
+ii  ubuntu-advantage-tools 27.6~18.04.1                    amd64  management tools for Ubuntu Advantage
Assets 3