CLSA-2022-1664192553
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1664192553.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CLSA-2022-1664192553
- Upstream
- Published
- 2022-09-26T11:42:33Z
- Modified
- 2026-06-04T09:45:56.896278889Z
- Summary
- Fix CVE(s): CVE-2022-40674
- Details
-
- SECURITY UPDATE: Unsafe exiting internalEntityParser
- debian/patches/CVE-2022-40674.patch: Ensure raw tagnames are safe exiting internalEntityParser
- CVE-2022-40674
- tests were activated
- some leaks fixed:
- debian/patches/fix-leak-xmlparse.patch: tidy up attribute prefix bindings on error (fixes #17)
- debian/patches/fix-tests-leak.patch: free the external entity parser in externalentityloadersetencoding()
- debian/patches/fix-tests-leak2.patch: free the content model in dummyelementdecl_handler()
- debian/patches/dispose-test-stuff.patch: removes some of the memory leaks discovered by AddressSanitizer in the test suite (Issue #23)
- SECURITY UPDATE: Unsafe exiting internalEntityParser
- References
Affected packages
TuxCare:Ubuntu:16.04 / expat
Package
- Name
- expat
- Purl
- pkg:deb/tuxcare/expat?distro=ubuntu-16.04
TuxCare:Ubuntu:16.04 / libexpat1
Package
- Name
- libexpat1
- Purl
- pkg:deb/tuxcare/libexpat1?distro=ubuntu-16.04