{"cve": [{"lastseen": "2017-09-19T13:36:39", "bulletinFamily": "NVD", "description": "The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.", "modified": "2017-09-18T21:29:40", "published": "2009-12-04T16:30:00", "id": "CVE-2009-3560", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3560", "title": "CVE-2009-3560", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "f5": [{"lastseen": "2017-06-08T02:18:15", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 242353 (BIG-IP) and ID 491424 (F5 WebSafe) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth>) may list Heuristic H495544 on the **Diagnostics** > **Identified** > **High **screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| 10.1.0| 11.0.0 - 11.6.0 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP AAM| None| 11.4.0 - 11.6.0| None \nBIG-IP AFM| None| 11.3.0 - 11.6.0| None \nBIG-IP Analytics| None| 11.0.0 - 11.6.0| None \nBIG-IP APM| 10.1.0| 11.0.0 - 11.6.0 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP ASM| 10.1.0| 11.0.0 - 11.6.0 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP Edge Gateway| 10.1.0| 11.0.0 - 11.3.0 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP GTM| 10.1.0| 11.0.0 - 11.6.0 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP Link Controller| 10.1.0| 11.0.0 - 11.6.0 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP PEM| None| 11.3.0 - 11.6.0| None \nBIG-IP PSM| 10.1.0| 11.0.0 - 11.4.1 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP WebAccelerator| 10.1.0| 11.0.0 - 11.3.0 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP WOM| 10.1.0| 11.0.0 - 11.3.0 \n10.2.0 - 10.2.4| XML Parsing \nARX| None| 6.2.0 - 6.4.0| None \nEnterprise Manager| None| 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| None \nBIG-IQ Cloud| None| 4.0.0 - 4.4.0| None \nBIG-IQ Device| None| 4.2.0 - 4.4.0| None \nBIG-IQ Security| None| 4.0.0 - 4.4.0| None \nLineRate| None| 2.4.0 - 2.5.0 \n1.6.0 - 1.6.4| None \nF5 WebSafe| None| 1.0.0| None\n\nIf the previous table lists a version in the **Versions known to be not vulnerable **column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 is responding to this vulnerability as determined by the parameters defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2017-03-17T20:01:00", "published": "2014-12-12T01:48:00", "id": "F5:K15905", "href": "https://support.f5.com/csp/article/K15905", "title": "Expat vulnerabilities CVE-2009-3560 and CVE-2009-3720", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-11-09T00:09:44", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable **column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 is responding to this vulnerability as determined by the parameters defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2016-07-01T00:00:00", "published": "2014-12-11T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/900/sol15905.html", "id": "SOL15905", "title": "SOL15905 - Expat vulnerabilities CVE-2009-3560 and CVE-2009-3720", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "httpd": [{"lastseen": "2016-09-26T21:39:37", "bulletinFamily": "software", "description": "\nA buffer over-read flaw was found in the bundled expat\nlibrary. An attacker who is able to get Apache to parse\nan untrused XML document (for example through mod_dav) may\nbe able to cause a crash. This crash would only \nbe a denial of service if using the worker MPM.\n\n", "modified": "2010-10-19T00:00:00", "published": "2009-12-18T00:00:00", "id": "HTTPD:6BA9F473439E906A00BD5A98776E6933", "href": "https://httpd.apache.org/security_report.html", "type": "httpd", "title": "Apache Httpd < 2.2.17: expat DoS", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T21:39:37", "bulletinFamily": "software", "description": "\nA buffer over-read flaw was found in the bundled expat\nlibrary. An attacker who is able to get Apache to parse\nan untrused XML document (for example through mod_dav) may\nbe able to cause a crash. This crash would only \nbe a denial of service if using the worker MPM.\n\n", "modified": "2010-10-19T00:00:00", "published": "2009-12-18T00:00:00", "id": "HTTPD:C3A4512C342FF1C55153A1789A6A9278", "href": "https://httpd.apache.org/security_report.html", "type": "httpd", "title": "Apache Httpd < 2.0.64: expat DoS", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:35:47", "bulletinFamily": "software", "description": "\nA buffer over-read flaw was found in the bundled expat\nlibrary. An attacker who is able to get Apache to parse\nan untrused XML document (for example through mod_dav) may\nbe able to cause a crash. This crash would only \nbe a denial of service if using the worker MPM.\n\n", "modified": "2009-12-02T00:00:00", "published": "2009-12-18T00:00:00", "id": "HTTPD:D7A3FCAF9D3FC64C35D010068C776D56", "href": "https://httpd.apache.org/security_report.html", "title": "Apache Httpd < None: expat DoS", "type": "httpd", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-26T08:55:46", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n expat\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5064331 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-12-14T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66529", "id": "OPENVAS:66529", "title": "SLES9: Security update for expat", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5064331.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for expat\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n expat\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5064331 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(66529);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2009-3560\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES9: Security update for expat\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~1.95.7~37.6\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:16", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n expat\n libexpat1\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-12-14T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66533", "id": "OPENVAS:66533", "title": "SLES11: Security update for expat", "type": "openvas", "sourceData": "#\n#VID df7fac6ab40235408e8ea35318a13920\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for expat\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n expat\n libexpat1\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=558892\");\n script_id(66533);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2009-3560\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES11: Security update for expat\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.0.1~88.23.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libexpat1\", rpm:\"libexpat1~2.0.1~88.23.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:13:49", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-12-21T00:00:00", "published": "2009-12-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66466", "id": "OPENVAS:66466", "title": "FreeBSD Ports: expat2", "type": "openvas", "sourceData": "#\n#VID e9fca207-e399-11de-881e-001aa0166822\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID e9fca207-e399-11de-881e-001aa0166822\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: expat2\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\n\nif(description)\n{\n script_id(66466);\n script_version(\"$Revision: 4824 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-21 09:49:38 +0100 (Wed, 21 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-3560\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: expat2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"expat2\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.0.1_1\")<0) {\n txt += 'Package expat2 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:26", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n expat\n libexpat1\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-12-14T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066533", "id": "OPENVAS:136141256231066533", "title": "SLES11: Security update for expat", "type": "openvas", "sourceData": "#\n#VID df7fac6ab40235408e8ea35318a13920\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for expat\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n expat\n libexpat1\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=558892\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.66533\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2009-3560\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES11: Security update for expat\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.0.1~88.23.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libexpat1\", rpm:\"libexpat1~2.0.1~88.23.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:32", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2018-04-06T00:00:00", "published": "2009-12-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066466", "id": "OPENVAS:136141256231066466", "title": "FreeBSD Ports: expat2", "type": "openvas", "sourceData": "#\n#VID e9fca207-e399-11de-881e-001aa0166822\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID e9fca207-e399-11de-881e-001aa0166822\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: expat2\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66466\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-3560\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: expat2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"expat2\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.0.1_1\")<0) {\n txt += 'Package expat2 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:53", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n expat\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5064331 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-12-14T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066529", "id": "OPENVAS:136141256231066529", "title": "SLES9: Security update for expat", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5064331.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for expat\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n expat\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5064331 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66529\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2009-3560\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES9: Security update for expat\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~1.95.7~37.6\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:52", "bulletinFamily": "scanner", "description": "The remote host is missing an update to expat\nannounced via advisory FEDORA-2009-12716.", "modified": "2018-04-06T00:00:00", "published": "2009-12-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066447", "id": "OPENVAS:136141256231066447", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-12716 (expat)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_12716.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-12716 (expat)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nA buffer over-read flaw was found in the way Expat handles malformed UTF-8\nsequences when processing XML files. A specially-crafted XML file could cause\napplications using Expat to crash while parsing the file. (CVE-2009-3560)\n\nChangeLog:\n\n* Tue Dec 1 2009 Joe Orton - 2.0.1-8\n- add security fix for CVE-2009-3560 (#533174)\n- run the test suite\n* Fri Oct 30 2009 Joe Orton - 2.0.1-6.1\n- add security fix for CVE-2009-3720\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update expat' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12716\";\ntag_summary = \"The remote host is missing an update to expat\nannounced via advisory FEDORA-2009-12716.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66447\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-12716 (expat)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=533174\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.0.1~8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~2.0.1~8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat-debuginfo\", rpm:\"expat-debuginfo~2.0.1~8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:46", "bulletinFamily": "scanner", "description": "Check for the Version of expat", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880786", "id": "OPENVAS:880786", "title": "CentOS Update for expat CESA-2009:1625 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for expat CESA-2009:1625 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Expat is a C library written by James Clark for parsing XML documents.\n\n Two buffer over-read flaws were found in the way Expat handled malformed\n UTF-8 sequences when processing XML files. A specially-crafted XML file\n could cause applications using Expat to crash while parsing the file.\n (CVE-2009-3560, CVE-2009-3720)\n \n All expat users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, applications using the Expat library must be restarted for the\n update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"expat on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-December/016378.html\");\n script_id(880786);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2009:1625\");\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\");\n script_name(\"CentOS Update for expat CESA-2009:1625 centos5 i386\");\n\n script_summary(\"Check for the Version of expat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~1.95.8~8.3.el5_4.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~1.95.8~8.3.el5_4.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update to expat\nannounced via advisory FEDORA-2009-12737.", "modified": "2018-04-06T00:00:00", "published": "2009-12-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066448", "id": "OPENVAS:136141256231066448", "type": "openvas", "title": "Fedora Core 12 FEDORA-2009-12737 (expat)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_12737.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-12737 (expat)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nTwo buffer over-read flaws were found in the way Expat handled malformed UTF-8\nsequences when processing XML files. A specially-crafted XML file could cause\napplications using Expat to crash while parsing the file. (CVE-2009-3560,\nCVE-2009-3720)\n\nChangeLog:\n\n* Tue Dec 1 2009 Joe Orton - 2.0.1-8\n- add security fix for CVE-2009-3560 (#533174)\n- add security fix for CVE-2009-3720 (#531697)\n- run the test suite\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update expat' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12737\";\ntag_summary = \"The remote host is missing an update to expat\nannounced via advisory FEDORA-2009-12737.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66448\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Core 12 FEDORA-2009-12737 (expat)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=533174\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=531697\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.0.1~8.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~2.0.1~8.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat-debuginfo\", rpm:\"expat-debuginfo~2.0.1~8.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:39", "bulletinFamily": "scanner", "description": "The remote host is missing an update to expat\nannounced via advisory FEDORA-2009-12690.", "modified": "2017-07-10T00:00:00", "published": "2009-12-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66446", "id": "OPENVAS:66446", "title": "Fedora Core 10 FEDORA-2009-12690 (expat)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_12690.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-12690 (expat)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nA buffer over-read flaw was found in the way Expat handles malformed UTF-8\nsequences when processing XML files. A specially-crafted XML file could cause\napplications using Expat to crash while parsing the file. (CVE-2009-3560)\n\nChangeLog:\n\n* Tue Dec 1 2009 Joe Orton - 2.0.1-8\n- add security fix for CVE-2009-3560 (#533174)\n- run the test suite\n* Fri Oct 30 2009 Joe Orton - 2.0.1-5.1\n- add security fix for CVE-2009-3720\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update expat' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12690\";\ntag_summary = \"The remote host is missing an update to expat\nannounced via advisory FEDORA-2009-12690.\";\n\n\n\nif(description)\n{\n script_id(66446);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-12690 (expat)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=533174\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.0.1~8.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~2.0.1~8.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat-debuginfo\", rpm:\"expat-debuginfo~2.0.1~8.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:12:49", "bulletinFamily": "scanner", "description": "Specially crafted XML files could crash applications that use expat to parse such files (CVE-2009-3560).", "modified": "2014-06-13T00:00:00", "id": "SUSE_11_1_EXPAT-091207.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43149", "published": "2009-12-14T00:00:00", "title": "openSUSE Security Update : expat (expat-1653)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update expat-1653.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43149);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2014/06/13 19:49:33 $\");\n\n script_cve_id(\"CVE-2009-3560\");\n\n script_name(english:\"openSUSE Security Update : expat (expat-1653)\");\n script_summary(english:\"Check for the expat-1653 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted XML files could crash applications that use expat to\nparse such files (CVE-2009-3560).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=558892\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected expat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libexpat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libexpat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libexpat1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"expat-2.0.1-88.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libexpat-devel-2.0.1-88.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libexpat1-2.0.1-88.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libexpat1-32bit-2.0.1-88.17.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"expat / libexpat-devel / libexpat1 / libexpat1-32bit\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:12:49", "bulletinFamily": "scanner", "description": "Specially crafted XML files could crash applications that use expat to parse such files (CVE-2009-3560).", "modified": "2014-06-13T00:00:00", "id": "SUSE_11_2_EXPAT-091207.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43150", "published": "2009-12-14T00:00:00", "title": "openSUSE Security Update : expat (expat-1653)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update expat-1653.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43150);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:00:35 $\");\n\n script_cve_id(\"CVE-2009-3560\");\n\n script_name(english:\"openSUSE Security Update : expat (expat-1653)\");\n script_summary(english:\"Check for the expat-1653 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted XML files could crash applications that use expat to\nparse such files (CVE-2009-3560).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=558892\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected expat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libexpat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libexpat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libexpat1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"expat-2.0.1-92.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libexpat-devel-2.0.1-92.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libexpat1-2.0.1-92.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"libexpat1-32bit-2.0.1-92.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"expat / libexpat-devel / libexpat1 / libexpat1-32bit\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:12:49", "bulletinFamily": "scanner", "description": "Specially crafted XML files could crash applications that use expat to parse such files. (CVE-2009-3560)", "modified": "2012-05-17T00:00:00", "id": "SUSE_EXPAT-6702.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43152", "published": "2009-12-14T00:00:00", "title": "SuSE 10 Security Update : expat (ZYPP Patch Number 6702)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43152);\n script_version (\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2012/05/17 11:05:45 $\");\n\n script_cve_id(\"CVE-2009-3560\");\n\n script_name(english:\"SuSE 10 Security Update : expat (ZYPP Patch Number 6702)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted XML files could crash applications that use expat to\nparse such files. (CVE-2009-3560)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3560.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6702.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"expat-2.0.0-13.7.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"expat-32bit-2.0.0-13.7.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"expat-2.0.0-13.7.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"expat-32bit-2.0.0-13.7.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:12:58", "bulletinFamily": "scanner", "description": "The previous expat security update (CVE-2009-3560) caused parse errors with some xml documents. This has been fixed.", "modified": "2012-04-23T00:00:00", "id": "SUSE9_12568.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44031", "published": "2010-01-15T00:00:00", "title": "SuSE9 Security Update : expat (YOU Patch Number 12568)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44031);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2012/04/23 18:21:33 $\");\n\n script_cve_id(\"CVE-2009-3560\");\n\n script_name(english:\"SuSE9 Security Update : expat (YOU Patch Number 12568)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The previous expat security update (CVE-2009-3560) caused parse errors\nwith some xml documents. This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3560.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12568.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"expat-1.95.7-37.8\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"expat-32bit-9-201001081624\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:13:54", "bulletinFamily": "scanner", "description": "The previous expat security update (CVE-2009-3560) caused parse errors with some xml documents.", "modified": "2012-05-17T00:00:00", "id": "SUSE_EXPAT-6765.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=49850", "published": "2010-10-11T00:00:00", "title": "SuSE 10 Security Update : expat (ZYPP Patch Number 6765)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49850);\n script_version (\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2012/05/17 11:05:45 $\");\n\n script_cve_id(\"CVE-2009-3560\");\n\n script_name(english:\"SuSE 10 Security Update : expat (ZYPP Patch Number 6765)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The previous expat security update (CVE-2009-3560) caused parse errors\nwith some xml documents.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3560.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6765.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"expat-2.0.0-13.9.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"expat-32bit-2.0.0-13.9.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"expat-2.0.0-13.9.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"expat-32bit-2.0.0-13.9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:12:59", "bulletinFamily": "scanner", "description": "The previous expat security update (CVE-2009-3560) caused parse errors with some xml documents.", "modified": "2012-05-17T00:00:00", "id": "SUSE_EXPAT-6764.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44038", "published": "2010-01-15T00:00:00", "title": "SuSE 10 Security Update : expat (ZYPP Patch Number 6764)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44038);\n script_version (\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2012/05/17 11:05:45 $\");\n\n script_cve_id(\"CVE-2009-3560\");\n\n script_name(english:\"SuSE 10 Security Update : expat (ZYPP Patch Number 6764)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The previous expat security update (CVE-2009-3560) caused parse errors\nwith some xml documents.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3560.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6764.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"expat-2.0.0-13.7.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"expat-32bit-2.0.0-13.7.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"expat-2.0.0-13.7.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"expat-32bit-2.0.0-13.7.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:12:49", "bulletinFamily": "scanner", "description": "Specially crafted XML files could crash applications that use expat to parse such files. (CVE-2009-3560)", "modified": "2013-10-25T00:00:00", "id": "SUSE_11_EXPAT-091207.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43151", "published": "2009-12-14T00:00:00", "title": "SuSE 11 Security Update : expat (SAT Patch Number 1654)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43151);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:41:53 $\");\n\n script_cve_id(\"CVE-2009-3560\");\n\n script_name(english:\"SuSE 11 Security Update : expat (SAT Patch Number 1654)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted XML files could crash applications that use expat to\nparse such files. (CVE-2009-3560)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=558892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3560.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 1654.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libexpat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libexpat1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"expat-2.0.1-88.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"libexpat1-2.0.1-88.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"expat-2.0.1-88.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libexpat1-2.0.1-88.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libexpat1-32bit-2.0.1-88.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"expat-2.0.1-88.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"libexpat1-2.0.1-88.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"libexpat1-32bit-2.0.1-88.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"libexpat1-32bit-2.0.1-88.23.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:12:47", "bulletinFamily": "scanner", "description": "A buffer over-read flaw was found in the way Expat handles malformed UTF-8 sequences when processing XML files. A specially crafted XML file could cause applications using Expat to crash while parsing the file. (CVE-2009-3560)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-21T00:00:00", "id": "FEDORA_2009-12716.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43013", "published": "2009-12-07T00:00:00", "title": "Fedora 11 : expat-2.0.1-8.fc11 (2009-12716)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-12716.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43013);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:41:45 $\");\n\n script_cve_id(\"CVE-2009-3560\");\n script_xref(name:\"FEDORA\", value:\"2009-12716\");\n\n script_name(english:\"Fedora 11 : expat-2.0.1-8.fc11 (2009-12716)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer over-read flaw was found in the way Expat handles malformed\nUTF-8 sequences when processing XML files. A specially crafted XML\nfile could cause applications using Expat to crash while parsing the\nfile. (CVE-2009-3560)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=533174\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/032203.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?25245da3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected expat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"expat-2.0.1-8.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"expat\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:13:06", "bulletinFamily": "scanner", "description": "Jan Lieskovsky discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-1953.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44818", "published": "2010-02-24T00:00:00", "title": "Debian DSA-1953-1 : expat - denial of service", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1953. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44818);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:34\");\n\n script_cve_id(\"CVE-2009-3560\");\n script_bugtraq_id(37203);\n script_xref(name:\"DSA\", value:\"1953\");\n\n script_name(english:\"Debian DSA-1953-1 : expat - denial of service\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jan Lieskovsky discovered an error in expat, an XML parsing C library,\nwhen parsing certain UTF-8 sequences, which can be exploited to crash\nan application using the library.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560901\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1953\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the expat packages.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.95.8-3.4+etch2.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.0.1-4+lenny2.\n\nThe builds for the mipsel architecture for the oldstable distribution\nare not included yet. They will be released when they become\navailable.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"expat\", reference:\"1.95.8-3.4+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libexpat1\", reference:\"1.95.8-3.4+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libexpat1-dev\", reference:\"1.95.8-3.4+etch2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"expat\", reference:\"2.0.1-4+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"lib64expat1\", reference:\"2.0.1-4+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"lib64expat1-dev\", reference:\"2.0.1-4+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libexpat1\", reference:\"2.0.1-4+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libexpat1-dev\", reference:\"2.0.1-4+lenny2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:14:40", "bulletinFamily": "scanner", "description": "The previous expat security update (CVE-2009-3560) caused parse errors with some xml documents.", "modified": "2013-10-25T00:00:00", "id": "SUSE_11_EXPAT-100109.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=52683", "published": "2011-03-17T00:00:00", "title": "SuSE 11 Security Update : expat (SAT Patch Number 1765)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(52683);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:41:53 $\");\n\n script_cve_id(\"CVE-2009-3560\");\n\n script_name(english:\"SuSE 11 Security Update : expat (SAT Patch Number 1765)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The previous expat security update (CVE-2009-3560) caused parse errors\nwith some xml documents.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=566434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3560.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 1765.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libexpat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libexpat1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"expat-2.0.1-88.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"libexpat1-2.0.1-88.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"libexpat1-32bit-2.0.1-88.26.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:14:58", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1953-1 security@debian.org\nhttp://www.debian.org/security/ Stefan Fritsch\nDecember 15, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : expat\nVulnerability : denial of service\nProblem type : remote\nDebian-specific: no\nCVE Id : CVE-2009-3560\nDebian Bug : 560901\n\nJan Lieskovsky discovered an error in expat, an XML parsing C library,\nwhen parsing certain UTF-8 sequences, which can be exploited to crash an\napplication using the library.\n\nFor the old stable distribution (etch), this problem has been fixed in\nversion 1.95.8-3.4+etch2.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.0.1-4+lenny2.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be in version 2.0.1-6.\n\n\nThe builds for the mipsel architecture for the old stable distribution\nare not included yet. They will be released when they become available.\n\nWe recommend that you upgrade your expat packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch (oldstable)\n- -------------------------------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2.diff.gz\n Size/MD5 checksum: 413321 e6d99f30014fccc0ffb9db1554ba1472\n http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8.orig.tar.gz\n Size/MD5 checksum: 318349 aff487543845a82fe262e6e2922b4c8e\n http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2.dsc\n Size/MD5 checksum: 703 50e1e2ab47fe419e89ef671991ddb3f0\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_alpha.deb\n Size/MD5 checksum: 69460 59616e932bcd8c86ecd4998fe633f5ee\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_alpha.udeb\n Size/MD5 checksum: 61198 39a8aaec6ba02d5a206e44db95bc5d87\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_alpha.deb\n Size/MD5 checksum: 143250 ac848be2b40296fbdf3a6a6eeed551f4\n http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_alpha.deb\n Size/MD5 checksum: 22360 e3b52bc716fa975c4cc43cc9a00a4546\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_amd64.deb\n Size/MD5 checksum: 64628 0ebf8bb1e3b55cf8e751f638881eee14\n http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_amd64.deb\n Size/MD5 checksum: 21518 4ee3b94bccadb231c5ee8e47b9ebe053\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_amd64.udeb\n Size/MD5 checksum: 56436 e856562cc8156f88ef07d3b79aac9336\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_amd64.deb\n Size/MD5 checksum: 133908 30ba0c9b11641b960327577a65ff4423\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_arm.deb\n Size/MD5 checksum: 57250 1b0a1f0cf411bb0d437f3a01e5cd3593\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_arm.deb\n Size/MD5 checksum: 126100 0f0bcf322522ee564f1c006b9172a873\n http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_arm.deb\n Size/MD5 checksum: 19798 eaea089d8c4d2bfc14ecf7a72f149202\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_arm.udeb\n Size/MD5 checksum: 49400 07e75e50c1b7adae634d77763bd5e86e\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_hppa.deb\n Size/MD5 checksum: 149462 2a9bead50733246e3cc1f8b52c283d6c\n http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_hppa.deb\n Size/MD5 checksum: 22684 44dd6038115624b780f51314b38d1819\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_hppa.udeb\n Size/MD5 checksum: 64792 aa392afb507d07a4eb4061e6368afd04\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_hppa.deb\n Size/MD5 checksum: 73014 a8317a8f7a03f9aa5561fe43fbbdbcae\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_i386.deb\n Size/MD5 checksum: 63130 28f26b307f7cb5b133c7d7b0b7f336dc\n http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_i386.deb\n Size/MD5 checksum: 21090 67a8e21213321cf54be9dc58380ce45f\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_i386.deb\n Size/MD5 checksum: 129822 4e06399f0079e7608d25430ded374d97\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_i386.udeb\n Size/MD5 checksum: 54984 64b2c0654425bd1234f5394efb1e2d69\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_ia64.udeb\n Size/MD5 checksum: 87362 c78054403944437ce5ddfa700ee04532\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_ia64.deb\n Size/MD5 checksum: 164964 11efdcba7612853f816112c1b99437d0\n http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_ia64.deb\n Size/MD5 checksum: 25076 e6f02ab66bde8b7de92ef2d97b60f9c0\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_ia64.deb\n Size/MD5 checksum: 95858 fe960e6af68f6e12429ee8eb600d80f9\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_mips.udeb\n Size/MD5 checksum: 56612 a917e2fe1206a9614fb7b9c04eb88a86\n http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_mips.deb\n Size/MD5 checksum: 21600 fbcd5b817b80aaa9856698d68a6fa455\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_mips.deb\n Size/MD5 checksum: 141918 dc95f50a8665aeb063885bc989d1315f\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_mips.deb\n Size/MD5 checksum: 64702 cd4cee2ee2b4cb36d6f822998c5d7d20\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_powerpc.deb\n Size/MD5 checksum: 22948 50ae9c0fa46faebf9a4eafeb2fb40b9a\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_powerpc.udeb\n Size/MD5 checksum: 59448 4d212532482851f7a463ede5419f1791\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_powerpc.deb\n Size/MD5 checksum: 148146 381b2f1b56ec4b803cf904e0cd58e4ec\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_powerpc.deb\n Size/MD5 checksum: 67650 de0a12471a24bc12da5c7b4cd33bba07\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_s390.deb\n Size/MD5 checksum: 64906 f480563f4ff6a0f77dbd0a490a973b9d\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_s390.udeb\n Size/MD5 checksum: 56770 7854d9f4ce32b1963ede0790b69904d0\n http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_s390.deb\n Size/MD5 checksum: 21420 d039dacbda9db203d23281317a8ddd3c\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_s390.deb\n Size/MD5 checksum: 132506 d194bdb366195ba2402999a2cad5aa4d\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_sparc.deb\n Size/MD5 checksum: 128580 39bf980ed2bfd1a5f332b48c5f4b355b\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_sparc.udeb\n Size/MD5 checksum: 51882 84810453c7288687eebcd5822c4525ca\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_sparc.deb\n Size/MD5 checksum: 59824 b71d2a54edf53c92d97b1faa63930134\n http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_sparc.deb\n Size/MD5 checksum: 20394 7f1bc9c83495ab50c03701e6ef125332\n\nDebian GNU/Linux 5.0 alias lenny (stable)\n- -----------------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1.orig.tar.gz\n Size/MD5 checksum: 446456 ee8b492592568805593f81f8cdf2a04c\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2.dsc\n Size/MD5 checksum: 1438 556771752cdeb9b854aae0ecd060e1c5\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2.diff.gz\n Size/MD5 checksum: 133845 424badd53b1147b260c2dfd3b7c5f153\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_alpha.udeb\n Size/MD5 checksum: 62898 289c10af11866f2862eebe1920910969\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_alpha.deb\n Size/MD5 checksum: 221130 e5c4f3465c09b47b47b2959b44aeed09\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_alpha.deb\n Size/MD5 checksum: 24628 92666b01407635c4829fc5fea10237b3\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_alpha.deb\n Size/MD5 checksum: 135844 331e0b3b6c41c716686de6eb7408024d\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_amd64.deb\n Size/MD5 checksum: 223306 6736ebbd46ddb4f03c7731c9ad893d27\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_amd64.udeb\n Size/MD5 checksum: 62810 e8bcc7686a563b52372f1d03b5e39106\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_amd64.deb\n Size/MD5 checksum: 23898 688c33641259b60883572206e151449a\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_amd64.deb\n Size/MD5 checksum: 136360 752cdbf7c744780a629272335fa52779\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_arm.udeb\n Size/MD5 checksum: 52720 27a3e489f7ca8ad52bfc076a81348900\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_arm.deb\n Size/MD5 checksum: 203330 63309ffa0125a0ebf1c4d60831a0f365\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_arm.deb\n Size/MD5 checksum: 22108 165b6b7584589a653b5c8f6e2619f020\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_arm.deb\n Size/MD5 checksum: 116164 979ed610597f6e64ae7646e0c93b0d32\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_armel.deb\n Size/MD5 checksum: 209090 33d3e6b4e7df0e01ea86a61fbb5b4240\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_armel.deb\n Size/MD5 checksum: 22362 44191b6e3c34c571089c23710da67d5d\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_armel.udeb\n Size/MD5 checksum: 54240 9bade1198036f567e35d8cc6f37312ea\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_armel.deb\n Size/MD5 checksum: 118714 7bcda4ddc2817c8aab259378dc660a0c\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_hppa.udeb\n Size/MD5 checksum: 69456 1ff6cd259068a168fa229abaf71cc985\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_hppa.deb\n Size/MD5 checksum: 261136 bde3165254c6034c331a54c0560d4fcb\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_hppa.deb\n Size/MD5 checksum: 24828 bb26c745fbb3e3cd9446cb01cc0ad4e7\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_hppa.deb\n Size/MD5 checksum: 148662 f955833df5ed41fdedc3d5090a43a8e5\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_i386.udeb\n Size/MD5 checksum: 60816 009c3b55eeeaa87476ff658c5c654791\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_i386.deb\n Size/MD5 checksum: 23288 529f392c091e9e09f74e21e77da69f0c\n http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny2_i386.deb\n Size/MD5 checksum: 168162 01b2166f38485842aab660f0a397487a\n http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny2_i386.deb\n Size/MD5 checksum: 136330 11942d4c9c36b25882db662b9edf1981\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_i386.deb\n Size/MD5 checksum: 210542 54ea496b626a1875b6d7cf7519008ec3\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_i386.deb\n Size/MD5 checksum: 131876 8c8a91854bf5ee9eec30fda926519bef\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_ia64.deb\n Size/MD5 checksum: 27426 7d194ae6b0473db3ff5470c10938d964\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_ia64.deb\n Size/MD5 checksum: 206162 b5b5cd0448f4d4405e547083158d0b33\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_ia64.deb\n Size/MD5 checksum: 291698 3c2fa7560629d402db2fe09cacf78d65\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_ia64.udeb\n Size/MD5 checksum: 98262 d2fe5be42499f8cc35727ad1febaba15\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_mips.deb\n Size/MD5 checksum: 234414 c1fe34bff578c026a950a7c3f4c4d771\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_mips.udeb\n Size/MD5 checksum: 61214 4670ea4ec04854955699ef5d1115322f\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_mips.deb\n Size/MD5 checksum: 23794 294282bd2e09d86cdcecb2c7be16a2c7\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_mips.deb\n Size/MD5 checksum: 132784 8ee0a7eabf9781a087dccc9348d9e5c0\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_mipsel.deb\n Size/MD5 checksum: 224124 d846357e369b14081f16cc1576bda554\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_mipsel.deb\n Size/MD5 checksum: 131716 ab80da25bb702bf1eda5659949931cf3\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_mipsel.deb\n Size/MD5 checksum: 23812 0eab513e87cdc4b6af912e8c9b9eb97d\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_mipsel.udeb\n Size/MD5 checksum: 60652 571cd4e1defdffbd231b4f1c30317933\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_powerpc.deb\n Size/MD5 checksum: 140454 57b59323a8fd3f989c4b887a2f435edc\n http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny2_powerpc.deb\n Size/MD5 checksum: 143938 14c14076db484cc958e72b9fc4c566db\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_powerpc.deb\n Size/MD5 checksum: 280288 9fadfb58e2302a8b6f57297e65dfd8d3\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_powerpc.deb\n Size/MD5 checksum: 26806 72bac1cc1d74623ba6494645bc4289ab\n http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny2_powerpc.deb\n Size/MD5 checksum: 156730 2aca152555c73b700d1726d1eded7fe4\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_powerpc.udeb\n Size/MD5 checksum: 64998 989f172b6599508c436bc5a09c91c4f5\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_s390.deb\n Size/MD5 checksum: 220156 c7fc9bb8b053a250ab3e37bfb2bb5f48\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_s390.deb\n Size/MD5 checksum: 24202 f1db3ff06b30af0f9a37669346b03647\n http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny2_s390.deb\n Size/MD5 checksum: 134506 d64a081f5c330c143361c5a1adfbe960\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_s390.deb\n Size/MD5 checksum: 134478 45bf7476a951dd3d6fb44a230c507f20\n http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny2_s390.deb\n Size/MD5 checksum: 173076 c2cb8d4e8b9c5f0aaf3700e6efad34e8\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_s390.udeb\n Size/MD5 checksum: 61936 c87e11d3c3759892c3d6b6f418c2bb95\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_sparc.udeb\n Size/MD5 checksum: 57658 13a0ac88f44285d0d86dcd38d3deff70\n http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny2_sparc.deb\n Size/MD5 checksum: 133572 8bab47cce6aabb7d2038c6d528ff02a3\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_sparc.deb\n Size/MD5 checksum: 23164 4a504bfeb56ecce8f1b7aaaee11b138b\n http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny2_sparc.deb\n Size/MD5 checksum: 171696 8e6d324c284db7a61854d544cb49418e\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_sparc.deb\n Size/MD5 checksum: 125636 1ab1d2f419627c15d5fb557c515937f6\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_sparc.deb\n Size/MD5 checksum: 216610 ec3f0144dd15d23fb9bc188b52a26f78\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2009-12-15T20:23:26", "published": "2009-12-15T20:23:26", "id": "DEBIAN:DSA-1953-1:C6405", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00277.html", "title": "[SECURITY] [DSA-1953-1] New expat packages fix denial of service", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:14:46", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1953-2 security@debian.org\nhttp://www.debian.org/security/ Stefan Fritsch\nDecember 31, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : expat\nVulnerability : denial of service\nProblem type : remote\nDebian-specific: no\nCVE Id : CVE-2009-3560\nDebian Bug : 560901 561658\n\nThe expat updates released in DSA-1953-1 caused a regression: In some\ncases, expat would abort with the message "error in processing external\nentity reference".\n\nFor the old stable distribution (etch), this problem has been fixed in\nversion 1.95.8-3.4+etch3.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.0.1-4+lenny3.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your expat packages.\n\nFor reference, the original advisory text is provided below.\n\nJan Lieskovsky discovered an error in expat, an XML parsing C library,\nwhen parsing certain UTF-8 sequences, which can be exploited to crash an\napplication using the library.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch (oldstable)\n- -------------------------------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch3.dsc\n Size/MD5 checksum: 703 dc4b1744126125076c101096cd8ee0ab\n http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8.orig.tar.gz\n Size/MD5 checksum: 318349 aff487543845a82fe262e6e2922b4c8e\n http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch3.diff.gz\n Size/MD5 checksum: 413486 61974eddb0940c5fcbdc6c8e8c7d77ee\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch3_alpha.deb\n Size/MD5 checksum: 69540 0dd4beb265a355059da5493e6e055358\n http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch3_alpha.deb\n Size/MD5 checksum: 22400 ced8d1aec911ac230d7b9316266e497e\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch3_alpha.deb\n Size/MD5 checksum: 143198 1cae2e63c8b6d23065b4e3bc1eddafad\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch3_alpha.udeb\n Size/MD5 checksum: 61242 32ddd8b14c7b53e8c8f24a3209854deb\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch3_amd64.deb\n Size/MD5 checksum: 64742 3647c9e24678bdb2f67565b19343e182\n http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch3_amd64.deb\n Size/MD5 checksum: 21568 c374f70f56b491b2a433fb52cc0cd9c5\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch3_amd64.udeb\n Size/MD5 checksum: 56498 cb988b6a99abba9a4e83d94c87c67beb\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch3_amd64.deb\n Size/MD5 checksum: 134074 63d86aa6106c5e0ec60e0f271b69ccb8\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch3_arm.udeb\n Size/MD5 checksum: 49436 fc58417fe2ed502fb479f29af596641b\n http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch3_arm.deb\n Size/MD5 checksum: 19860 eb5abe1650682c1a1d7a3f3af4d94321\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch3_arm.deb\n Size/MD5 checksum: 57340 77f5c9b0f78ca6b19d76b2253bee0d59\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch3_arm.deb\n Size/MD5 checksum: 126218 0f9b91af3f1a4e4a36ff70e79c98d789\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch3_hppa.udeb\n Size/MD5 checksum: 64800 2ea496e98886dbb373009dbe15e423dd\n http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch3_hppa.deb\n Size/MD5 checksum: 22728 0b9d6affa1488fea43d2e1e4816139ce\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch3_hppa.deb\n Size/MD5 checksum: 73062 fa2c9ca6ddb37a7fe058eccfff268b26\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch3_hppa.deb\n Size/MD5 checksum: 151940 a615081dba00562e1d2e9ac68c223276\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch3_i386.udeb\n Size/MD5 checksum: 54992 8b4d6a3739653d5158c527000eb08701\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch3_i386.deb\n Size/MD5 checksum: 63194 b4ce5489fcb44555acba9aefc022d188\n http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch3_i386.deb\n Size/MD5 checksum: 21158 60ee653353eaedddc9390e9747b9d669\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch3_i386.deb\n Size/MD5 checksum: 130028 990eba22f2b6d8e05b61e0242a03a822\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch3_ia64.deb\n Size/MD5 checksum: 95948 8bd3da491fe5eb8533acd702ab00946b\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch3_ia64.udeb\n Size/MD5 checksum: 87382 ba190b269289552760bbd8a5769a09c0\n http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch3_ia64.deb\n Size/MD5 checksum: 25128 16e932c435c7fa41ae1ed43c765694dd\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch3_ia64.deb\n Size/MD5 checksum: 165122 a53048245382e6459dd6879f6ea858ce\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch3_mips.udeb\n Size/MD5 checksum: 56622 804d770c7f404a30340b53085852a006\n http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch3_mips.deb\n Size/MD5 checksum: 21578 3eb622edc64bee8a47c8cff1a663f0c9\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch3_mips.deb\n Size/MD5 checksum: 139334 53593f0163eb99eb07e221e6f6de58db\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch3_mips.deb\n Size/MD5 checksum: 64842 87194200f304a8ea3a666b81394e367c\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch3_mipsel.deb\n Size/MD5 checksum: 21704 e1079ae868512000f34aac19b699d7bb\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch3_mipsel.udeb\n Size/MD5 checksum: 56230 154329ee84d1c27f3e24a9eaefaed930\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch3_mipsel.deb\n Size/MD5 checksum: 64416 8234823f366d484cb8f01ce02f75fa38\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch3_mipsel.deb\n Size/MD5 checksum: 139626 d35fe671e6a7a66a85ee3e26bfd8c443\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch3_powerpc.deb\n Size/MD5 checksum: 148364 2256e210bd73511bcb55a2f5501e1cf6\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch3_powerpc.deb\n Size/MD5 checksum: 67760 c967286260ce41de83970ac54cd0a274\n http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch3_powerpc.deb\n Size/MD5 checksum: 23006 2b94ca9cb2695d119da9c3579bed8c02\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch3_powerpc.udeb\n Size/MD5 checksum: 59506 029a1f7d15eea61e8e3f3bf570bc7277\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch3_s390.udeb\n Size/MD5 checksum: 56786 cb66f6f07153f0495fd14a61abea0ca2\n http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch3_s390.deb\n Size/MD5 checksum: 21478 237d2e85e9919b00541d235030466679\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch3_s390.deb\n Size/MD5 checksum: 64988 229b084e5024dbadca4ad4c12eda7ed8\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch3_s390.deb\n Size/MD5 checksum: 132606 3fe7429e6a2d1e4c6214c972ae6b6b07\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch3_sparc.deb\n Size/MD5 checksum: 20452 2a29a1a2b01f6fccbf22b66c88f224be\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch3_sparc.deb\n Size/MD5 checksum: 128230 362c44585e31182d95dd50ae9a12174d\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch3_sparc.deb\n Size/MD5 checksum: 59922 9355e8f7e28a6bb5e308544c469b3577\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch3_sparc.udeb\n Size/MD5 checksum: 51922 e4c3ad57069782044fbf914ba836df8f\n\nDebian GNU/Linux 5.0 alias lenny (stable)\n- -----------------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1.orig.tar.gz\n Size/MD5 checksum: 446456 ee8b492592568805593f81f8cdf2a04c\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny3.diff.gz\n Size/MD5 checksum: 134076 538ad21eb6bdf5acc8328df18c4cf052\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny3.dsc\n Size/MD5 checksum: 1438 ad2aa942056412be8b8da88604b39ab8\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny3_alpha.deb\n Size/MD5 checksum: 24758 1a5b0b40e6f0549a6745814011a7a013\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny3_alpha.udeb\n Size/MD5 checksum: 62908 e1f1c34f488d5075937225756006577c\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny3_alpha.deb\n Size/MD5 checksum: 221376 d7835b9b1b0e189729ed36e11410a303\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny3_alpha.deb\n Size/MD5 checksum: 136010 5a3764a1767f11a3721a78924f15e0e5\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny3_amd64.deb\n Size/MD5 checksum: 223666 60fe9f404fef81ce62c19ff552ff6aa2\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny3_amd64.deb\n Size/MD5 checksum: 24036 368d4707dd082b6d85cddce63100a5b3\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny3_amd64.udeb\n Size/MD5 checksum: 62884 ed501255c7d6690072f26a55f1126019\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny3_amd64.deb\n Size/MD5 checksum: 136658 230844421fe45a3e2df6c47448e4875f\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny3_arm.deb\n Size/MD5 checksum: 203682 2db3ccf7a4f9dca59afd8fcab27503d8\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny3_arm.deb\n Size/MD5 checksum: 116232 995d1242155b7ad3eee21179f4794c71\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny3_arm.udeb\n Size/MD5 checksum: 52676 960c289152c08334c86c30c06d6692df\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny3_arm.deb\n Size/MD5 checksum: 22244 c6b6f15dc51f706f3b4e657b546acbf7\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny3_armel.deb\n Size/MD5 checksum: 212558 95727f5705a886c434f35f3f3bcaefae\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny3_armel.udeb\n Size/MD5 checksum: 54212 adf9e7072ba86a5fd9e631ea2ebcc1a7\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny3_armel.deb\n Size/MD5 checksum: 22632 6ab54def8b3fd10bd1043e63f1f04c0d\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny3_armel.deb\n Size/MD5 checksum: 118622 f541932a5d3741cf8a5fc74e3eed3291\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny3_hppa.deb\n Size/MD5 checksum: 24956 b74d5d349e09462cad66fd3914fe3d92\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny3_hppa.deb\n Size/MD5 checksum: 263378 e1cce62bfa58bf23c08edb53a7181b8e\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny3_hppa.deb\n Size/MD5 checksum: 148796 a08d5a83c5c014e20f61e80af1f85934\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny3_hppa.udeb\n Size/MD5 checksum: 69468 2c1f26a69352ab07ed2caeeac05b95fa\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny3_i386.deb\n Size/MD5 checksum: 132090 16f40a05b5e246cee5db23215e6f8b13\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny3_i386.deb\n Size/MD5 checksum: 210830 913c65f97181c1960564743ed23361fe\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny3_i386.udeb\n Size/MD5 checksum: 60870 25a3fb0e0b7e3e38ea75068c6225379d\n http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny3_i386.deb\n Size/MD5 checksum: 168566 60b34707f84117713ace944b333ed771\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny3_i386.deb\n Size/MD5 checksum: 23472 4674856b3fe32f76468e66b6956ab3bd\n http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny3_i386.deb\n Size/MD5 checksum: 136634 a845b4395000e0f4b565d32f482ae342\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny3_ia64.udeb\n Size/MD5 checksum: 98294 214e48ccad054b29171b803fc1f46586\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny3_ia64.deb\n Size/MD5 checksum: 27554 7874802938138a5fce2d2a9c53238a8d\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny3_ia64.deb\n Size/MD5 checksum: 206396 59a5815d13e1bc1f54baab8d5f5d8ee7\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny3_ia64.deb\n Size/MD5 checksum: 292014 ae322be8a4e9777f0537a3220cc8f8f5\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny3_mips.deb\n Size/MD5 checksum: 23944 d0b5b71a2332b557a4ae0773e3a098a1\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny3_mips.udeb\n Size/MD5 checksum: 61226 cbcc50141de10a9bb0a097ec49b65f1e\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny3_mips.deb\n Size/MD5 checksum: 132944 fa7958232168bb5d31df4a8cda7a4d76\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny3_mips.deb\n Size/MD5 checksum: 234614 6e7cc1122d737c19a8b231910dd91620\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny3_mipsel.deb\n Size/MD5 checksum: 131794 d55703db361b51a7256c07fa7766483a\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny3_mipsel.udeb\n Size/MD5 checksum: 60640 187badd5d787e2ffeca09c5c5319aa57\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny3_mipsel.deb\n Size/MD5 checksum: 224284 dbb538208e0cb04408f5ce8fa640902e\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny3_mipsel.deb\n Size/MD5 checksum: 23962 11121782a8ec5eda91991d2f16ce7703\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny3_powerpc.deb\n Size/MD5 checksum: 26946 c5519033b6e4b61ad7182e01c8a5ee3e\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny3_powerpc.udeb\n Size/MD5 checksum: 65030 f68132531320f8cc7f589851f674e2c6\n http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny3_powerpc.deb\n Size/MD5 checksum: 144086 632f3155d0425028d384d1a05ada6448\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny3_powerpc.deb\n Size/MD5 checksum: 140634 2b113edb6f97f4829b6970ee4151680f\n http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny3_powerpc.deb\n Size/MD5 checksum: 156886 f34f44a58f848f666ff850f4629f0263\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny3_powerpc.deb\n Size/MD5 checksum: 280566 dbd6730ca071ce2c082aa1c20d8140b8\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny3_s390.deb\n Size/MD5 checksum: 134684 a6102b9af5ebd27e473d8a783a6a56f1\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny3_s390.deb\n Size/MD5 checksum: 220416 e790866b2a575d3930b170e792af7920\n http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny3_s390.deb\n Size/MD5 checksum: 173454 eae43312ae4f09009d488f93b09e38b2\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny3_s390.deb\n Size/MD5 checksum: 134704 29bd6a26215bfe4645903f753efe23df\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny3_s390.deb\n Size/MD5 checksum: 24342 8f0247bbed18cf5c4f104ed03ddf0ead\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny3_s390.udeb\n Size/MD5 checksum: 61968 386065abe715c0d7f6eb03efbe587e69\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny3_sparc.deb\n Size/MD5 checksum: 125782 f46be4cacab03227c5bac78f693b364e\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny3_sparc.udeb\n Size/MD5 checksum: 57678 b35c350f3164b69e1be69da712e487da\n http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny3_sparc.deb\n Size/MD5 checksum: 216822 74a3023a185d9bb46b7cb581beadffb7\n http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny3_sparc.deb\n Size/MD5 checksum: 133782 2e228b1379c728f868e1e6be711d525c\n http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny3_sparc.deb\n Size/MD5 checksum: 172028 d51e13c7f5c2420b37f26b0313c55346\n http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny3_sparc.deb\n Size/MD5 checksum: 23292 572596331f0b2ecb3686e5c144a82bde\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2009-12-31T14:16:00", "published": "2009-12-31T14:16:00", "id": "DEBIAN:DSA-1953-2:B0CCC", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00288.html", "title": "[SECURITY] [DSA-1953-2] New expat packages fix regression", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:14:10", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1977-1 security@debian.org\nhttp://www.debian.org/security/ Giuseppe Iuculano\nJanuary 25, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackages : python2.4 python2.5\nVulnerability : several vulnerabilities\nProblem type : local (remote)\nDebian-specific: no\nCVE Id : CVE-2008-2316 CVE-2009-3560 CVE-2009-3720\nDebian Bug : 493797 560912 560913\n\n\nJukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy\nin the interpreter for the Python language, does not properly process malformed or\ncrafted XML files. (CVE-2009-3560 CVE-2009-3720)\nThis vulnerability could allow an attacker to cause a denial of service while parsing\na malformed XML file.\n\nIn addition, this update fixes an integer overflow in the hashlib module in python2.5.\nThis vulnerability could allow an attacker to defeat cryptographic digests. (CVE-2008-2316)\nIt only affects the oldstable distribution (etch).\n\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 2.4.4-3+etch3 for python2.4 and version 2.5-5+etch2 for python2.5.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.4.6-1+lenny1 for python2.4 and version 2.5.2-15+lenny1 for python2.5.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.5.4-3.1 for python2.5, and will migrate to the testing distribution (squeeze)\nshortly.\npython2.4 has been removed from the testing distribution (squeeze), and it will\nbe removed from the unstable distribution soon.\n\n\nWe recommend that you upgrade your python packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2.dsc\n Size/MD5 checksum: 1313 61c8f540d768731518e649f759ad1500\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3.dsc\n Size/MD5 checksum: 1210 647efe66b35aa00c2f0416e41920fdf8\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4.orig.tar.gz\n Size/MD5 checksum: 9508940 f74ef9de91918f8927e75e8c3024263a\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3.diff.gz\n Size/MD5 checksum: 207460 c9b1b80a1aae12db910e353dab5cd0fb\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2.diff.gz\n Size/MD5 checksum: 271887 2d1944512d0eaa925a4a158b2c3a5845\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.orig.tar.gz\n Size/MD5 checksum: 11010528 2ce301134620012ad6dafb27bbcab7eb\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/p/python2.5/idle-python2.5_2.5-5+etch2_all.deb\n Size/MD5 checksum: 62226 9de6fad0cf4c106d77c4189ecf3f0fab\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-examples_2.4.4-3+etch3_all.deb\n Size/MD5 checksum: 589766 e33c071f8e1864e1c5a63d2e39f21d2f\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-examples_2.5-5+etch2_all.deb\n Size/MD5 checksum: 645704 8732b224b59cd6488596117d074831f9\n http://security.debian.org/pool/updates/main/p/python2.4/idle-python2.4_2.4.4-3+etch3_all.deb\n Size/MD5 checksum: 60154 8ac06e4c9ad4c1830ee90ece429690fe\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_alpha.deb\n Size/MD5 checksum: 2943634 e5ab4789b18f9ac953b6b101ec897616\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_alpha.deb\n Size/MD5 checksum: 6082828 772c99f5e8dc4e7c9306ba4a61837565\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_alpha.deb\n Size/MD5 checksum: 1850092 a19fd86a326d42a31ed75d1f1272d94c\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_alpha.deb\n Size/MD5 checksum: 849306 6c7cfd716177bc3677729ef27cd533ff\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_alpha.deb\n Size/MD5 checksum: 5248986 20d666649174384d0533b25edfbc6f03\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_alpha.deb\n Size/MD5 checksum: 2065970 6bdae572cabf8df46b207f75d2183466\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_alpha.deb\n Size/MD5 checksum: 964360 1af19c98fcf6c45530245c70189b221e\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_alpha.deb\n Size/MD5 checksum: 3597172 1a2766b7f3936ec996231a772b01fbcc\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_amd64.deb\n Size/MD5 checksum: 965684 d3bd2cd13ef83f7fba2d708fab3086ea\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_amd64.deb\n Size/MD5 checksum: 6434970 da2852f1c67cf014d657c4f4084e779b\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_amd64.deb\n Size/MD5 checksum: 849554 6e61f418e4a10c29e0f281d33e44d461\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_amd64.deb\n Size/MD5 checksum: 3551970 c9ae94fbae38d21fe1a6beba77715845\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_amd64.deb\n Size/MD5 checksum: 5591082 e8192ae1a5cbfa164173153cb2bf717b\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_amd64.deb\n Size/MD5 checksum: 1805316 331781e25b5ccb09edaf2c960baf6e5e\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_amd64.deb\n Size/MD5 checksum: 1637090 70903f2488746ddfa51f292f6700c7ff\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_amd64.deb\n Size/MD5 checksum: 2939260 0785da419764687ade6bdb8f7515b2ff\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_arm.deb\n Size/MD5 checksum: 1655380 256686aa24be93811859273d08958da7\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_arm.deb\n Size/MD5 checksum: 902370 d960fa1178cf95a08dafe3cb89558cc7\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_arm.deb\n Size/MD5 checksum: 3442402 609d505bd9e57701e1280f2d0f068c5d\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_arm.deb\n Size/MD5 checksum: 2882624 8bf48290e767ab5fa9931601e87b5487\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_arm.deb\n Size/MD5 checksum: 6025756 a9c9db5794d963bdc1459139c00cf24b\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_arm.deb\n Size/MD5 checksum: 1502438 56b8a358ccba6e9ccd9b8982dc60b17b\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_arm.deb\n Size/MD5 checksum: 782066 13d4b6bbe6455ceba144d052a035b149\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_arm.deb\n Size/MD5 checksum: 5362998 4e1752318250b85a9d3c21f8208ed203\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_i386.deb\n Size/MD5 checksum: 3485076 9101b64a6cb48cf6291fc87942b55d4d\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_i386.deb\n Size/MD5 checksum: 6008832 8b1713968b57cc2893ed0d06d8e7a846\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_i386.deb\n Size/MD5 checksum: 1678912 31d78c6b03be55424756c653239d008d\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_i386.deb\n Size/MD5 checksum: 5197092 623838e1ad458d956ce864b78604c0e7\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_i386.deb\n Size/MD5 checksum: 1514902 dc1c60d8a656276df4153811555ac799\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_i386.deb\n Size/MD5 checksum: 2885706 fce2c69021a80786d1b1c2d83f2d7ac8\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_i386.deb\n Size/MD5 checksum: 785708 561f5fe2c20f9f39f49c8d70957e1f45\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_i386.deb\n Size/MD5 checksum: 903530 59a20bf71f5e9c4875695c39c87466da\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_ia64.deb\n Size/MD5 checksum: 4038134 76dd84e871b73003d595d839e4bdabc3\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_ia64.deb\n Size/MD5 checksum: 3373280 5bba36ca636edd8ba47bc74006d80480\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_ia64.deb\n Size/MD5 checksum: 1176148 6a3cc67c4c69b2e1676aeb2ca8043413\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_ia64.deb\n Size/MD5 checksum: 6070104 97b5ac1430d4c1aff35315612dea093c\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_ia64.deb\n Size/MD5 checksum: 1290486 49cf2c17e9ccf5145714ee1e7cbeb654\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_ia64.deb\n Size/MD5 checksum: 2477314 e618b7295a1f8d962f0eaba38b27501c\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_ia64.deb\n Size/MD5 checksum: 2271840 e38a6bb3d779759b0b154c991cca4fde\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_ia64.deb\n Size/MD5 checksum: 6967362 2f2f314f113a48f887f3d2d775680724\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_mips.deb\n Size/MD5 checksum: 1723480 bd7bfe33b5761aa79aa2e243aa62e8a7\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_mips.deb\n Size/MD5 checksum: 6337432 f1ce618e5140860dc0d3022f821fa1c6\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_mips.deb\n Size/MD5 checksum: 1904704 77f49f4a3fa95a1d3d856e7fd3e11a0a\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_mips.deb\n Size/MD5 checksum: 2875352 f9498cbfcda84e21482a7cf623785dae\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_mips.deb\n Size/MD5 checksum: 5655674 05f07a559ae9b5bd412d6c5f9fc9f286\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_mips.deb\n Size/MD5 checksum: 3450444 122623d3f1399c79aaeff311bb3e34dd\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_mips.deb\n Size/MD5 checksum: 818604 742d631edc9ecdce640a7ffd8d0f6ef2\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_mips.deb\n Size/MD5 checksum: 954894 5ea47afca74de332e11abcc5aa688b0a\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_mipsel.deb\n Size/MD5 checksum: 1896728 4df58fc3a78d290eb2e401e752eeae24\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_mipsel.deb\n Size/MD5 checksum: 6342276 3a0167019bd0069d93f867e5561bd6cf\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_mipsel.deb\n Size/MD5 checksum: 1718110 2bcd6dd1d353e6035e3afa31cca65881\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_mipsel.deb\n Size/MD5 checksum: 2864570 b1a9fb3d9606df3a7f37d3d11a14f10b\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_mipsel.deb\n Size/MD5 checksum: 939928 fd5fe4d4b52c6f90e9b3da52c3714faf\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_mipsel.deb\n Size/MD5 checksum: 817926 2e0285918fcc7f050efa3f8efd1788e0\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_mipsel.deb\n Size/MD5 checksum: 3456696 213be08c9bbd883a0394ba39f28e9544\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_mipsel.deb\n Size/MD5 checksum: 5516890 2a7b3cbaaa3fb76cc7e94859984c7785\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_powerpc.deb\n Size/MD5 checksum: 5786916 e37ffa455e7bc1eb19327ff25c19376c\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_powerpc.deb\n Size/MD5 checksum: 6642592 f78a6568fb128e1d8ae48c654d89499f\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_powerpc.deb\n Size/MD5 checksum: 1813020 02f2fb5da0c0e7cba4e2c5665e88f4fb\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_powerpc.deb\n Size/MD5 checksum: 2991518 d786aa3b58f5cd785ebd319671dd3acd\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_powerpc.deb\n Size/MD5 checksum: 1645882 534d8cd58faa21efb25853ccca534293\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_powerpc.deb\n Size/MD5 checksum: 846488 40e0e5bfc7bf7a2dc687e96b0fa9831f\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_powerpc.deb\n Size/MD5 checksum: 980796 d72fc72f7346f662b903625fb37aa1cf\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_powerpc.deb\n Size/MD5 checksum: 3630856 0b23afe5a9158d5fae7d7967412fb119\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_s390.deb\n Size/MD5 checksum: 6537036 3075cff6065832ede38103d6e561cbff\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_s390.deb\n Size/MD5 checksum: 2977350 17af373f0ccc82bcbd104c9f7084ab19\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_s390.deb\n Size/MD5 checksum: 3615022 a7c7bb200b84e73d869e116153176d25\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_s390.deb\n Size/MD5 checksum: 1816954 8799735a759a9ee23632b73e849cb011\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_s390.deb\n Size/MD5 checksum: 841270 41f0eef8a48bed39dc9c326ab8f34fa4\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_s390.deb\n Size/MD5 checksum: 1648348 38fea8dbdf766d07e95c0bde5b567083\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_s390.deb\n Size/MD5 checksum: 5678022 79305cf65518300cd7003bb596c5bf6a\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_s390.deb\n Size/MD5 checksum: 975012 af2f7377a18fc4a1ad318c281cccc730\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_sparc.deb\n Size/MD5 checksum: 1588872 ccffec900733310a3ea11aacf1e0e17a\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_sparc.deb\n Size/MD5 checksum: 5199220 54ffa80a0721b4ed29f3a51585f0ed8d\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_sparc.deb\n Size/MD5 checksum: 2900078 b0faca3235b7692ddbd570ea5f268f43\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_sparc.deb\n Size/MD5 checksum: 6014384 b215653b90622537700a136c712e0828\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_sparc.deb\n Size/MD5 checksum: 1762044 adc4c438a5d8a29a5567e895cf131caa\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_sparc.deb\n Size/MD5 checksum: 917636 2ce661d9e384b38f77ab6bb227ed7f2e\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_sparc.deb\n Size/MD5 checksum: 780110 fd9f9f81c486d6d51046ea0eae69faab\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_sparc.deb\n Size/MD5 checksum: 3531520 145f0d4c585c826fe288712198143dd0\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1.diff.gz\n Size/MD5 checksum: 259402 0e938435302fecede43e1bae39fadec0\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1.dsc\n Size/MD5 checksum: 1635 d834b90d21b73518ccccb726f18f05c3\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1.diff.gz\n Size/MD5 checksum: 227322 f71561ec858f0e70c4c4a3170b70d825\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6.orig.tar.gz\n Size/MD5 checksum: 9594954 1f81e15ea22838260d5c094d31107443\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2.orig.tar.gz\n Size/MD5 checksum: 11577883 87619e5bf07b3506fec639b7e4d86215\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1.dsc\n Size/MD5 checksum: 1843 aba282dff875feff56c253b049599973\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-examples_2.4.6-1+lenny1_all.deb\n Size/MD5 checksum: 592970 acd6acbc49867555f82a0973d3ea3634\n http://security.debian.org/pool/updates/main/p/python2.4/idle-python2.4_2.4.6-1+lenny1_all.deb\n Size/MD5 checksum: 62960 3ab8888a4f25fc99665468e1b9b6a532\n http://security.debian.org/pool/updates/main/p/python2.5/idle-python2.5_2.5.2-15+lenny1_all.deb\n Size/MD5 checksum: 67614 ab990a7d6b2e5551c2d2f4142adde757\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-examples_2.5.2-15+lenny1_all.deb\n Size/MD5 checksum: 650540 c7f2447d4ec76295ca1ed34b042c4fcd\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_alpha.deb\n Size/MD5 checksum: 1050432 a3555e82a3a091d160243cabb623a3ec\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_alpha.deb\n Size/MD5 checksum: 2910548 51830e53b229b5cb6ebbd4d18d9f2cdd\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_alpha.deb\n Size/MD5 checksum: 2279724 4e9d740c20e2d3053706d917448d8d84\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_alpha.deb\n Size/MD5 checksum: 3004756 912a328ed9cbc0d086e733150a039264\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_alpha.deb\n Size/MD5 checksum: 1269576 90dfe865505acea89c3313892deff54d\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_alpha.deb\n Size/MD5 checksum: 1819224 9af404dbfeed376e5426fbd271cd26d2\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_alpha.deb\n Size/MD5 checksum: 6696030 912c974cf9fd308214629caba35390c4\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_alpha.deb\n Size/MD5 checksum: 7759692 a7e36a5a7a24b4da165935769c757a4c\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_amd64.deb\n Size/MD5 checksum: 3039300 2b9b5642900fa36a55acfac804b82595\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_amd64.deb\n Size/MD5 checksum: 2055518 a13f31e577bf717941eaa1fe7c822014\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_amd64.deb\n Size/MD5 checksum: 8068080 21cfeef43821361980ffb8e882dd8b4c\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_amd64.deb\n Size/MD5 checksum: 1636016 fd6df56a5558393fd77d6a25c7e1908c\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_amd64.deb\n Size/MD5 checksum: 1287394 8a5f537e60f66b0fc6ffb9ba7232a79b\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_amd64.deb\n Size/MD5 checksum: 2922170 c6e0d8454496dd77ef95eb67c8fa1fa6\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_amd64.deb\n Size/MD5 checksum: 1059556 76df9392d4aaec7603360bd825d952ec\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_amd64.deb\n Size/MD5 checksum: 7007634 0f265715d8a8438b1986db8248a0e770\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_arm.deb\n Size/MD5 checksum: 1480810 2ecf375fefba0aadc6c9072ae094f705\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_arm.deb\n Size/MD5 checksum: 986362 99d2766a01407f95b9efa15b468cf2ae\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_arm.deb\n Size/MD5 checksum: 6697802 2e708c97d70e1c078860f2c7ab66c4cf\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_arm.deb\n Size/MD5 checksum: 2822456 b3cf69fbc7ae3088bcf67262c0e0f432\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_armel.deb\n Size/MD5 checksum: 1205000 2a66a44ebfec6c98b2c335094b0c51df\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_armel.deb\n Size/MD5 checksum: 1887542 c8b467dd68d1c7456509106ab3298079\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_armel.deb\n Size/MD5 checksum: 1492458 a288cf1fa071c4fe29ab4ac772427658\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_armel.deb\n Size/MD5 checksum: 7792122 ee1b6456605a7a1711435286d7e6df73\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_armel.deb\n Size/MD5 checksum: 2928626 a85b6da900a3e8251fa82325ea893f4d\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_armel.deb\n Size/MD5 checksum: 2835812 fc9540635bdcc297e0fccb1247310036\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_armel.deb\n Size/MD5 checksum: 995444 071400e211bfbfdad4ecfa6c5a0f60e4\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_armel.deb\n Size/MD5 checksum: 6732668 597c750f1a4a89ea80415af74d931415\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_hppa.deb\n Size/MD5 checksum: 3017194 f66327933f5e2eb35677d3f793ea8801\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_hppa.deb\n Size/MD5 checksum: 1106842 e6a617a0cc026b0c6ec46296fba43217\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_hppa.deb\n Size/MD5 checksum: 3130332 0c85f437af2a39375077950c39233dc1\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_hppa.deb\n Size/MD5 checksum: 1315812 439ff8b6fa303136f0d700be8e5e3b30\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_hppa.deb\n Size/MD5 checksum: 1761126 519e3250afed9ea0d336460876581abb\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_hppa.deb\n Size/MD5 checksum: 2182678 471626860250b451545c17dc20e395f0\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_hppa.deb\n Size/MD5 checksum: 8165218 0543661a55ad63a94e105d8e1d8c6e06\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_hppa.deb\n Size/MD5 checksum: 7121930 00ba160ff835ff1bac27b63e24c06dcd\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_i386.deb\n Size/MD5 checksum: 7445210 32de30f9d05aacf490d0fca9230ce2d6\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_i386.deb\n Size/MD5 checksum: 6473440 8a63d0afe4d8a9bfb231029653386ac7\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_i386.deb\n Size/MD5 checksum: 2840966 2857bbbf61e0d7105748d5f7d998ecc9\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_i386.deb\n Size/MD5 checksum: 1901642 ec501a14e3e055521a32be209bfd6065\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_i386.deb\n Size/MD5 checksum: 1500408 577f7604a1bcb169382eb2b04ffc3da4\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_i386.deb\n Size/MD5 checksum: 1001110 dc8aabc3ad985885ba6697ad9005b114\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_i386.deb\n Size/MD5 checksum: 1204582 2e66c60a24e246e68fefab4130646f76\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_i386.deb\n Size/MD5 checksum: 2920660 82e39326a721a8a6d951d18d9a51f329\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_ia64.deb\n Size/MD5 checksum: 1376448 80fe6b180ac7e11b888b5049fb7c200a\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_ia64.deb\n Size/MD5 checksum: 3347132 f0ff949c6bfbafab1b17538387529e4f\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_ia64.deb\n Size/MD5 checksum: 7726782 260d8142521faefac9886240b2ed0083\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_ia64.deb\n Size/MD5 checksum: 2725178 fed42f3c7e41715130ead410b865d64a\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_ia64.deb\n Size/MD5 checksum: 8825378 0342996e5191c4991ce050c9cb75c482\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_ia64.deb\n Size/MD5 checksum: 1590804 bc9116980b071a5028da79952d5bdaec\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_ia64.deb\n Size/MD5 checksum: 3497066 f1124e07480912f3bd5f1d38e0c5b50b\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_ia64.deb\n Size/MD5 checksum: 2265086 d877a5f62399ad16d615bfe84efc6958\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_mips.deb\n Size/MD5 checksum: 2825196 e7fdd0f860936344b1db20ec910b5a6d\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_mips.deb\n Size/MD5 checksum: 8118598 cf5f26a093da554ba2006403191dc196\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_mips.deb\n Size/MD5 checksum: 1213396 6f37980e41c652ff5b5c7dc1481054dc\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_mips.deb\n Size/MD5 checksum: 1017270 4e5efaf44070880e885d03ce3d8f18d1\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_mips.deb\n Size/MD5 checksum: 2118146 46f731536d1b5ee504300666511d03d3\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_mips.deb\n Size/MD5 checksum: 1691808 b6a26f0c8bdf22a3f94af26973c26674\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_mips.deb\n Size/MD5 checksum: 2912552 06db484cfe9a64b27c79241b96bfc50a\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_mips.deb\n Size/MD5 checksum: 7074470 262210b781915863e28b48d524a896d4\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_mipsel.deb\n Size/MD5 checksum: 2812542 c42d3f59416e7c7f06cbcf0024016f87\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_mipsel.deb\n Size/MD5 checksum: 7923970 502614937e856fae885f6803e4a8d574\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_mipsel.deb\n Size/MD5 checksum: 2896108 64b764fc113477e721ecc8bab5948056\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_mipsel.deb\n Size/MD5 checksum: 999792 1acf03a8c0c35d51b374cd54a1de2858\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_mipsel.deb\n Size/MD5 checksum: 2107492 9047d86dfe0f239ab956dfb012516012\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_mipsel.deb\n Size/MD5 checksum: 1684612 102993c227864cb2c7995b94c8e2fefa\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_mipsel.deb\n Size/MD5 checksum: 6908834 6bfbb087f446a55f6d0d9119543297bf\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_mipsel.deb\n Size/MD5 checksum: 1194642 f18516da63d233aa47fdeb7746bafc95\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_powerpc.deb\n Size/MD5 checksum: 2986222 799ec8f7de6aecca791c647a1b11c1b6\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_powerpc.deb\n Size/MD5 checksum: 1089018 e19ba2f01191433ce98349cbd257f7ed\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_powerpc.deb\n Size/MD5 checksum: 3089072 e5b245422aa5b5a0c0291de83cece484\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_powerpc.deb\n Size/MD5 checksum: 2033524 1c517d2a0332a2ee9f652fb1e55bb86a\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_powerpc.deb\n Size/MD5 checksum: 7354102 2187dbbc1f7c64f68cf18e5e8f42bc43\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_powerpc.deb\n Size/MD5 checksum: 1301040 aab8a0928d1cec5e5898476d19ee715e\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_powerpc.deb\n Size/MD5 checksum: 1627266 c9918cec15d37f26afaee334652a9de8\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_powerpc.deb\n Size/MD5 checksum: 8430770 8a0e02c268114e7cb68f0661516285c3\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_s390.deb\n Size/MD5 checksum: 8402520 ea0e47c8576e21dd542da73ba1fde81a\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_s390.deb\n Size/MD5 checksum: 1626056 41a00b0cc87c6de55347a8db2a571615\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_s390.deb\n Size/MD5 checksum: 2939446 14373109b13f038f25407964e3b0d703\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_s390.deb\n Size/MD5 checksum: 3038576 d39a4da52be24fe42660b1b637a025b0\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_s390.deb\n Size/MD5 checksum: 2036472 aa1cb9006184b83e0367838c55350ad9\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_s390.deb\n Size/MD5 checksum: 1058012 dd7e4bbb0f382f72da55bb5936f1ef15\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_s390.deb\n Size/MD5 checksum: 1262296 3ebbcd77b1b29826a036db531615217a\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_s390.deb\n Size/MD5 checksum: 7325942 3668bd0d8b076fb6e0a37ba3fe0cc8eb\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2010-01-25T22:01:37", "published": "2010-01-25T22:01:37", "id": "DEBIAN:DSA-1977-1:4A5F0", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00013.html", "title": "[SECURITY] [DSA-1977-1] New python packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:23", "bulletinFamily": "unix", "description": "\nCVE reports:\n\nThe big2_toUtf8 function in lib/xmltok.c in libexpat in\n\t Expat 2.0.1, as used in the XML-Twig module for Perl, allows\n\t context-dependent attackers to cause a denial of service\n\t (application crash) via an XML document with malformed UTF-8\n\t sequences that trigger a buffer over-read, related to the\n\t doProlog function in lib/xmlparse.c.\n\n", "modified": "2009-10-05T00:00:00", "published": "2009-10-05T00:00:00", "id": "E9FCA207-E399-11DE-881E-001AA0166822", "href": "https://vuxml.freebsd.org/freebsd/e9fca207-e399-11de-881e-001aa0166822.html", "title": "expat2 -- buffer over-read and crash", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:15:18", "bulletinFamily": "unix", "description": "\nSecunia reports:\n\nMultiple vulnerabilities have been reported in APR-util, which can\n\t be exploited by malicious people to cause a DoS (Denial of\n\t Service).\nTwo XML parsing vulnerabilities exist in the bundled version of\n\t expat.\nAn error within the \"apr_brigade_split_line()\" function in\n\t buckets/apr_brigade.c can be exploited to cause high memory\n\t consumption.\n\n", "modified": "2010-10-20T00:00:00", "published": "2010-10-02T00:00:00", "id": "DD943FBB-D0FE-11DF-95A8-00219B0FC4D8", "href": "https://vuxml.freebsd.org/freebsd/dd943fbb-d0fe-11df-95a8-00219b0fc4d8.html", "title": "apr -- multiple vunerabilities", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:14:07", "bulletinFamily": "unix", "description": "\nMitre reports:\n\nThe HTBoundary_put_block function in HTBound.c for W3C libwww\n\t (w3c-libwww) allows remote servers to cause a denial of service\n\t (segmentation fault) via a crafted multipart/byteranges MIME message\n\t that triggers an out-of-bounds read.\n\n\nThe big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1,\n\t as used in the XML-Twig module for Perl, allows context-dependent\n\t attackers to cause a denial of service (application crash) via an XML\n\t document with malformed UTF-8 sequences that trigger a buffer\n\t over-read, related to the doProlog function in lib/xmlparse.c, a\n\t different vulnerability than CVE-2009-2625 and CVE-2009-3720.\n\n\nThe updatePosition function in lib/xmltok_impl.c in libexpat in\n\t Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other\n\t software, allows context-dependent attackers to cause a denial of\n\t service (application crash) via an XML document with crafted UTF-8\n\t sequences that trigger a buffer over-read, a different vulnerability\n\t than CVE-2009-2625.\n\n", "modified": "2005-10-12T00:00:00", "published": "2005-10-12T00:00:00", "id": "18449F92-AB39-11E6-8011-005056925DB4", "href": "https://vuxml.freebsd.org/freebsd/18449f92-ab39-11e6-8011-005056925db4.html", "title": "libwww -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T18:22:55", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 37203\r\nCVE ID: CVE-2009-3560\r\n\r\nExpat\u662f\u7528C\u8bed\u8a00\u7f16\u5199\u7684XML\u89e3\u6790\u5668\u5e93\u3002\r\n\r\nExpat\u5e93\u7684lib/xmltok.c\u6587\u4ef6\u4e2d\u7684big2_toUtf8\u51fd\u6570\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u5982\u679c\u7528\u6237\u53d7\u9a97\u6253\u5f00\u4e86\u5305\u542b\u6709\u7578\u5f62UTF-8\u5e8f\u5217\u7684XML\u6587\u6863\uff0c\u5c31\u4f1a\u5728lib/xmlparse.c\u7684doProlog\u51fd\u6570\u4e2d\u89e6\u53d1\u7f13\u51b2\u533a\u8d8a\u754c\u8bfb\u53d6\uff0c\u5bfc\u81f4\u94fe\u63a5\u5230Expat\u5e93\u4e0a\u7684\u5e94\u7528\u5d29\u6e83\u3002\n\nJames Clark Expat 2.0.1\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nDebian\r\n------\r\nDebian\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08DSA-1953-1\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nDSA-1953-1\uff1aNew expat packages fix denial of service\r\n\u94fe\u63a5\uff1ahttp://www.debian.org/security/2009/dsa-1953\r\n\r\n\u8865\u4e01\u4e0b\u8f7d\uff1a\r\n\r\nSource archives:\r\n\r\nhttp://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2.diff.gz\r\nSize/MD5 checksum: 413321 e6d99f30014fccc0ffb9db1554ba1472\r\nhttp://security.debian.org/pool/updates/main/e/expat/expat_1.95.8.orig.tar.gz\r\nSize/MD5 checksum: 318349 aff487543845a82fe262e6e2922b4c8e\r\nhttp://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2.dsc\r\nSize/MD5 checksum: 703 50e1e2ab47fe419e89ef671991ddb3f0\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_alpha.deb\r\nSize/MD5 checksum: 69460 59616e932bcd8c86ecd4998fe633f5ee\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_alpha.udeb\r\nSize/MD5 checksum: 61198 39a8aaec6ba02d5a206e44db95bc5d87\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_alpha.deb\r\nSize/MD5 checksum: 143250 ac848be2b40296fbdf3a6a6eeed551f4\r\nhttp://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_alpha.deb\r\nSize/MD5 checksum: 22360 e3b52bc716fa975c4cc43cc9a00a4546\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_amd64.deb\r\nSize/MD5 checksum: 64628 0ebf8bb1e3b55cf8e751f638881eee14\r\nhttp://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_amd64.deb\r\nSize/MD5 checksum: 21518 4ee3b94bccadb231c5ee8e47b9ebe053\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_amd64.udeb\r\nSize/MD5 checksum: 56436 e856562cc8156f88ef07d3b79aac9336\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_amd64.deb\r\nSize/MD5 checksum: 133908 30ba0c9b11641b960327577a65ff4423\r\n\r\narm architecture (ARM)\r\n\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_arm.deb\r\nSize/MD5 checksum: 57250 1b0a1f0cf411bb0d437f3a01e5cd3593\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_arm.deb\r\nSize/MD5 checksum: 126100 0f0bcf322522ee564f1c006b9172a873\r\nhttp://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_arm.deb\r\nSize/MD5 checksum: 19798 eaea089d8c4d2bfc14ecf7a72f149202\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_arm.udeb\r\nSize/MD5 checksum: 49400 07e75e50c1b7adae634d77763bd5e86e\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_hppa.deb\r\nSize/MD5 checksum: 149462 2a9bead50733246e3cc1f8b52c283d6c\r\nhttp://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_hppa.deb\r\nSize/MD5 checksum: 22684 44dd6038115624b780f51314b38d1819\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_hppa.udeb\r\nSize/MD5 checksum: 64792 aa392afb507d07a4eb4061e6368afd04\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_hppa.deb\r\nSize/MD5 checksum: 73014 a8317a8f7a03f9aa5561fe43fbbdbcae\r\n\r\ni386 architecture (Intel ia32)\r\n\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_i386.deb\r\nSize/MD5 checksum: 63130 28f26b307f7cb5b133c7d7b0b7f336dc\r\nhttp://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_i386.deb\r\nSize/MD5 checksum: 21090 67a8e21213321cf54be9dc58380ce45f\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_i386.deb\r\nSize/MD5 checksum: 129822 4e06399f0079e7608d25430ded374d97\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_i386.udeb\r\nSize/MD5 checksum: 54984 64b2c0654425bd1234f5394efb1e2d69\r\n\r\nia64 architecture (Intel ia64)\r\n\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_ia64.udeb\r\nSize/MD5 checksum: 87362 c78054403944437ce5ddfa700ee04532\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_ia64.deb\r\nSize/MD5 checksum: 164964 11efdcba7612853f816112c1b99437d0\r\nhttp://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_ia64.deb\r\nSize/MD5 checksum: 25076 e6f02ab66bde8b7de92ef2d97b60f9c0\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_ia64.deb\r\nSize/MD5 checksum: 95858 fe960e6af68f6e12429ee8eb600d80f9\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_mips.udeb\r\nSize/MD5 checksum: 56612 a917e2fe1206a9614fb7b9c04eb88a86\r\nhttp://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_mips.deb\r\nSize/MD5 checksum: 21600 fbcd5b817b80aaa9856698d68a6fa455\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_mips.deb\r\nSize/MD5 checksum: 141918 dc95f50a8665aeb063885bc989d1315f\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_mips.deb\r\nSize/MD5 checksum: 64702 cd4cee2ee2b4cb36d6f822998c5d7d20\r\n\r\npowerpc architecture (PowerPC)\r\n\r\nhttp://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_powerpc.deb\r\nSize/MD5 checksum: 22948 50ae9c0fa46faebf9a4eafeb2fb40b9a\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_powerpc.udeb\r\nSize/MD5 checksum: 59448 4d212532482851f7a463ede5419f1791\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_powerpc.deb\r\nSize/MD5 checksum: 148146 381b2f1b56ec4b803cf904e0cd58e4ec\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_powerpc.deb\r\nSize/MD5 checksum: 67650 de0a12471a24bc12da5c7b4cd33bba07\r\n\r\ns390 architecture (IBM S/390)\r\n\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_s390.deb\r\nSize/MD5 checksum: 64906 f480563f4ff6a0f77dbd0a490a973b9d\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_s390.udeb\r\nSize/MD5 checksum: 56770 7854d9f4ce32b1963ede0790b69904d0\r\nhttp://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_s390.deb\r\nSize/MD5 checksum: 21420 d039dacbda9db203d23281317a8ddd3c\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_s390.deb\r\nSize/MD5 checksum: 132506 d194bdb366195ba2402999a2cad5aa4d\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_sparc.deb\r\nSize/MD5 checksum: 128580 39bf980ed2bfd1a5f332b48c5f4b355b\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_sparc.udeb\r\nSize/MD5 checksum: 51882 84810453c7288687eebcd5822c4525ca\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_sparc.deb\r\nSize/MD5 checksum: 59824 b71d2a54edf53c92d97b1faa63930134\r\nhttp://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_sparc.deb\r\nSize/MD5 checksum: 20394 7f1bc9c83495ab50c03701e6ef125332\r\n\r\nDebian GNU/Linux 5.0 alias lenny (stable)\r\n- -----------------------------------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\nhttp://security.debian.org/pool/updates/main/e/expat/expat_2.0.1.orig.tar.gz\r\nSize/MD5 checksum: 446456 ee8b492592568805593f81f8cdf2a04c\r\nhttp://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2.dsc\r\nSize/MD5 checksum: 1438 556771752cdeb9b854aae0ecd060e1c5\r\nhttp://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2.diff.gz\r\nSize/MD5 checksum: 133845 424badd53b1147b260c2dfd3b7c5f153\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_alpha.udeb\r\nSize/MD5 checksum: 62898 289c10af11866f2862eebe1920910969\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_alpha.deb\r\nSize/MD5 checksum: 221130 e5c4f3465c09b47b47b2959b44aeed09\r\nhttp://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_alpha.deb\r\nSize/MD5 checksum: 24628 92666b01407635c4829fc5fea10237b3\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_alpha.deb\r\nSize/MD5 checksum: 135844 331e0b3b6c41c716686de6eb7408024d\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_amd64.deb\r\nSize/MD5 checksum: 223306 6736ebbd46ddb4f03c7731c9ad893d27\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_amd64.udeb\r\nSize/MD5 checksum: 62810 e8bcc7686a563b52372f1d03b5e39106\r\nhttp://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_amd64.deb\r\nSize/MD5 checksum: 23898 688c33641259b60883572206e151449a\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_amd64.deb\r\nSize/MD5 checksum: 136360 752cdbf7c744780a629272335fa52779\r\n\r\narm architecture (ARM)\r\n\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_arm.udeb\r\nSize/MD5 checksum: 52720 27a3e489f7ca8ad52bfc076a81348900\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_arm.deb\r\nSize/MD5 checksum: 203330 63309ffa0125a0ebf1c4d60831a0f365\r\nhttp://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_arm.deb\r\nSize/MD5 checksum: 22108 165b6b7584589a653b5c8f6e2619f020\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_arm.deb\r\nSize/MD5 checksum: 116164 979ed610597f6e64ae7646e0c93b0d32\r\n\r\narmel architecture (ARM EABI)\r\n\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_armel.deb\r\nSize/MD5 checksum: 209090 33d3e6b4e7df0e01ea86a61fbb5b4240\r\nhttp://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_armel.deb\r\nSize/MD5 checksum: 22362 44191b6e3c34c571089c23710da67d5d\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_armel.udeb\r\nSize/MD5 checksum: 54240 9bade1198036f567e35d8cc6f37312ea\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_armel.deb\r\nSize/MD5 checksum: 118714 7bcda4ddc2817c8aab259378dc660a0c\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_hppa.udeb\r\nSize/MD5 checksum: 69456 1ff6cd259068a168fa229abaf71cc985\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_hppa.deb\r\nSize/MD5 checksum: 261136 bde3165254c6034c331a54c0560d4fcb\r\nhttp://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_hppa.deb\r\nSize/MD5 checksum: 24828 bb26c745fbb3e3cd9446cb01cc0ad4e7\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_hppa.deb\r\nSize/MD5 checksum: 148662 f955833df5ed41fdedc3d5090a43a8e5\r\n\r\ni386 architecture (Intel ia32)\r\n\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_i386.udeb\r\nSize/MD5 checksum: 60816 009c3b55eeeaa87476ff658c5c654791\r\nhttp://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_i386.deb\r\nSize/MD5 checksum: 23288 529f392c091e9e09f74e21e77da69f0c\r\nhttp://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny2_i386.deb\r\nSize/MD5 checksum: 168162 01b2166f38485842aab660f0a397487a\r\nhttp://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny2_i386.deb\r\nSize/MD5 checksum: 136330 11942d4c9c36b25882db662b9edf1981\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_i386.deb\r\nSize/MD5 checksum: 210542 54ea496b626a1875b6d7cf7519008ec3\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_i386.deb\r\nSize/MD5 checksum: 131876 8c8a91854bf5ee9eec30fda926519bef\r\n\r\nia64 architecture (Intel ia64)\r\n\r\nhttp://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_ia64.deb\r\nSize/MD5 checksum: 27426 7d194ae6b0473db3ff5470c10938d964\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_ia64.deb\r\nSize/MD5 checksum: 206162 b5b5cd0448f4d4405e547083158d0b33\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_ia64.deb\r\nSize/MD5 checksum: 291698 3c2fa7560629d402db2fe09cacf78d65\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_ia64.udeb\r\nSize/MD5 checksum: 98262 d2fe5be42499f8cc35727ad1febaba15\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_mips.deb\r\nSize/MD5 checksum: 234414 c1fe34bff578c026a950a7c3f4c4d771\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_mips.udeb\r\nSize/MD5 checksum: 61214 4670ea4ec04854955699ef5d1115322f\r\nhttp://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_mips.deb\r\nSize/MD5 checksum: 23794 294282bd2e09d86cdcecb2c7be16a2c7\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_mips.deb\r\nSize/MD5 checksum: 132784 8ee0a7eabf9781a087dccc9348d9e5c0\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_mipsel.deb\r\nSize/MD5 checksum: 224124 d846357e369b14081f16cc1576bda554\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_mipsel.deb\r\nSize/MD5 checksum: 131716 ab80da25bb702bf1eda5659949931cf3\r\nhttp://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_mipsel.deb\r\nSize/MD5 checksum: 23812 0eab513e87cdc4b6af912e8c9b9eb97d\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_mipsel.udeb\r\nSize/MD5 checksum: 60652 571cd4e1defdffbd231b4f1c30317933\r\n\r\npowerpc architecture (PowerPC)\r\n\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_powerpc.deb\r\nSize/MD5 checksum: 140454 57b59323a8fd3f989c4b887a2f435edc\r\nhttp://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny2_powerpc.deb\r\nSize/MD5 checksum: 143938 14c14076db484cc958e72b9fc4c566db\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_powerpc.deb\r\nSize/MD5 checksum: 280288 9fadfb58e2302a8b6f57297e65dfd8d3\r\nhttp://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_powerpc.deb\r\nSize/MD5 checksum: 26806 72bac1cc1d74623ba6494645bc4289ab\r\nhttp://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny2_powerpc.deb\r\nSize/MD5 checksum: 156730 2aca152555c73b700d1726d1eded7fe4\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_powerpc.udeb\r\nSize/MD5 checksum: 64998 989f172b6599508c436bc5a09c91c4f5\r\n\r\ns390 architecture (IBM S/390)\r\n\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_s390.deb\r\nSize/MD5 checksum: 220156 c7fc9bb8b053a250ab3e37bfb2bb5f48\r\nhttp://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_s390.deb\r\nSize/MD5 checksum: 24202 f1db3ff06b30af0f9a37669346b03647\r\nhttp://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny2_s390.deb\r\nSize/MD5 checksum: 134506 d64a081f5c330c143361c5a1adfbe960\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_s390.deb\r\nSize/MD5 checksum: 134478 45bf7476a951dd3d6fb44a230c507f20\r\nhttp://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny2_s390.deb\r\nSize/MD5 checksum: 173076 c2cb8d4e8b9c5f0aaf3700e6efad34e8\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_s390.udeb\r\nSize/MD5 checksum: 61936 c87e11d3c3759892c3d6b6f418c2bb95\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_sparc.udeb\r\nSize/MD5 checksum: 57658 13a0ac88f44285d0d86dcd38d3deff70\r\nhttp://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny2_sparc.deb\r\nSize/MD5 checksum: 133572 8bab47cce6aabb7d2038c6d528ff02a3\r\nhttp://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_sparc.deb\r\nSize/MD5 checksum: 23164 4a504bfeb56ecce8f1b7aaaee11b138b\r\nhttp://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny2_sparc.deb\r\nSize/MD5 checksum: 171696 8e6d324c284db7a61854d544cb49418e\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_sparc.deb\r\nSize/MD5 checksum: 125636 1ab1d2f419627c15d5fb557c515937f6\r\nhttp://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_sparc.deb\r\nSize/MD5 checksum: 216610 ec3f0144dd15d23fb9bc188b52a26f78\r\n\r\n\u8865\u4e01\u5b89\u88c5\u65b9\u6cd5\uff1a\r\n\r\n1. \u624b\u5de5\u5b89\u88c5\u8865\u4e01\u5305\uff1a\r\n\r\n \u9996\u5148\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u6765\u4e0b\u8f7d\u8865\u4e01\u8f6f\u4ef6\uff1a\r\n # wget url (url\u662f\u8865\u4e01\u4e0b\u8f7d\u94fe\u63a5\u5730\u5740)\r\n\r\n \u7136\u540e\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u6765\u5b89\u88c5\u8865\u4e01\uff1a \r\n # dpkg -i file.deb (file\u662f\u76f8\u5e94\u7684\u8865\u4e01\u540d)\r\n\r\n2. \u4f7f\u7528apt-get\u81ea\u52a8\u5b89\u88c5\u8865\u4e01\u5305\uff1a\r\n\r\n \u9996\u5148\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u66f4\u65b0\u5185\u90e8\u6570\u636e\u5e93\uff1a\r\n # apt-get update\r\n \r\n \u7136\u540e\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u5b89\u88c5\u66f4\u65b0\u8f6f\u4ef6\u5305\uff1a\r\n # apt-get upgrade\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2009:1625-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2009:1625-01\uff1aModerate: expat security update\r\n\u94fe\u63a5\uff1ahttps://www.redhat.com/support/errata/RHSA-2009-1625.html\r\n\r\nSun\r\n---\r\nSun\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08Sun-Alert-6905480\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nSun-Alert-6905480\uff1aMultiple Security Vulnerabilities in the libexpat Library May Lead to a Denial of Service (DoS) Condition\r\n\u94fe\u63a5\uff1ahttp://sunsolve.sun.com/search/document.do?assetkey=1-66-273630-1\r\n\r\nJames Clark\r\n-----------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.165", "modified": "2009-12-24T00:00:00", "published": "2009-12-24T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-15137", "id": "SSV:15137", "type": "seebug", "title": "expat big2_toUtf8()\u51fd\u6570XML\u6587\u4ef6\u89e3\u6790\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:42:00", "bulletinFamily": "unix", "description": "[1.95.8-8.3.2]\n- add security fix for CVE-2009-3560 (#531710)\n[1.95.8-8.3.1]\n- add security fix for CVE-2009-3720 (#531710)", "modified": "2009-12-07T00:00:00", "published": "2009-12-07T00:00:00", "id": "ELSA-2009-1625", "href": "http://linux.oracle.com/errata/ELSA-2009-1625.html", "title": "expat security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T17:43:14", "bulletinFamily": "unix", "description": "Expat is a C library written by James Clark for parsing XML documents.\n\nTwo buffer over-read flaws were found in the way Expat handled malformed\nUTF-8 sequences when processing XML files. A specially-crafted XML file\ncould cause applications using Expat to crash while parsing the file.\n(CVE-2009-3560, CVE-2009-3720)\n\nAll expat users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, applications using the Expat library must be restarted for the\nupdate to take effect.", "modified": "2018-05-26T04:26:18", "published": "2009-12-07T05:00:00", "id": "RHSA-2009:1625", "href": "https://access.redhat.com/errata/RHSA-2009:1625", "type": "redhat", "title": "(RHSA-2009:1625) Moderate: expat security update", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-12T14:45:26", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2009:1625\n\n\nExpat is a C library written by James Clark for parsing XML documents.\n\nTwo buffer over-read flaws were found in the way Expat handled malformed\nUTF-8 sequences when processing XML files. A specially-crafted XML file\ncould cause applications using Expat to crash while parsing the file.\n(CVE-2009-3560, CVE-2009-3720)\n\nAll expat users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, applications using the Expat library must be restarted for the\nupdate to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/016348.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/016349.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/016350.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/016351.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/016378.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/016379.html\n\n**Affected packages:**\nexpat\nexpat-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1625.html", "modified": "2009-12-18T01:32:48", "published": "2009-12-07T23:34:29", "href": "http://lists.centos.org/pipermail/centos-announce/2009-December/016348.html", "id": "CESA-2009:1625", "title": "expat security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:21", "bulletinFamily": "unix", "description": "USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.4.\n\nOriginal advisory details:\n\nJukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)\n\nIt was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-3560)", "modified": "2010-01-22T00:00:00", "published": "2010-01-22T00:00:00", "id": "USN-890-3", "href": "https://usn.ubuntu.com/890-3/", "title": "Python 2.4 vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:10:07", "bulletinFamily": "unix", "description": "USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for XML-RPC for C and C++.\n\nOriginal advisory details:\n\nJukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)\n\nIt was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-3560)", "modified": "2010-02-18T00:00:00", "published": "2010-02-18T00:00:00", "id": "USN-890-5", "href": "https://usn.ubuntu.com/890-5/", "title": "XML-RPC for C and C++ vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:10:01", "bulletinFamily": "unix", "description": "USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for PyXML.\n\nOriginal advisory details:\n\nJukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)\n\nIt was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-3560)", "modified": "2010-01-26T00:00:00", "published": "2010-01-26T00:00:00", "id": "USN-890-4", "href": "https://usn.ubuntu.com/890-4/", "title": "PyXML vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:08:12", "bulletinFamily": "unix", "description": "USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.5.\n\nOriginal advisory details:\n\nJukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)\n\nIt was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-3560)", "modified": "2010-01-21T00:00:00", "published": "2010-01-21T00:00:00", "id": "USN-890-2", "href": "https://usn.ubuntu.com/890-2/", "title": "Python 2.5 vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:09:28", "bulletinFamily": "unix", "description": "Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)\n\nIt was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-3560)", "modified": "2010-01-20T00:00:00", "published": "2010-01-20T00:00:00", "id": "USN-890-1", "href": "https://usn.ubuntu.com/890-1/", "title": "Expat vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "slackware": [{"lastseen": "2018-08-31T00:37:12", "bulletinFamily": "unix", "description": "New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 13.1 ChangeLog:\n\npatches/packages/httpd-2.2.17-i486-1_slack13.1.txz: Upgraded.\n This fixes some denial of service bugs in the bundled libraries.\n On Slackware we do not use the bundled expat or apr-util, so the\n issues are also fixed in those external libraries.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/httpd-2.2.17-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.17-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.17-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.17-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.17-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/httpd-2.2.17-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/httpd-2.2.17-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.2.17-i486-2.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.2.17-x86_64-2.txz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\nbdc59e942fd61d6606bf7f0262758e51 httpd-2.2.17-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\n85bb985e578788b0975358319b3ea977 httpd-2.2.17-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\n7a19a060e00c65276ecb8e658d489b4e httpd-2.2.17-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\naadaffcdaefa912aba16467a9833f96c httpd-2.2.17-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\naa7ce8c4eb263827cda69bb3c4ab92b1 httpd-2.2.17-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n8e710650f302b666d7e4431a415a3e6f httpd-2.2.17-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n8d8e71a0b5b55df0439e967a7399ff57 httpd-2.2.17-x86_64-1_slack13.1.txz\n\nSlackware -current package:\n12c3430df876a4990ceed74dc413474a httpd-2.2.17-i486-2.txz\n\nSlackware x86_64 -current package:\n82a484c9a107a965f09b0caf90173f4d httpd-2.2.17-x86_64-2.txz\n\n\nInstallation instructions:\n\nNOTE: This package will require the new expat, apr, and apr-util patches first.\n\nUpgrade the package as root:\n > upgradepkg httpd-2.2.17-i486-1_slack13.1.txz\n\nThen, restart Apache httpd:\n\n > /etc/rc.d/rc.httpd stop\n > /etc/rc.d/rc.httpd start", "modified": "2011-02-10T17:17:26", "published": "2011-02-10T17:17:26", "id": "SSA-2011-041-03", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.494329", "title": "httpd", "type": "slackware", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}
