File _patchinfo of Package patchinfo.22958

<patchinfo incident="22958">
  <issue tracker="cve" id="2022-25314"/>
  <issue tracker="cve" id="2022-25313"/>
  <issue tracker="cve" id="2022-25236"/>
  <issue tracker="cve" id="2022-25235"/>
  <issue tracker="cve" id="2022-25315"/>
  <issue tracker="bnc" id="1196168">VUL-0: CVE-2022-25313: expat: Stack exhaustion in build_model() via uncontrolled recursion</issue>
  <issue tracker="bnc" id="1196025">VUL-0: CVE-2022-25236: expat: xmlparse.c in Expat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.</issue>
  <issue tracker="bnc" id="1196169">VUL-0: CVE-2022-25314: expat: Integer overflow in copyString</issue>
  <issue tracker="bnc" id="1196171">VUL-0: CVE-2022-25315: expat: Integer overflow in storeRawNames</issue>
  <issue tracker="bnc" id="1196026">VUL-0: CVE-2022-25235: expat: xmltok_impl.c in Expat before 2.4.5 does not check whether a UTF-8 character is valid in a certain context.</issue>
  <issue tracker="bnc" id="1196784">expat: [&gt;=2.4.5] Fix to CVE-2022-25236 breaks biboumi, ClairMeta, jxmlease, libwbxml, openleadr-python, rnv, xmltodict</issue>
  <packager>david.anes</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for expat</summary>
  <description>This update for expat fixes the following issues:

- CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025).
- Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784).
- CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026).
- CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168).
- CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169).
- CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).
</description>
</patchinfo>