CVE-2009-3560
Published: 04 December 2009
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
expat Launchpad, Ubuntu, Debian |
Upstream |
Needed
|
| Ubuntu 21.10 (Impish Indri) |
Released
(2.0.1-7ubuntu1)
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Released
(2.0.1-7ubuntu1)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Released
(2.0.1-7ubuntu1)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(2.0.1-7ubuntu1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(2.0.1-7ubuntu1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(2.0.1-7ubuntu1)
|
|
|
Patches: Vendor: http://www.debian.org/security/2009/dsa-1953 |
||
|
apache2 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(code-not-compiled)
|
|
|
apr-util Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(code-not-compiled)
|
|
|
cmake Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [code-not-compiled])
|
|
|
ghostscript Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [code-not-compiled])
|
|
|
python2.6 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.4-4)
|
| Ubuntu 21.10 (Impish Indri) |
Does not exist
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
python2.5 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Does not exist
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
celementtree Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Does not exist
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
python2.4 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Does not exist
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
python-xml Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Does not exist
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
smart Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Does not exist
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [code-not-compiled])
|
|
|
texlive-bin Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [code-not-compiled])
|
|
|
xmlrpc-c Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Released
(1.06.27-1ubuntu7)
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Released
(1.06.27-1ubuntu7)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Released
(1.06.27-1ubuntu7)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(1.06.27-1ubuntu7)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(1.06.27-1ubuntu7)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(1.06.27-1ubuntu7)
|
|
|
wxwidgets2.8 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Does not exist
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [uses system expat])
|
|
|
paraview Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.6.2-1)
|
| Ubuntu 21.10 (Impish Indri) |
Not vulnerable
(3.8.1-1ubuntu1)
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(3.8.1-1ubuntu1)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(3.8.1-1ubuntu1)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(3.8.1-1ubuntu1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(3.8.1-1ubuntu1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [3.8.1-1ubuntu1])
|
|
|
wxwidgets2.6 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Does not exist
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
vnc4 Launchpad, Ubuntu, Debian |
Upstream |
Not vulnerable
|
| Ubuntu 21.10 (Impish Indri) |
Does not exist
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
|
|
|
xotcl Launchpad, Ubuntu, Debian |
Upstream |
Released
(1.6.6-1)
|
| Ubuntu 21.10 (Impish Indri) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was needs-triage)
|
|
|
w3c-libwww Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Does not exist
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
tla Launchpad, Ubuntu, Debian |
Upstream |
Released
(1.3.5+dfsg-15)
|
| Ubuntu 21.10 (Impish Indri) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was needs-triage)
|
|
|
poco Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(uses system expat)
|
|
|
xulrunner Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Does not exist
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
sitecopy Launchpad, Ubuntu, Debian |
Upstream |
Released
(1:0.16.0-1)
|
| Ubuntu 21.10 (Impish Indri) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was needs-triage)
|
|
|
libparagui1.1 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Does not exist
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
wbxml2 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was needs-triage)
|
|
|
swish-e Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Needs triage
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Needs triage
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Needs triage
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Needs triage
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Ignored
(end of standard support, was needs-triage)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was needs-triage)
|
|
|
kompozer Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Does not exist
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
insighttoolkit Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.16.0-1)
|
| Ubuntu 21.10 (Impish Indri) |
Does not exist
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was needs-triage)
|
|
|
cadaver Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was needs-triage)
|
|
|
wxwindows2.4 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Does not exist
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
gdcm Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(uses system expat)
|
|
|
ayttm Launchpad, Ubuntu, Debian |
Upstream |
Released
(0.6.1-2)
|
| Ubuntu 21.10 (Impish Indri) |
Does not exist
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(0.6.1-2)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [0.6.1-2])
|
|
|
cableswig Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Does not exist
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Ignored
(end of standard support, was needs-triage)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was needs-triage)
|
|
|
grmonitor Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Does not exist
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
coin3 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Not vulnerable
(4.0.0+ds-1build1)
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(4.0.0+ds-1build1)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(4.0.0+ds-1build1)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Needed
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Ignored
(end of standard support, was needed)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Needed
|
|
|
simgear Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [uses system expat])
|
|
|
audacity Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [uses system expat])
|
|
|
matanza Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Needs triage
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Needs triage
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Needs triage
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Needs triage
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Ignored
(end of standard support, was needs-triage)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was needs-triage)
|
|
|
tdom Launchpad, Ubuntu, Debian |
Upstream |
Not vulnerable
(uses system expat)
|
| Ubuntu 21.10 (Impish Indri) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was needs-triage)
|
|
|
vtk Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Does not exist
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [uses system expat])
|
|
Notes
| Author | Note |
|---|---|
| mdeslaur | watch out for possible regression (see DSA-1953-2) |
| jdstrand | regression for SUSE: https://bugzilla.novell.com/show_bug.cgi?id=566434 regression fix commit: http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.165 2.0.1-4+lenny3 has the fix jdstrand provided updates in supported releases for expat, xmlrpc-c, cmake, python-xml, python2.4, and python2.5 |
| ebarretto | this is not an issue for vnc4, for more information see: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560949 |
| sbeattie | as of xotcl 1.6.6-1, xotcl uses system expat as of tla 1.3.5+dfsg-15, tla uses system expat as of sitecopy 1:0.16.0-1, sitecopy uses system expat by wbxml2 0.10.7-1, wbxml2 uses system expat as of insighttoolkit 3.16.0-1, insighttoolkit uses system expat according to dbug 560926, cadaver only uses embedded expat when embedded neon is used, and embedded neon is not used in Ubuntu as of coin3 4.0.0~CMake~6f54f1602475+ds1-1~exp2, coin3 uses system expat. |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560
- https://ubuntu.com/security/notices/USN-890-1
- https://ubuntu.com/security/notices/USN-890-2
- https://ubuntu.com/security/notices/USN-890-3
- https://ubuntu.com/security/notices/USN-890-4
- https://ubuntu.com/security/notices/USN-890-5
- https://ubuntu.com/security/notices/USN-890-6
- NVD
- Launchpad
- Debian