CVE-2009-3720
Published: 03 November 2009
The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Priority
Low
Status
| Package | Release | Status |
|---|---|---|
|
expat Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.0.1-5)
|
| Ubuntu 21.04 (Hirsute Hippo) |
Released
(2.0.1-7ubuntu1)
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Released
(2.0.1-7ubuntu1)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Released
(2.0.1-7ubuntu1)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(2.0.1-7ubuntu1)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(2.0.1-7ubuntu1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(2.0.1-7ubuntu1)
|
|
|
Patches: Upstream: http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.13&r2=1.15&view=patch |
||
|
apache2 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(code-not-compiled)
|
|
|
apr-util Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(code-not-compiled)
|
|
|
cmake Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [code-not-compiled])
|
|
|
ghostscript Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [code-not-compiled])
|
|
|
python2.6 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.4)
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
python2.5 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
celementtree Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
python2.4 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
python-xml Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
smart Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [code-not-compiled])
|
|
|
texlive-bin Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(code-not-compiled)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [code-not-compiled])
|
|
|
xmlrpc-c Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Released
(1.06.27-1ubuntu7)
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Released
(1.06.27-1ubuntu7)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Released
(1.06.27-1ubuntu7)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(1.06.27-1ubuntu7)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(1.06.27-1ubuntu7)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(1.06.27-1ubuntu7)
|
|
|
wxwidgets2.8 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [uses system expat])
|
|
|
paraview Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.6.2-1)
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(3.8.1-1ubuntu1)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(3.8.1-1ubuntu1)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(3.8.1-1ubuntu1)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(3.8.1-1ubuntu1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [3.8.1-1ubuntu1])
|
|
|
wxwidgets2.6 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
vnc4 Launchpad, Ubuntu, Debian |
Upstream |
Not vulnerable
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
|
|
|
xotcl Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Needs triage
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Needs triage
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Needs triage
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Needs triage
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Needs triage
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was needs-triage)
|
|
|
w3c-libwww Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
tla Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was needs-triage)
|
|
|
poco Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(uses system expat)
|
|
|
xulrunner Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
sitecopy Launchpad, Ubuntu, Debian |
Upstream |
Not vulnerable
(uses system expat)
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was needs-triage)
|
|
|
libparagui1.1 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
wbxml2 Launchpad, Ubuntu, Debian |
Upstream |
Not vulnerable
(uses system expat)
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was needs-triage)
|
|
|
swish-e Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Needs triage
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Needs triage
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Needs triage
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Needs triage
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Needs triage
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was needs-triage)
|
|
|
kompozer Launchpad, Ubuntu, Debian |
Upstream |
Released
(1:0.8~b1-2)
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
insighttoolkit Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Needs triage
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was needs-triage)
|
|
|
cadaver Launchpad, Ubuntu, Debian |
Upstream |
Needed
|
| Ubuntu 21.04 (Hirsute Hippo) |
Needed
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Needed
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Needed
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Needed
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Needed
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was needed)
|
|
|
wxwindows2.4 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
gdcm Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(uses system expat)
|
|
|
ayttm Launchpad, Ubuntu, Debian |
Upstream |
Released
(0.6.1-2)
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(0.6.1-2)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [0.6.1-2])
|
|
|
cableswig Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Needs triage
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was needs-triage)
|
|
|
grmonitor Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
coin3 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Needed
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Needed
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Needed
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Needed
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Needed
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Needed
|
|
|
simgear Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [uses system expat])
|
|
|
audacity Launchpad, Ubuntu, Debian |
Upstream |
Not vulnerable
(uses system expat)
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [uses system expat])
|
|
|
matanza Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Needs triage
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Needs triage
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Needs triage
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Needs triage
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Needs triage
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was needs-triage)
|
|
|
tdom Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was needs-triage)
|
|
|
vtk Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(uses system expat)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [uses system expat])
|
|
Notes
| Author | Note |
|---|---|
| jdstrand | both this and CVE-2009-2625 refer to the same expat bug: #1990430. See http://www.openwall.com/lists/oss-security/2009/09/06/1 This CVE was later assigned to the same issue, since CVE-2009-2625 was worded as a Java vulnerability. Our USN references CVE-2009-2625 and this CVE will be ignored (for expat). jdstrand provided updates in supported releases for expat, xmlrpc-c, cmake, python-xml, python2.4, and python2.5 |
| ebarretto | this is not an issue for vnc4, for more information see: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560949 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
- https://usn.ubuntu.com/usn/usn-890-1
- https://usn.ubuntu.com/usn/usn-890-2
- https://usn.ubuntu.com/usn/usn-890-3
- https://usn.ubuntu.com/usn/usn-890-4
- https://usn.ubuntu.com/usn/usn-890-5
- https://usn.ubuntu.com/usn/usn-890-6
- NVD
- Launchpad
- Debian