{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "libexpat1" ] } }, "diff": { "deb": [ { "name": "libexpat1", "from_version": { "source_package_name": "expat", "source_package_version": "2.7.1-2", "version": "2.7.1-2" }, "to_version": { "source_package_name": "expat", "source_package_version": "2.7.1-2ubuntu0.2", "version": "2.7.1-2ubuntu0.2" }, "cves": [ { "cve": "CVE-2025-59375", "url": "https://ubuntu.com/security/CVE-2025-59375", "cve_description": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "cve_priority": "medium", "cve_public_date": "2025-09-15 03:15:00 UTC" }, { "cve": "CVE-2026-24515", "url": "https://ubuntu.com/security/CVE-2026-24515", "cve_description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "cve_priority": "medium", "cve_public_date": "2026-01-23 08:16:00 UTC" }, { "cve": "CVE-2026-25210", "url": "https://ubuntu.com/security/CVE-2026-25210", "cve_description": "In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.", "cve_priority": "medium", "cve_public_date": "2026-01-30 07:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-59375", "url": "https://ubuntu.com/security/CVE-2025-59375", "cve_description": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "cve_priority": "medium", "cve_public_date": "2025-09-15 03:15:00 UTC" }, { "cve": "CVE-2026-24515", "url": "https://ubuntu.com/security/CVE-2026-24515", "cve_description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "cve_priority": "medium", "cve_public_date": "2026-01-23 08:16:00 UTC" }, { "cve": "CVE-2026-25210", "url": "https://ubuntu.com/security/CVE-2026-25210", "cve_description": "In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.", "cve_priority": "medium", "cve_public_date": "2026-01-30 07:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Large memory allocation.", " - debian/patches/CVE-2025-59375-*: Fix large memory allocation in", " expat/lib/xmlparse.c, expat/lib/expat.h, expat/tests/basic_tests.c,", " expat/tests/nsalloc_tests.c, expat/xmlwf/xmlwf.c,", " expat/xmlwf/xmlwf_helpgen.py, expat/lib/internal.h,", " expat/tests/alloc_tests.c, expat/fuzz/xml_lpm_fuzzer.cpp,", " expat/fuzz/xml_parse_fuzzer.c, expat/tests/misc_tests.c.", " - debian/libexpat1.symbols: Add new symbols.", " - CVE-2025-59375", " * SECURITY UPDATE: Null pointer dereference.", " - debian/patches/CVE-2026-24515-*: Add oldUnknownEncodingHandlerData and", " assignments in expat/lib/xmlparse.c. Add tests in", " expat/tests/basic_tests.c.", " - CVE-2026-24515", " * SECURITY UPDATE: Integer overflow.", " - debian/patches/CVE-2026-25210-*: Change bufSize operation and assignment", " and add error check in expat/lib/xmlparse.c.", " - CVE-2026-25210", "" ], "package": "expat", "version": "2.7.1-2ubuntu0.2", "urgency": "medium", "distributions": "questing-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Fri, 06 Feb 2026 11:45:02 -0330" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 25.10 questing image from daily image serial 20260209 to 20260212", "from_series": "questing", "to_series": "questing", "from_serial": "20260209", "to_serial": "20260212", "from_manifest_filename": "daily_manifest.previous", "to_manifest_filename": "manifest.current" }