CVE-2012-6702

Priority
Description
Expat, when used in a parser that has not called XML_SetHashSalt or passed
it a seed of 0, makes it easier for context-dependent attackers to defeat
cryptographic protection mechanisms via vectors involving use of the srand
function.
Notes
 sbeattie> tla uses system expat as of 1.3.5+dfsg-15
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):ignored (code-not-compiled)
Ubuntu 14.04 ESM (Trusty Tahr):ignored (code-not-compiled)
Ubuntu 16.04 LTS (Xenial Xerus):ignored (code-not-compiled)
Ubuntu 18.04 LTS (Bionic Beaver):ignored (code-not-compiled)
Ubuntu 19.04 (Disco Dingo):ignored (code-not-compiled)
Ubuntu 19.10 (Eoan):ignored (code-not-compiled)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):ignored (code-not-compiled)
Ubuntu 14.04 ESM (Trusty Tahr):ignored (code-not-compiled)
Ubuntu 16.04 LTS (Xenial Xerus):ignored (code-not-compiled)
Ubuntu 18.04 LTS (Bionic Beaver):ignored (code-not-compiled)
Ubuntu 19.04 (Disco Dingo):ignored (code-not-compiled)
Ubuntu 19.10 (Eoan):ignored (code-not-compiled)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [uses system expat])
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [uses system expat])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system expat)
Ubuntu 19.04 (Disco Dingo):not-affected (uses system expat)
Ubuntu 19.10 (Eoan):not-affected (uses system expat)
Package
Source: ayttm (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [code not present])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [code not present])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [code not present])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 19.04 (Disco Dingo):not-affected (code not present)
Ubuntu 19.10 (Eoan):not-affected (code not present)
Package
Source: cmake (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [code-not-compiled])
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [code-not-compiled])
Ubuntu 16.04 LTS (Xenial Xerus):ignored (code-not-compiled)
Ubuntu 18.04 LTS (Bionic Beaver):ignored (code-not-compiled)
Ubuntu 19.04 (Disco Dingo):ignored (code-not-compiled)
Ubuntu 19.10 (Eoan):ignored (code-not-compiled)
Package
Source: coin3 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 19.04 (Disco Dingo):not-affected (code not present)
Ubuntu 19.10 (Eoan):not-affected (code not present)
Package
Source: expat (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (2.0.1-7.2ubuntu1.4)
Ubuntu 14.04 ESM (Trusty Tahr):released (2.1.0-4ubuntu1.3)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.1.0-7ubuntu0.16.04.2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.2.0-1)
Ubuntu 19.04 (Disco Dingo):not-affected (2.2.0-1)
Ubuntu 19.10 (Eoan):not-affected (2.2.0-1)
Patches:
Upstream:https://sourceforge.net/p/expat/code_git/ci/6acb0a47372a9079cc6ff70c384f015a47f2c34a/
Upstream:https://sourceforge.net/p/expat/code_git/ci/f627ff74d631f4548f924ca5bd27ddad6cae07ab/
Package
Source: gdcm (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [uses system expat])
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (uses system expat)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system expat)
Ubuntu 19.04 (Disco Dingo):not-affected (uses system expat)
Ubuntu 19.10 (Eoan):not-affected (uses system expat)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [code-not-compiled])
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [code-not-compiled])
Ubuntu 16.04 LTS (Xenial Xerus):ignored (code-not-compiled)
Ubuntu 18.04 LTS (Bionic Beaver):ignored (code-not-compiled)
Ubuntu 19.04 (Disco Dingo):ignored (code-not-compiled)
Ubuntu 19.10 (Eoan):ignored (code-not-compiled)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [code not present])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 19.04 (Disco Dingo):not-affected (code not present)
Ubuntu 19.10 (Eoan):not-affected (code not present)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [uses system expat])
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [uses system expat])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system expat)
Ubuntu 19.04 (Disco Dingo):not-affected (uses system expat)
Ubuntu 19.10 (Eoan):not-affected (uses system expat)
Package
Source: poco (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [uses system expat])
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (uses system expat)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system expat)
Ubuntu 19.04 (Disco Dingo):not-affected (uses system expat)
Ubuntu 19.10 (Eoan):not-affected (uses system expat)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [uses system expat])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system expat)
Ubuntu 19.04 (Disco Dingo):not-affected (uses system expat)
Ubuntu 19.10 (Eoan):not-affected (uses system expat)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [code not present])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 19.04 (Disco Dingo):not-affected (code not present)
Ubuntu 19.10 (Eoan):not-affected (code not present)
Package
Source: smart (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [code-not-compiled])
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [code-not-compiled])
Ubuntu 16.04 LTS (Xenial Xerus):ignored (code-not-compiled)
Ubuntu 18.04 LTS (Bionic Beaver):ignored (code-not-compiled)
Ubuntu 19.04 (Disco Dingo):ignored (code-not-compiled)
Ubuntu 19.10 (Eoan):ignored (code-not-compiled)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [code not present])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 19.04 (Disco Dingo):not-affected (code not present)
Ubuntu 19.10 (Eoan):not-affected (code not present)
Package
Source: tdom (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [code not present])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 19.04 (Disco Dingo):not-affected
Ubuntu 19.10 (Eoan):not-affected
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [code-not-compiled])
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [code-not-compiled])
Ubuntu 16.04 LTS (Xenial Xerus):ignored (code-not-compiled)
Ubuntu 18.04 LTS (Bionic Beaver):ignored (code-not-compiled)
Ubuntu 19.04 (Disco Dingo):ignored (code-not-compiled)
Ubuntu 19.10 (Eoan):ignored (code-not-compiled)
Package
Source: tla (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected (1.3.5+dfsg-15))
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [1.3.5+dfsg-15])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1.3.5+dfsg-15)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.3.5+dfsg-15)
Ubuntu 19.04 (Disco Dingo):not-affected (1.3.5+dfsg-15)
Ubuntu 19.10 (Eoan):not-affected (1.3.5+dfsg-15)
Package
Source: vnc4 (LP Ubuntu Debian)
Upstream:ignored
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):ignored
Ubuntu 16.04 LTS (Xenial Xerus):ignored
Ubuntu 18.04 LTS (Bionic Beaver):ignored
Ubuntu 19.04 (Disco Dingo):ignored
Ubuntu 19.10 (Eoan):ignored
Package
Source: vtk (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [uses system expat])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [code not present])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 19.04 (Disco Dingo):not-affected (code not present)
Ubuntu 19.10 (Eoan):not-affected (code not present)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [uses system expat])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Priority: Low
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [1.16.33-3.1ubuntu5.2])
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan):needed
Package
Source: xotcl (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [code not present])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 19.04 (Disco Dingo):not-affected (code not present)
Ubuntu 19.10 (Eoan):not-affected (code not present)
More Information

Updated: 2019-07-24 12:14:31 UTC (commit 1996869b5ce078a6ee0e0736ef5f27e2e204738f)