kumquat-buildroot/package/expat
Peter Korsgaard 386794d02e package/expat: security bump to version 2.2.8
Fixes the following security vulnerability:

CVE-2019-15903: In libexpat before 2.2.8, crafted XML input could fool the
parser into changing from DTD parsing to document parsing too early; a
consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber)
then resulted in a heap-based buffer over-read.

While we're at it, also change to use .tar.xz rather than the bigger
.tar.bz2.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-15 22:22:18 +02:00
..
Config.in
expat.hash package/expat: security bump to version 2.2.8 2019-09-15 22:22:18 +02:00
expat.mk package/expat: security bump to version 2.2.8 2019-09-15 22:22:18 +02:00