NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
880e3ea32c
kumquat-buildroot/package/expat/expat.hash
Fabrice Fontaine 9dad5e7d7f package/expat: security bump to version 2.6.0 
Security fixes:
 - CVE-2023-52425: Fix quadratic runtime issues with big tokens that can
   cause denial of service, in partial where dealing with compressed XML
   input. Applications that parsed a document in one go -- a single call
   to functions XML_Parse or XML_ParseBuffer -- were not affected. The
   smaller the chunks/buffers you use for parsing previously, the bigger
   the problem prior to the fix.
 - CVE-2023-52426: Fix billion laughs attacks for users compiling
   *without* XML_DTD defined (which is not common). Users with XML_DTD
   defined have been protected since Expat >=2.4.0 (and that was
   CVE-2013-0340 back then).

https://blog.hartwork.org/posts/expat-2-6-0-released/

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-02-06 21:51:59 +01:00

8 lines
387 B
Plaintext
Raw Blame History

# From https://sourceforge.net/projects/expat/files/expat/2.6.0/
md5 bd169cb11f4b9bdfddadf9e88a5c4d4b expat-2.6.0.tar.xz
sha1 d87e8ab2a3c1deb858c6b22e5ade9d5673086004 expat-2.6.0.tar.xz
# Locally calculated
sha256 cb5f5a8ea211e1cabd59be0a933a52e3c02cc326e86a4d387d8d218e7ee47a3e expat-2.6.0.tar.xz
sha256 122f2c27000472a201d337b9b31f7eb2b52d091b02857061a8880371612d9534 COPYING
Reference in New Issue View Git Blame Copy Permalink