26ec7c4d02
Expat 2.5.0 has been released earlier today. Most importantly, this release fixes CVE-2022-43680: a heap use-after-free vulnerability after overeager destruction of a shared DTD in function XML_ExternalEntityParserCreate in out-of-memory situations, with expected impact of denial of service or potentially arbitrary code execution. https://blog.hartwork.org/posts/expat-2-5-0-released https://github.com/libexpat/libexpat/blob/R_2_5_0/expat/Changes Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> |
||
---|---|---|
.. | ||
Config.in | ||
expat.hash | ||
expat.mk |