NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b931e03858
kumquat-buildroot/package/expat
History
Peter Korsgaard b3e39a7543 package/expat: security bump to version 2.2.8 
Fixes the following security vulnerability:

CVE-2019-15903: In libexpat before 2.2.8, crafted XML input could fool the
parser into changing from DTD parsing to document parsing too early; a
consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber)
then resulted in a heap-based buffer over-read.

While we're at it, also change to use .tar.xz rather than the bigger
.tar.bz2.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 386794d02e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-26 10:46:03 +02:00
..
Config.in
expat.hash package/expat: security bump to version 2.2.8 2019-09-26 10:46:03 +02:00
expat.mk package/expat: security bump to version 2.2.8 2019-09-26 10:46:03 +02:00