[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
Expat 2.2.8 with security fixes has been released
- From: Sebastian Pipping <sebastian@pipping.org>
- To: xml-dev@lists.xml.org
- Date: Sat, 14 Sep 2019 20:29:41 +0200
Hi everyone!
Expat 2.2.8 [1] has been released yesterday. This release fixes a
security issue — a heap buffer over-read known as CVE-2019-15903 [2]
reported by Joonun Jang resulting in Denial of Service —, starts using
the rand_s function on Windows and MinGW (ending the previous
LoadLibrary hack), includes non-security bugfixes, many build system
fixes and improvements, improvements to xmlwf usability, and more.
For more details regarding the latest release, please check out the
changelog [3].
If you maintain Expat packaging or a bundled copy of Expat or a pinned
version of Expat somewhere, please update to 2.2.8. Thank you!
Best
Sebastian Pipping
[1] https://github.com/libexpat/libexpat/releases/tag/R_2_2_8
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903
[3] https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
