[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
Expat 2.4.3 released, includes security fixes
- From: Sebastian Pipping <sebastian@pipping.org>
- To: xml-dev@lists.xml.org
- Date: Sun, 16 Jan 2022 17:13:37 +0100
Hello everyone!
(A *longer* blog-post version of this e-mail is available online at
https://blog.hartwork.org/posts/expat-2-4-3-released/ .)
Expat 2.4.3 [1] has been released earlier today. Besides two minor
fixes to the build system, this release is about security fixes. There
is a total of 8 CVEs fixed, all related to fixed-size integer math
(integer overflow and invalid shifts) near memory allocation. Impact is
denial of service, or more.
For more details, please check out the change log [2].
If you maintain Expat packaging or a bundled copy of Expat or a pinned
version of Expat somewhere, please update to 2.4.3. Thank you!
Best
Sebastian Pipping
[1] https://github.com/libexpat/libexpat/releases/tag/R_2_4_3
[2] https://github.com/libexpat/libexpat/blob/R_2_4_3/expat/Changes
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]