XML.orgXML.org
FOCUS AREAS |XML-DEV |XML.org DAILY NEWSLINK |REGISTRY |RESOURCES |ABOUT
OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
Expat 2.4.4 released, includes security fixes
Hello everyone!


(A *longer* blog-post version of this e-mail is available online at
https://blog.hartwork.org/posts/expat-2-4-4-released/ .)

Expat 2.4.4 [1] has been released yesterday. Besides a memory leak
bugfix to xmlwf and fixes to the build system, this release is about
security fixes. There are 2 CVEs involved, both related to fixed-size integer math (integer overflow) near memory allocation, not unlike what we had with 2.4.3 before. Impact is denial of service, or more.

For more details, please check out the change log [2].

If you maintain Expat packaging or a bundled copy of Expat or a pinned version of Expat somewhere, please update to 2.4.4. Thank you!

Best



Sebastian Pipping


[1] https://github.com/libexpat/libexpat/releases/tag/R_2_4_4
[2] https://github.com/libexpat/libexpat/blob/R_2_4_4/expat/Changes
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 1993-2007 XML.org. This site is hosted by OASIS