[Buildroot] [PATCH 1/1] package/expat: security bump to version 2.4.4
Peter Korsgaard
peter at korsgaard.com
Wed Feb 2 10:10:11 UTC 2022
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> Expat 2.4.4 has been released yesterday. Besides a memory leak bugfix to
> xmlwf and fixes to the build system, this release is about security
> fixes. There are 2 CVEs involved, both related to fixed-size integer
> math (integer overflow) near memory allocation, not unlike what we had
> with 2.4.3 before. Impact is denial of service, or more.
> Fix CVE-2022-23852 and CVE-2022-23990
> https://blog.hartwork.org/posts/expat-2-4-4-released/
> https://github.com/libexpat/libexpat/blob/R_2_4_4/expat/Changes
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Sorry, I applied the other patch for the same before noticing this (even
though your commit message is a lot nicer).
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list