Revisions of expat
Dominique Leuenberger (dimstar_suse)
accepted
request 1042236
from
David Anes (david.anes)
(revision 71)
Dominique Leuenberger (dimstar_suse)
accepted
request 1031257
from
David Anes (david.anes)
(revision 70)
Dominique Leuenberger (dimstar_suse)
accepted
request 1005006
from
David Anes (david.anes)
(revision 69)
Dominique Leuenberger (dimstar_suse)
accepted
request 965520
from
David Anes (david.anes)
(revision 68)
Dominique Leuenberger (dimstar_suse)
accepted
request 959581
from
David Anes (david.anes)
(revision 67)
Dominique Leuenberger (dimstar_suse)
accepted
request 956337
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 66)
- update to 2.4.6 (bsc#1196168, CVE-2022-25313): * Bug fixes: - Fix a regression introduced by the fix for CVE-2022-25313 in release 2.4.5 that affects applications that (1) call function XML_SetElementDeclHandler and (2) are parsing XML that contains nested element declarations (e.g. "<!ELEMENT junk ((bar|foo|xyz+), zebra*)>"). - Version info bumped from 9:5:8 to 9:6:8; see https://verbump.de/ for what these numbers do. - update to 2.4.5 (bsc#1196171, bsc#1196169, bsc#1196168, bsc#1196026, bsc#1196025): * Security fixes: - CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8 sequences (e.g. from start tag names) to the XML processing application on top of Expat can cause arbitrary damage (e.g. code execution) depending on how invalid UTF-8 is handled inside the XML processor; validation was not their job but Expat's. Exploits with code execution are known to exist. - CVE-2022-25236 -- Passing (one or more) namespace separator characters in "xmlns[:prefix]" attribute values made Expat send malformed tag names to the XML processor on top of Expat which can cause arbitrary damage (e.g. code execution) depending on such unexpectable cases are handled inside the XML processor; validation was not their job but Expat's. Exploits with code execution are known to exist. - CVE-2022-25313 -- Fix stack exhaustion in doctype parsing that could be triggered by e.g. a 2 megabytes
Dominique Leuenberger (dimstar_suse)
accepted
request 950090
from
David Anes (david.anes)
(revision 65)
Dominique Leuenberger (dimstar_suse)
accepted
request 947307
from
David Anes (david.anes)
(revision 64)
Dominique Leuenberger (dimstar_suse)
accepted
request 942810
from
David Anes (david.anes)
(revision 63)
Dominique Leuenberger (dimstar_suse)
accepted
request 895791
from
Dirk Mueller (dirkmueller)
(revision 62)
Dominique Leuenberger (dimstar_suse)
accepted
request 884902
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 61)
Dominique Leuenberger (dimstar_suse)
accepted
request 839723
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 60)
Dominique Leuenberger (dimstar_suse)
accepted
request 754751
from
Factory Maintainer (factory-maintainer)
(revision 59)
Automatic submission by obs-autosubmit
Dominique Leuenberger (dimstar_suse)
accepted
request 731224
from
Tomáš Chvátal (scarabeus_iv)
(revision 58)
Dominique Leuenberger (dimstar_suse)
accepted
request 713395
from
Tomáš Chvátal (scarabeus_iv)
(revision 57)
- Version update to 2.2.7 (CVE-2018-20843, bsc#1139937) * Security fixes: - CVE-2018-20843 - Fix extraction of namespace prefixes from XML names; XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks * Other changes: - Autotools/CMake: Utilize -fvisibility=hidden to stop exporting non-API symbols - Autotools: Add --without-examples and --without-tests - Autotools: Modernize configure.ac - Autotools: Fix check for -fvisibility=hidden for Clang - Autotools: Fix compilation for lack of docbook2x-man - CMake: Make libdir of pkgconfig expat.pc support multilib - CMake: Build man page in PROJECT_BINARY_DIR not _SOURCE_DIR - Remove fallback to bcopy, assume that memmove(3) exists - Removed expat-2.2.6-fix-make-clean.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 672726
from
Dirk Mueller (dirkmueller)
(revision 56)
Displaying revisions 1 - 20 of 75