Revisions of expat
Ana Guerrero (anag+factory)
accepted
request 1223742
from
Petr Gajdos (pgajdos)
(revision 79)
- no source changes, just adding jira reference: jsc#SLE-21253
Ana Guerrero (anag+factory)
accepted
request 1222170
from
Petr Gajdos (pgajdos)
(revision 78)
- version update to 2.6.4 * Security fixes: [bsc#1232601] #915 CVE-2024-50602 -- Fix crash within function XML_ResumeParser from a NULL pointer dereference by disallowing function XML_StopParser to (stop or) suspend an unstarted parser. A new error code XML_ERROR_NOT_STARTED was introduced to properly communicate this situation. // CWE-476 CWE-754 * Other changes: #903 CMake: Add alias target "expat::expat" #905 docs: Document use via CMake >=3.18 with FetchContent and SOURCE_SUBDIR and its consequences #902 tests: Reduce use of global parser instance #904 tests: Resolve duplicate handler #317 #918 tests: Improve tests on doctype closing (ex CVE-2019-15903) #914 Fix signedness of format strings #919 #920 Version info bumped from 10:3:9 (libexpat*.so.1.9.3) to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/ for what these numbers do (forwarded request 1222166 from pgajdos)
Ana Guerrero (anag+factory)
accepted
request 1203777
from
Petr Gajdos (pgajdos)
(revision 77)
- updated keyring [https://build.suse.de/request/show/345282] - modified sources % expat.keyring
Dominique Leuenberger (dimstar_suse)
accepted
request 1042236
from
David Anes (david.anes)
(revision 71)
Dominique Leuenberger (dimstar_suse)
accepted
request 1031257
from
David Anes (david.anes)
(revision 70)
Dominique Leuenberger (dimstar_suse)
accepted
request 1005006
from
David Anes (david.anes)
(revision 69)
Dominique Leuenberger (dimstar_suse)
accepted
request 965520
from
David Anes (david.anes)
(revision 68)
Dominique Leuenberger (dimstar_suse)
accepted
request 959581
from
David Anes (david.anes)
(revision 67)
Dominique Leuenberger (dimstar_suse)
accepted
request 956337
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 66)
- update to 2.4.6 (bsc#1196168, CVE-2022-25313): * Bug fixes: - Fix a regression introduced by the fix for CVE-2022-25313 in release 2.4.5 that affects applications that (1) call function XML_SetElementDeclHandler and (2) are parsing XML that contains nested element declarations (e.g. "<!ELEMENT junk ((bar|foo|xyz+), zebra*)>"). - Version info bumped from 9:5:8 to 9:6:8; see https://verbump.de/ for what these numbers do. - update to 2.4.5 (bsc#1196171, bsc#1196169, bsc#1196168, bsc#1196026, bsc#1196025): * Security fixes: - CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8 sequences (e.g. from start tag names) to the XML processing application on top of Expat can cause arbitrary damage (e.g. code execution) depending on how invalid UTF-8 is handled inside the XML processor; validation was not their job but Expat's. Exploits with code execution are known to exist. - CVE-2022-25236 -- Passing (one or more) namespace separator characters in "xmlns[:prefix]" attribute values made Expat send malformed tag names to the XML processor on top of Expat which can cause arbitrary damage (e.g. code execution) depending on such unexpectable cases are handled inside the XML processor; validation was not their job but Expat's. Exploits with code execution are known to exist. - CVE-2022-25313 -- Fix stack exhaustion in doctype parsing that could be triggered by e.g. a 2 megabytes
Dominique Leuenberger (dimstar_suse)
accepted
request 950090
from
David Anes (david.anes)
(revision 65)
Dominique Leuenberger (dimstar_suse)
accepted
request 947307
from
David Anes (david.anes)
(revision 64)
Dominique Leuenberger (dimstar_suse)
accepted
request 942810
from
David Anes (david.anes)
(revision 63)
Dominique Leuenberger (dimstar_suse)
accepted
request 895791
from
Dirk Mueller (dirkmueller)
(revision 62)
Dominique Leuenberger (dimstar_suse)
accepted
request 884902
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 61)
Dominique Leuenberger (dimstar_suse)
accepted
request 839723
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 60)
Displaying revisions 1 - 20 of 79