mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed
* [ptxdist] [PATCH] expat: Version bump. 2.6.2 -> 2.6.3
@ 2024-09-05 17:05 Christian Melki
  2024-09-12 12:12 ` [ptxdist] [APPLIED] " Michael Olbrich
  0 siblings, 1 reply; 2+ messages in thread
From: Christian Melki @ 2024-09-05 17:05 UTC (permalink / raw)
  To: ptxdist

Mainly security fixes.
https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes

Plugs CVEs:
CVE-2024-45490 - An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
CVE-2024-45491 - Internal function dtdCopy can have an integer overflow for nDefaultAtts on 32-bit platforms.
CVE-2024-45492 - Internal function nextScaffoldPart can have an integer overflow for m_groupSize on 32-bit platforms.

Signed-off-by: Christian Melki <christian.melki@t2data.com>
---
 rules/expat.make | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/expat.make b/rules/expat.make
index 03f9ac6b4..31afb8604 100644
--- a/rules/expat.make
+++ b/rules/expat.make
@@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_EXPAT) += expat
 #
 # Paths and names
 #
-EXPAT_VERSION		:= 2.6.2
-EXPAT_MD5		:= b246f58b25a7629fca6cbd1429400cdf
+EXPAT_VERSION		:= 2.6.3
+EXPAT_MD5		:= c70040a3f2743d9645cb029d3c9a7c89
 EXPAT			:= expat-$(EXPAT_VERSION)
 EXPAT_SUFFIX		:= tar.bz2
 EXPAT_RELEASE		:= R_$(subst .,_,$(EXPAT_VERSION))
-- 
2.34.1




^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [ptxdist] [APPLIED] expat: Version bump. 2.6.2 -> 2.6.3
  2024-09-05 17:05 [ptxdist] [PATCH] expat: Version bump. 2.6.2 -> 2.6.3 Christian Melki
@ 2024-09-12 12:12 ` Michael Olbrich
  0 siblings, 0 replies; 2+ messages in thread
From: Michael Olbrich @ 2024-09-12 12:12 UTC (permalink / raw)
  To: ptxdist; +Cc: Christian Melki

Thanks, applied as 30ee313b4e2c3bf0475db38c75f859352a3ad332.

Michael

[sent from post-receive hook]

On Thu, 12 Sep 2024 14:12:19 +0200, Christian Melki <christian.melki@t2data.com> wrote:
> Mainly security fixes.
> https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes
> 
> Plugs CVEs:
> CVE-2024-45490 - An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
> CVE-2024-45491 - Internal function dtdCopy can have an integer overflow for nDefaultAtts on 32-bit platforms.
> CVE-2024-45492 - Internal function nextScaffoldPart can have an integer overflow for m_groupSize on 32-bit platforms.
> 
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> Message-Id: <20240905170558.3529176-1-christian.melki@t2data.com>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> 
> diff --git a/rules/expat.make b/rules/expat.make
> index 03f9ac6b4d40..31afb8604eae 100644
> --- a/rules/expat.make
> +++ b/rules/expat.make
> @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_EXPAT) += expat
>  #
>  # Paths and names
>  #
> -EXPAT_VERSION		:= 2.6.2
> -EXPAT_MD5		:= b246f58b25a7629fca6cbd1429400cdf
> +EXPAT_VERSION		:= 2.6.3
> +EXPAT_MD5		:= c70040a3f2743d9645cb029d3c9a7c89
>  EXPAT			:= expat-$(EXPAT_VERSION)
>  EXPAT_SUFFIX		:= tar.bz2
>  EXPAT_RELEASE		:= R_$(subst .,_,$(EXPAT_VERSION))



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2024-09-12 12:22 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-09-05 17:05 [ptxdist] [PATCH] expat: Version bump. 2.6.2 -> 2.6.3 Christian Melki
2024-09-12 12:12 ` [ptxdist] [APPLIED] " Michael Olbrich

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox