* [ptxdist] [PATCH] expat: Version bump. 2.6.2 -> 2.6.3
@ 2024-09-05 17:05 Christian Melki
2024-09-12 12:12 ` [ptxdist] [APPLIED] " Michael Olbrich
0 siblings, 1 reply; 2+ messages in thread
From: Christian Melki @ 2024-09-05 17:05 UTC (permalink / raw)
To: ptxdist
Mainly security fixes.
https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes
Plugs CVEs:
CVE-2024-45490 - An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
CVE-2024-45491 - Internal function dtdCopy can have an integer overflow for nDefaultAtts on 32-bit platforms.
CVE-2024-45492 - Internal function nextScaffoldPart can have an integer overflow for m_groupSize on 32-bit platforms.
Signed-off-by: Christian Melki <christian.melki@t2data.com>
---
rules/expat.make | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/rules/expat.make b/rules/expat.make
index 03f9ac6b4..31afb8604 100644
--- a/rules/expat.make
+++ b/rules/expat.make
@@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_EXPAT) += expat
#
# Paths and names
#
-EXPAT_VERSION := 2.6.2
-EXPAT_MD5 := b246f58b25a7629fca6cbd1429400cdf
+EXPAT_VERSION := 2.6.3
+EXPAT_MD5 := c70040a3f2743d9645cb029d3c9a7c89
EXPAT := expat-$(EXPAT_VERSION)
EXPAT_SUFFIX := tar.bz2
EXPAT_RELEASE := R_$(subst .,_,$(EXPAT_VERSION))
--
2.34.1
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [ptxdist] [APPLIED] expat: Version bump. 2.6.2 -> 2.6.3
2024-09-05 17:05 [ptxdist] [PATCH] expat: Version bump. 2.6.2 -> 2.6.3 Christian Melki
@ 2024-09-12 12:12 ` Michael Olbrich
0 siblings, 0 replies; 2+ messages in thread
From: Michael Olbrich @ 2024-09-12 12:12 UTC (permalink / raw)
To: ptxdist; +Cc: Christian Melki
Thanks, applied as 30ee313b4e2c3bf0475db38c75f859352a3ad332.
Michael
[sent from post-receive hook]
On Thu, 12 Sep 2024 14:12:19 +0200, Christian Melki <christian.melki@t2data.com> wrote:
> Mainly security fixes.
> https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes
>
> Plugs CVEs:
> CVE-2024-45490 - An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
> CVE-2024-45491 - Internal function dtdCopy can have an integer overflow for nDefaultAtts on 32-bit platforms.
> CVE-2024-45492 - Internal function nextScaffoldPart can have an integer overflow for m_groupSize on 32-bit platforms.
>
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> Message-Id: <20240905170558.3529176-1-christian.melki@t2data.com>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
>
> diff --git a/rules/expat.make b/rules/expat.make
> index 03f9ac6b4d40..31afb8604eae 100644
> --- a/rules/expat.make
> +++ b/rules/expat.make
> @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_EXPAT) += expat
> #
> # Paths and names
> #
> -EXPAT_VERSION := 2.6.2
> -EXPAT_MD5 := b246f58b25a7629fca6cbd1429400cdf
> +EXPAT_VERSION := 2.6.3
> +EXPAT_MD5 := c70040a3f2743d9645cb029d3c9a7c89
> EXPAT := expat-$(EXPAT_VERSION)
> EXPAT_SUFFIX := tar.bz2
> EXPAT_RELEASE := R_$(subst .,_,$(EXPAT_VERSION))
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-09-12 12:22 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-09-05 17:05 [ptxdist] [PATCH] expat: Version bump. 2.6.2 -> 2.6.3 Christian Melki
2024-09-12 12:12 ` [ptxdist] [APPLIED] " Michael Olbrich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox