From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Wed, 14 Feb 2024 17:22:26 +0100 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1raI1i-006Lcd-01 for lore@lore.pengutronix.de; Wed, 14 Feb 2024 17:22:26 +0100 Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1raI1h-0008Jd-Fu; Wed, 14 Feb 2024 17:22:25 +0100 Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1raI1b-0008JR-KC; Wed, 14 Feb 2024 17:22:19 +0100 Received: from [2a0a:edc0:2:b01:1d::c5] (helo=pty.whiteo.stw.pengutronix.de) by drehscheibe.grey.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1raI1b-000izk-46; Wed, 14 Feb 2024 17:22:19 +0100 Received: from mol by pty.whiteo.stw.pengutronix.de with local (Exim 4.96) (envelope-from ) id 1raI1b-008c79-09; Wed, 14 Feb 2024 17:22:19 +0100 Date: Wed, 14 Feb 2024 17:22:19 +0100 From: Michael Olbrich To: Christian Melki Message-ID: Mail-Followup-To: Christian Melki , ptxdist@pengutronix.de References: <20240208202014.2275897-1-christian.melki@t2data.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240208202014.2275897-1-christian.melki@t2data.com> X-Sent-From: Pengutronix Hildesheim X-URL: http://www.pengutronix.de/ X-Accept-Language: de,en X-Accept-Content-Type: text/plain Subject: Re: [ptxdist] [PATCH] expat: Version bump. 2.5.0 -> 2.6.0 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false On Thu, Feb 08, 2024 at 09:20:14PM +0100, Christian Melki wrote: > https://github.com/libexpat/libexpat/blob/R_2_6_0/expat/Changes > > Plugs CVEs: > CVE-2023-52425 - Fix quadratic runtime issues with big tokens > CVE-2023-52426 - Fix billion laughs attacks without XML_DTD > I did the same update (just without the nice commit message) and pushed it to master before I saw your patch. Michael > Signed-off-by: Christian Melki > --- > rules/expat.make | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/rules/expat.make b/rules/expat.make > index d12144458..418496b14 100644 > --- a/rules/expat.make > +++ b/rules/expat.make > @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_EXPAT) += expat > # > # Paths and names > # > -EXPAT_VERSION := 2.5.0 > -EXPAT_MD5 := 5e9974d422dc4b157f300568ad28ebf6 > +EXPAT_VERSION := 2.6.0 > +EXPAT_MD5 := eeb1cf76f51dadebff73fe6aa317ba37 > EXPAT := expat-$(EXPAT_VERSION) > EXPAT_SUFFIX := tar.bz2 > EXPAT_RELEASE := R_$(subst .,_,$(EXPAT_VERSION)) > -- > 2.34.1 > > > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |