Date: Thu, 27 May 2021 08:58:07 +0000 From: bugzilla-noreply@freebsd.org To: desktop@FreeBSD.org Subject: [Bug 256121] [exp-run] texproc/expat2: update to 2.4.1 (fixes CVE-2013-0340/CWE-776) Message-ID: <bug-256121-39348-LwQXARlGvM@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-256121-39348@https.bugs.freebsd.org/bugzilla/> References: <bug-256121-39348@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D256121 --- Comment #3 from commit-hook@FreeBSD.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=3D1454ab40206b85f94edb6390e0d96c9= 716a07399 commit 1454ab40206b85f94edb6390e0d96c9716a07399 Author: Tobias C. Berner <tcberner@FreeBSD.org> AuthorDate: 2021-05-24 14:38:28 +0000 Commit: Tobias C. Berner <tcberner@FreeBSD.org> CommitDate: 2021-05-27 08:56:26 +0000 textprox/expat2: update to 2.4.1 -- fixes CVE-2013-0340/CWE-776 See [1] for details: Expat 2.4.0 and follow-up release 2.4.1 have both been released earlier today (21-05-23). Release 2.4.0 fixes long known security issue CVE-2013-0340 by adding protection against so-called Billion Laughs Attacks, a f= orm of denial of service against applications accepting XML input, in = all known variations, including recent flavor Parameter Laughs. [1] https://blog.hartwork.org/posts/cve-2013-0340-billion-laughs-fixed-in-expat= -2-4-0 PR: 256121 Exp-run by: antoine textproc/expat2/Makefile | 4 +++- textproc/expat2/distinfo | 6 +++--- textproc/expat2/pkg-plist | 10 +++++----- 3 files changed, 11 insertions(+), 9 deletions(-) --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-256121-39348-LwQXARlGvM>