Date: Fri, 21 Jan 2022 08:05:26 +0000 From: bugzilla-noreply@freebsd.org To: desktop@FreeBSD.org Subject: [Bug 261285] [exp-run] update texproc/expat2 to 2.4.3 Message-ID: <bug-261285-39348-Sl9dgWL4Hi@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-261285-39348@https.bugs.freebsd.org/bugzilla/> References: <bug-261285-39348@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D261285 --- Comment #5 from commit-hook@FreeBSD.org --- A commit in branch 2022Q1 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=3D13b8735a3908eaceaf9053a78d0c012= 0bef83e7f commit 13b8735a3908eaceaf9053a78d0c0120bef83e7f Author: Tobias C. Berner <tcberner@FreeBSD.org> AuthorDate: 2022-01-17 18:59:30 +0000 Commit: Tobias C. Berner <tcberner@FreeBSD.org> CommitDate: 2022-01-21 08:04:50 +0000 textproc/expat2: update to 2.4.3 From [1]: libexpat is a fast streaming XML parser. Alongside libxml2, Expat is one of the most widely used software libre XML parsers written in C, precisely C99. It is cross-platform and licensed under the MIT license. Expat 2.4.3 has been released earlier today. Besides two minor fixes to the build system, this release is about security fixes. There is a total of 8 CVEs fixed, all related to fixed-size integer math (integer overflow and invalid shifts) near memory allocation. Impact is denial of service, or more. * CVE-2021-45960 * CVE-2021-46143 * CVE-2022-22822 * CVE-2022-22823 * CVE-2022-22824 * CVE-2022-22825 * CVE-2022-22826 * CVE-2022-22827 For more details, please check out the change log [2]. [1] https://blog.hartwork.org/posts/expat-2-4-3-released/ [2] https://github.com/libexpat/libexpat/blob/R_2_4_3/expat/Changes Exp-run by: antoine PR: 261285 (cherry picked from commit 97d40c6bda0656833e3e16d9364a5dc1b9587200) textproc/expat2/Makefile | 2 +- textproc/expat2/distinfo | 6 +++--- textproc/expat2/pkg-plist | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-261285-39348-Sl9dgWL4Hi>