pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Expat 2.2.8 with security fixes has been released / CVE-2019-15903



Hello everyone!


To be quick, there is one heap buffer over-read DoS fix — for
CVE-2019-15903 [1] —, two other bugfixes, and build system fixes.  The
change log with details is up at [2].

I don't expect use of the new configure option --enable-xml-attr-info in
packaging anywhere, it's disabled everywhere else.
In case anyone is using CMake in packaging Expat already, please share
any pain points and issues with me so things get better next round.

If you happen to have patches for Expat that are still required with
2.2.8, please send them my way.

Thanks and best



Sebastian


[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903
[2] https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes


Home | Main Index | Thread Index | Old Index