Expat 2.4.5 with security fixes released

To: sebastian%pipping.org@localhost
Subject: Expat 2.4.5 with security fixes released
From: Sebastian Pipping <sebastian%pipping.org@localhost>
Date: Sat, 19 Feb 2022 00:05:58 +0100

Hello everyone!


Expat 2.4.5 with security fixes has been released.

Please note that different people evaluate the impact of security issuesdifferently: 2 of those 5 vulnerability allow proven code execution notwithin Expat but in (some) applications using Expat, and hence they are"critical" on my personal scale while e.g. Ubuntu considers these two as"low" and "medium" respectively, only. I have contacted Ubuntu securityabout that earlier today but have yet to hear back.

There will be a summary blog post at [1] and the change log is at [2]with more details already.


If you have patches for Expat that are still required with version
2.4.5, please send them my way.  Thank you!

Best



Sebastian


[1] https://blog.hartwork.org/posts/expat-2-4-5-released/
[2] https://github.com/libexpat/libexpat/blob/R_2_4_5/expat/Changes

Prev by Date: Re: On UnixWare force using CFLAGS="-O0 -g" for m4 and bison inststaed of -O2
Next by Date: Re: build failed: libreoffice checksum mismatch
Previous by Thread: On UnixWare force using CFLAGS="-O0 -g" for m4 and bison inststaed of -O2
Next by Thread: Expat 2.4.6 with regression fix released
Indexes:

Home | Main Index | Thread Index | Old Index