#
0c65ac1d |
| 12-Nov-2022 |
Antonio Huete Jimenez <tuxillo@quantumachine.net> |
vendor/expat: upgrade from 2.1.0 to 2.5.0
Summary of notable changes:
- Detect overflow from len=INT_MAX call to XML_Parse - Fix a dangling pointer issue related to realloc - Fix copying of part
vendor/expat: upgrade from 2.1.0 to 2.5.0
Summary of notable changes:
- Detect overflow from len=INT_MAX call to XML_Parse - Fix a dangling pointer issue related to realloc - Fix copying of partial characters for UTF-8 input - Avoid doing arithmetic with NULL pointers in XML_GetBuffer - Fix reading uninitialized variable during parsing - CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer - Fix potential null pointer dereference - Following CVEs were handled (not a complete list) CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2012-0876 CVE-2012-6702, CVE-2017-9233, CVE-2016-9063, CVE-2018-20843 CVE-2019-15903,CVE-2013-0340/CWE-776, CVE-2021-45960 CVE-2021-46143, CVE-2022-22822 to CVE-2022-22827 CVE-2022-23852, CVE-2022-23990, CVE-2022-43680
For detailed list of all changes, bugfixes and improvements, see Changes.
show more ...
|