Expat 2.2.8 with security fixes has been released / CVE-2019-15903

To: sebastian%pipping.org@localhost
Subject: Expat 2.2.8 with security fixes has been released / CVE-2019-15903
From: Sebastian Pipping <sebastian%pipping.org@localhost>
Date: Sat, 14 Sep 2019 22:20:30 +0200

Hello everyone!


To be quick, there is one heap buffer over-read DoS fix — for
CVE-2019-15903 [1] —, two other bugfixes, and build system fixes.  The
change log with details is up at [2].

I don't expect use of the new configure option --enable-xml-attr-info in
packaging anywhere, it's disabled everywhere else.
In case anyone is using CMake in packaging Expat already, please share
any pain points and issues with me so things get better next round.

If you happen to have patches for Expat that are still required with
2.2.8, please send them my way.

Thanks and best



Sebastian


[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903
[2] https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes

Prev by Date: Re: size_t issue ? (Re: x11/py-sip 4.19.18 breaks x11/py-qwt-qt4 then ham/gnuradio*
Next by Date: Re: openssl-1.1 in linux emulation
Previous by Thread: openssl-1.1 in linux emulation
Next by Thread: rustc version 1.37 does not build
Indexes:

Home | Main Index | Thread Index | Old Index