pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Expat 2.4.5 with security fixes released



Hello everyone!


Expat 2.4.5 with security fixes has been released.

Please note that different people evaluate the impact of security issues differently: 2 of those 5 vulnerability allow proven code execution not within Expat but in (some) applications using Expat, and hence they are "critical" on my personal scale while e.g. Ubuntu considers these two as "low" and "medium" respectively, only. I have contacted Ubuntu security about that earlier today but have yet to hear back.

There will be a summary blog post at [1] and the change log is at [2] with more details already.

If you have patches for Expat that are still required with version
2.4.5, please send them my way.  Thank you!

Best



Sebastian


[1] https://blog.hartwork.org/posts/expat-2-4-5-released/
[2] https://github.com/libexpat/libexpat/blob/R_2_4_5/expat/Changes


Home | Main Index | Thread Index | Old Index