Expat 2.7.0 released, includes security fixes

To: sebastian%pipping.org@localhost
Subject: Expat 2.7.0 released, includes security fixes
From: Sebastian Pipping <sebastian%pipping.org@localhost>
Date: Fri, 14 Mar 2025 21:13:45 +0100

Hello everyone!


(I know that some of you have already updated — thanks!)

Expat 2.7.0 has been released yesterday.

The most interesting part is the fix to vulnerability CVE-2024-8176:

- For the parametrized attack payload generators payload{1..3}.py
  and just the tech aspects please see
  https://github.com/libexpat/libexpat/issues/893 .

- For the longer-than-usual story please see
  https://blog.hartwork.org/posts/expat-2-7-0-released/ .

- The change log with more information is at
  https://github.com/libexpat/libexpat/blob/R_2_7_0/expat/Changes

If you have patches for Expat that are still required with version
2.7.0 (besides known issue [1]), please send them my way so we can get
them included with a future release.  Thank you!

Best



Sebastian


[1] https://github.com/libexpat/libexpat/issues/976

Prev by Date: Re: update sysutils/ncdu2 to 2.7
Next by Date: Audio player for .m4a files?
Previous by Thread: Re: chromium: update to 131.0.6778.204
Next by Thread: Audio player for .m4a files?
Indexes:

Home | Main Index | Thread Index | Old Index