Cart
[Home] [By Thread] [By Date] [Recent Entries]
Hello everyone! (A *longer* blog-post version of this e-mail is available online at https://blog.hartwork.org/posts/expat-2-4-3-released/ .) Expat 2.4.3 [1] has been released earlier today. Besides two minor fixes to the build system, this release is about security fixes. There is a total of 8 CVEs fixed, all related to fixed-size integer math (integer overflow and invalid shifts) near memory allocation. Impact is denial of service, or more. For more details, please check out the change log [2]. If you maintain Expat packaging or a bundled copy of Expat or a pinned version of Expat somewhere, please update to 2.4.3. Thank you! Best Sebastian Pipping [1] https://github.com/libexpat/libexpat/releases/tag/R_2_4_3 [2] https://github.com/libexpat/libexpat/blob/R_2_4_3/expat/Changes [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
