Message296254
From the announcement:
Expat 2.2.1 has been released. The change log has more details [2] than this mail, including commit SHA1s. For a quick overview of the security fixes and CVEs, we have:
CVE-2017-9233 External entity infinite loop DoS [1]
(CVE-2016-9063) Integer overflow (re-fix)
n/a More integer overflow fixes
(CVE-2016-0718) Fix regression bugs from 2.2.0's fix to CVE-2016-0718
(CVE-2016-5300) Use os-specific entropy sources like getrandom
n/a No longer leak parser pointer information
n/a Prevent use of uninitialised variables
n/a Add missing API parameter validation (NULL, len<0)
(CVE-2012-0876) Counter hash flooding with SipHash
https://github.com/libexpat/libexpat/blob/R_2_2_1/expat/Changes
https://libexpat.github.io/doc/cve-2017-9233/ |
|
Date |
User |
Action |
Args |
2017-06-18 03:01:27 | ned.deily | set | recipients:
+ ned.deily, vstinner |
2017-06-18 03:01:27 | ned.deily | set | messageid: <1497754887.58.0.724129384272.issue30694@psf.upfronthosting.co.za> |
2017-06-18 03:01:27 | ned.deily | link | issue30694 messages |
2017-06-18 03:01:26 | ned.deily | create | |
|