import expat-2.2.5-8.el8
This commit is contained in:
CentOS Sources
Stepan Oksanichenko
parent
c63431ee37
commit
3a5027d247
|
|
@ -3,7 +3,7 @@
|
|||
Summary: An XML parser library
|
||||
Name: expat
|
||||
Version: %(echo %{unversion} | sed 's/_/./g')
|
||||
Release: 4%{?dist}.3
|
||||
Release: 8%{?dist}
|
||||
Source: https://github.com/libexpat/libexpat/archive/R_%{unversion}.tar.gz#/expat-%{version}.tar.gz
|
||||
URL: https://libexpat.github.io/
|
||||
License: MIT
|
||||
|
|
@ -11,10 +11,10 @@ BuildRequires: autoconf, libtool, xmlto, gcc-c++
|
|||
Patch0: expat-2.2.5-doc2man.patch
|
||||
Patch1: expat-2.2.5-CVE-2018-20843.patch
|
||||
Patch2: expat-2.2.5-CVE-2019-15903.patch
|
||||
Patch3: expat-2.2.5-Detect-and-prevent-integer-overflow-in-XML_GetBuffer.patch
|
||||
Patch4: expat-2.2.5-Detect-and-prevent-troublesome-left-shifts.patch
|
||||
Patch5: expat-2.2.5-Prevent-integer-overflow-on-m_groupSize-in-function.patch
|
||||
Patch6: expat-2.2.5-Prevent-more-integer-overflows.patch
|
||||
Patch3: expat-2.2.5-Detect-and-prevent-integer-overflow-in-XML_GetBuffer.patch
|
||||
Patch4: expat-2.2.5-Detect-and-prevent-troublesome-left-shifts.patch
|
||||
Patch5: expat-2.2.5-Prevent-integer-overflow-on-m_groupSize-in-function.patch
|
||||
Patch6: expat-2.2.5-Prevent-more-integer-overflows.patch
|
||||
Patch7: expat-2.2.5-Protect-against-malicious-namespace-declarations.patch
|
||||
Patch8: expat-2.2.5-Add-missing-validation-of-encoding.patch
|
||||
Patch9: expat-2.2.5-Prevent-integer-overflow-in-storeRawNames.patch
|
||||
|
|
@ -93,17 +93,24 @@ make check
|
|||
%{_libdir}/lib*.a
|
||||
|
||||
%changelog
|
||||
* Tue Mar 15 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-4.3
|
||||
- Improve fix for CVE-2022-25236
|
||||
* Mon Mar 14 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-8
|
||||
- Improve patch for CVE-2022-25236
|
||||
- Related: CVE-2022-25236
|
||||
|
||||
* Mon Mar 07 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-4.2
|
||||
* Fri Mar 04 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-7
|
||||
- Fix patch for CVE-2022-25235
|
||||
- Resolves: CVE-2022-25235
|
||||
|
||||
* Thu Mar 03 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-6
|
||||
- Fix multiple CVEs
|
||||
- CVE-2022-25236 expat: namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
|
||||
- CVE-2022-25235 expat: malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
|
||||
- CVE-2022-25315 expat: integer overflow in storeRawNames()
|
||||
- Resolves: CVE-2022-25236
|
||||
- Resolves: CVE-2022-25235
|
||||
- Resolves: CVE-2022-25315
|
||||
|
||||
* Wed Feb 16 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-4.1
|
||||
* Fri Feb 14 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-5
|
||||
- Fix multiple CVEs
|
||||
- CVE-2022-23852 expat: integer overflow in function XML_GetBuffer
|
||||
- CVE-2021-45960 expat: Large number of prefixed XML attributes on a single tag can crash libexpat
|
||||
|
|
|
|||
Loading…
Reference in New Issue