import expat-2.2.5-8.el8

2022-05-10 03:20:36 -04:00 · 2022-05-10 03:20:36 -04:00 · 3a5027d247
commit 3a5027d247
parent c63431ee37
1 changed files with 16 additions and 9 deletions
--- a/SPECS/expat.spec
+++ b/SPECS/expat.spec
@ -3,7 +3,7 @@
 Summary: An XML parser library
 Name: expat
 Version: %(echo %{unversion} | sed 's/_/./g')
-Release: 4%{?dist}.3
+Release: 8%{?dist}
 Source: https://github.com/libexpat/libexpat/archive/R_%{unversion}.tar.gz#/expat-%{version}.tar.gz
 URL: https://libexpat.github.io/
 License: MIT
@ -93,17 +93,24 @@ make check
 %{_libdir}/lib*.a

 %changelog
-* Tue Mar 15 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-4.3
- Improve fix for CVE-2022-25236
+* Mon Mar 14 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-8
+- Improve patch for CVE-2022-25236
 - Related: CVE-2022-25236

-* Mon Mar 07 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-4.2
+* Fri Mar 04 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-7
+- Fix patch for CVE-2022-25235
+- Resolves: CVE-2022-25235
+
+* Thu Mar 03 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-6
 - Fix multiple CVEs
+- CVE-2022-25236 expat: namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
+- CVE-2022-25235 expat: malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
+- CVE-2022-25315 expat: integer overflow in storeRawNames()
 - Resolves: CVE-2022-25236
 - Resolves: CVE-2022-25235
 - Resolves: CVE-2022-25315

-* Wed Feb 16 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-4.1
+* Fri Feb 14 2022 Tomas Korbar <tkorbar@redhat.com> -  2.2.5-5
 - Fix multiple CVEs
 - CVE-2022-23852 expat: integer overflow in function XML_GetBuffer
 - CVE-2021-45960 expat: Large number of prefixed XML attributes on a single tag can crash libexpat