Tomas Korbar
5f55f9fea7
Fix parsing of large tokens
...
Reject direct parameter entity recursion
Resolves: RHEL-29699
Resolves: RHEL-29696
2024-03-20 12:40:57 +01:00
Tomas Korbar
44271faf92
Rebase to version 2.5.0
...
Resolves: CVE-2022-43680
2022-11-10 14:41:51 +01:00
Tomas Korbar
368d60e123
Rebase to version 2.4.9
...
Resolves: CVE-2022-40674
2022-09-29 16:43:56 +02:00
Tomas Korbar
0947457fd1
Rebase to version 2.4.7
...
Resolves: rhbz#2067201
Resolves: CVE-2022-25313
Resolves: CVE-2022-25314
Resolves: CVE-2022-25236
2022-04-26 10:34:22 +02:00
Tomas Korbar
f23fd2fa9c
Improve fix for CVE-2022-25236
...
Related: CVE-2022-25236
2022-03-14 10:29:27 +01:00
Tomas Korbar
6c4005223e
Fix multiple CVEs
...
CVE-2022-25236 expat: namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
CVE-2022-25235 expat: malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
CVE-2022-25315 expat: integer overflow in storeRawNames()
Resolves: CVE-2022-25236
Resolves: CVE-2022-25235
Resolves: CVE-2022-25315
2022-03-02 12:27:09 +01:00
Tomas Korbar
66503cfe5b
CVE-2022-23852 expat: integer overflow in function XML_GetBuffer
...
Resolves: CVE-2022-23852
2022-02-10 14:17:38 +01:00
Tomas Korbar
21e8e5c32d
CVE-2021-45960 expat: Large number of prefixed XML attributes on a single tag can crash libexpat
...
Resolves: CVE-2021-45960
2022-02-10 13:59:03 +01:00
Tomas Korbar
d183ecbb95
CVE-2021-46143 expat: Integer overflow in doProlog in xmlparse.c
...
Resolves: CVE-2021-46143
2022-02-09 15:04:56 +01:00
Tomas Korbar
4ccf989c09
CVE-2022-22827 Integer overflow in storeAtts in xmlparse.c
...
CVE-2022-22826 Integer overflow in nextScaffoldPart in xmlparse.c
CVE-2022-22825 Integer overflow in lookup in xmlparse.c
CVE-2022-22824 Integer overflow in defineAttribute in xmlparse.c
CVE-2022-22823 Integer overflow in build_model in xmlparse.c
CVE-2022-22822 Integer overflow in addBinding in xmlparse.c
Resolves: CVE-2022-22827
Resolves: CVE-2022-22826
Resolves: CVE-2022-22825
Resolves: CVE-2022-22824
Resolves: CVE-2022-22823
Resolves: CVE-2022-22822
2022-02-09 13:27:16 +01:00
Tomas Korbar
020338314d
CVE-2022-23990 expat: integer overflow in the doProlog function
...
Resolve: rhbz#2050503
2022-02-07 12:39:27 +01:00
Mohan Boddu
799d8d6c63
Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
...
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-09 19:57:57 +00:00
Mohan Boddu
72deca4da7
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
...
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-04-15 23:15:46 +00:00
DistroBaker
273c7af3c8
Merged update from upstream sources
...
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.
Source: https://src.fedoraproject.org/rpms/expat.git#8411329151aeaf7912f302d6d03e94a46b419bf0
2021-02-03 13:28:37 +01:00
Troy Dawson
7f2193629c
RHEL 9.0.0 Alpha bootstrap
...
The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/expat#3a708d8fdaea815d3c4207d2eb49dbb5358d73bc
2020-11-16 12:55:59 -08:00
Petr Šabata
7d51ef12ab
RHEL 9.0.0 Alpha bootstrap
...
The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/expat#2c7d944e47db8b7f227d7dc512972aadd9080e88
2020-10-15 00:10:40 +02:00