24 lines
1.3 KiB
Plaintext
24 lines
1.3 KiB
Plaintext
<patchinfo incident="44">
|
|
<!-- generated from request(s) 343994 -->
|
|
<issue tracker="bnc" id="1221289">VUL-0: CVE-2024-28757: expat: libexpat: XML Entity Expansion</issue>
|
|
<issue tracker="bnc" id="1229930">VUL-0: CVE-2024-45490: expat: reject negative len for XML_ParseBuffer</issue>
|
|
<issue tracker="bnc" id="1229931">VUL-0: CVE-2024-45491: expat: detect integer overflow in dtdCopy</issue>
|
|
<issue tracker="bnc" id="1229932">VUL-0: CVE-2024-45492: expat: detect integer overflow in function nextScaffoldPart</issue>
|
|
<issue tracker="cve" id="2024-28757"/>
|
|
<issue tracker="cve" id="2024-45490"/>
|
|
<issue tracker="cve" id="2024-45491"/>
|
|
<issue tracker="cve" id="2024-45492"/>
|
|
<packager>david.anes</packager>
|
|
<rating>important</rating>
|
|
<category>security</category>
|
|
<summary>Security update for expat</summary>
|
|
<description>This update for expat fixes the following issues:
|
|
|
|
- CVE-2024-45492: detect integer overflow in function nextScaffoldPart (bsc#1229932)
|
|
- CVE-2024-45491: detect integer overflow in dtdCopy (bsc#1229931)
|
|
- CVE-2024-45490: reject negative len for XML_ParseBuffer (bsc#1229930)
|
|
- CVE-2024-28757: XML Entity Expansion attack when there is isolated use of external parsers (bsc#1221289)
|
|
</description>
|
|
<package>expat</package>
|
|
<seperate_build_arch/>
|
|
</patchinfo> |