SHA256
1
0
forked from pool/expat
expat/expat-2.6.3.tar.xz.asc
David Anes 5c08cf2073 - Update to 2.6.3:
* Security fixes:
    - CVE-2024-45490, bsc#1229930 -- Calling function XML_ParseBuffer with
      len < 0 without noticing and then calling XML_GetBuffer
      will have XML_ParseBuffer fail to recognize the problem
      and XML_GetBuffer corrupt memory.
      With the fix, XML_ParseBuffer now complains with error
      XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse
      has been doing since Expat 2.2.1, and now documented.
      Impact is denial of service to potentially artitrary code
      execution.
    - CVE-2024-45491, bsc#1229931 -- Internal function dtdCopy can have an
      integer overflow for nDefaultAtts on 32-bit platforms
      (where UINT_MAX equals SIZE_MAX).
      Impact is denial of service to potentially artitrary code
      execution.
    - CVE-2024-45492, bsc#1229932 -- Internal function nextScaffoldPart can
      have an integer overflow for m_groupSize on 32-bit
      platforms (where UINT_MAX equals SIZE_MAX).
      Impact is denial of service to potentially artitrary code
      execution.
  * Other changes:
    - Autotools: Sync CMake templates with CMake 3.28
    - Autotools: Always provide path to find(1) for portability
    - Autotools: Ensure that the m4 directory always exists.
    - Autotools: Simplify handling of SIZEOF_VOID_P
    - Autotools: Support non-GNU sed
    - Autotools|CMake: Fix main() to main(void)
    - Autotools|CMake: Fix compile tests for HAVE_SYSCALL_GETRANDOM
    - Autotools|CMake: Stop requiring dos2unix

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/expat?expand=0&rev=114
2024-09-05 10:33:41 +00:00

17 lines
833 B
Plaintext

-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmbYOcIACgkQliYqz/vT
rsZJHxAAkyGU93XA8OhhJoheuXaPPNbXD6KbIfGZeAOsENS0zOSar2FHTo3+3VLV
lD3gS3S4eyo6tJ99E1iG0KLPm20mzwZIRA/vC9Vt3aVj43jnof7DjXij8QlV56Rh
6i30mavwdSPlU7f0GoVPchYB6wKl+rzKCJkAUzMlkbbFyLx/9o6/ryA3VsGXGBam
97is8R7I8Kt+dDbZGs+//W1OHR5VJO5kFQ7VcowhrLexh1fTJIu/cy3KJNpFyzDP
u402CUTUkpwxbbZHXz9WoiZrAIIkiGtKjtyss8OwloPcFS1SHXuNnkPPiQE1r2ow
pvKE/mKA384IG1890c402xjj8DwZ2Ck172rnFikSctFNGmUf0Mx0N+tSs7nTV7/q
yiBX0+aaedWVxQnhKffg2erjDxb56Uo0AwxylHbgI6F6I710JPTQC5pHt6Ka4FJm
lvDKGp6wGd9Y9biQvO74H0EOgkwd+8JHS7m4VLBraxKghfGuWXdZMGFGs5H8o6El
JzqCjhVnH7j55MVPBntuamifxh2c99FNglUhLGkV7dmash1wKX5Thwzc8fady9oH
KE1by5zh6A2Eu6KFE2/YvWQ56C8GgAY8Efe99IRz7XunCUzetxcfRDw6PcyCCOAa
Jx9B5SZMIfmVdYWuQRKhti7QxR9zuuvpA93GiUEzWZZ2AcJldoc=
=5Z0B
-----END PGP SIGNATURE-----