Date: Sat, 05 Feb 2022 06:43:06 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261597 --- Comment #2 from commit-hook@FreeBSD.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=4c6bb049ab93102501743fc83ee38b45e6d974a4 commit 4c6bb049ab93102501743fc83ee38b45e6d974a4 Author: Tobias C. Berner <tcberner@FreeBSD.org> AuthorDate: 2022-01-31 09:32:43 +0000 Commit: Tobias C. Berner <tcberner@FreeBSD.org> CommitDate: 2022-02-05 06:42:34 +0000 textproc/expat2: update to 2.4.4 Release 2.4.4 Sun January 30 2022 Security fixes: #550 CVE-2022-23852 -- Fix signed integer overflow (undefined behavior) in function XML_GetBuffer (that is also called by function XML_Parse internally) for when XML_CONTEXT_BYTES is defined to >0 (which is both common and default). Impact is denial of service or more. #551 CVE-2022-23990 -- Fix unsigned integer overflow in function doProlog triggered by large content in element type declarations when there is an element declaration handler present (from a prior call to XML_SetElementDeclHandler). Impact is denial of service or more. Bug fixes: #544 #545 xmlwf: Fix a memory leak on output file opening error Other changes: #546 Autotools: Fix broken CMake support under Cygwin #554 Windows: Add missing files to the installer to fix compilation with CMake from installed sources #552 #554 Version info bumped from 9:3:8 to 9:4:8; see https://verbump.de/ for what these numbers do Special thanks to: Carlo Bramini hwt0415 Roland Illig Samanta Navarro and Clang LeakSan and the Clang team PR: 261597 Exp-run by: antoine textproc/expat2/Makefile | 2 +- textproc/expat2/distinfo | 6 +++--- textproc/expat2/pkg-plist | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) -- You are receiving this mail because: You are on the CC list for the bug.