[Bug 261285] [exp-run] update texproc/expat2 to 2.4.3
- In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 261285] [exp-run] update texproc/expat2 to 2.4.3"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 21 Jan 2022 08:05:25 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261285
--- Comment #4 from commit-hook@FreeBSD.org ---
A commit in branch main references this bug:
URL:
https://cgit.FreeBSD.org/ports/commit/?id=97d40c6bda0656833e3e16d9364a5dc1b9587200
commit 97d40c6bda0656833e3e16d9364a5dc1b9587200
Author: Tobias C. Berner <tcberner@FreeBSD.org>
AuthorDate: 2022-01-17 18:59:30 +0000
Commit: Tobias C. Berner <tcberner@FreeBSD.org>
CommitDate: 2022-01-21 08:04:08 +0000
textproc/expat2: update to 2.4.3
From [1]:
libexpat is a fast streaming XML parser. Alongside libxml2, Expat is one
of the most widely used software libre XML parsers written in C,
precisely C99. It is cross-platform and licensed under the MIT license.
Expat 2.4.3 has been released earlier today. Besides two minor fixes to
the build system, this release is about security fixes. There is a total
of 8 CVEs fixed, all related to fixed-size integer math (integer
overflow and invalid shifts) near memory allocation. Impact is denial of
service, or more.
* CVE-2021-45960
* CVE-2021-46143
* CVE-2022-22822
* CVE-2022-22823
* CVE-2022-22824
* CVE-2022-22825
* CVE-2022-22826
* CVE-2022-22827
For more details, please check out the change log [2].
[1] https://blog.hartwork.org/posts/expat-2-4-3-released/
[2] https://github.com/libexpat/libexpat/blob/R_2_4_3/expat/Changes
Exp-run by: antoine
PR: 261285
textproc/expat2/Makefile | 2 +-
textproc/expat2/distinfo | 6 +++---
textproc/expat2/pkg-plist | 2 +-
3 files changed, 5 insertions(+), 5 deletions(-)
--
You are receiving this mail because:
You are on the CC list for the bug.