[Bug 261285] [exp-run] update texproc/expat2 to 2.4.3
- In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 261285] [exp-run] update texproc/expat2 to 2.4.3"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 21 Jan 2022 08:05:25 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261285 --- Comment #4 from commit-hook@FreeBSD.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=97d40c6bda0656833e3e16d9364a5dc1b9587200 commit 97d40c6bda0656833e3e16d9364a5dc1b9587200 Author: Tobias C. Berner <tcberner@FreeBSD.org> AuthorDate: 2022-01-17 18:59:30 +0000 Commit: Tobias C. Berner <tcberner@FreeBSD.org> CommitDate: 2022-01-21 08:04:08 +0000 textproc/expat2: update to 2.4.3 From : libexpat is a fast streaming XML parser. Alongside libxml2, Expat is one of the most widely used software libre XML parsers written in C, precisely C99. It is cross-platform and licensed under the MIT license. Expat 2.4.3 has been released earlier today. Besides two minor fixes to the build system, this release is about security fixes. There is a total of 8 CVEs fixed, all related to fixed-size integer math (integer overflow and invalid shifts) near memory allocation. Impact is denial of service, or more. * CVE-2021-45960 * CVE-2021-46143 * CVE-2022-22822 * CVE-2022-22823 * CVE-2022-22824 * CVE-2022-22825 * CVE-2022-22826 * CVE-2022-22827 For more details, please check out the change log .  https://blog.hartwork.org/posts/expat-2-4-3-released/  https://github.com/libexpat/libexpat/blob/R_2_4_3/expat/Changes Exp-run by: antoine PR: 261285 textproc/expat2/Makefile | 2 +- textproc/expat2/distinfo | 6 +++--- textproc/expat2/pkg-plist | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) -- You are receiving this mail because: You are on the CC list for the bug.