[Bug 261285] [exp-run] update texproc/expat2 to 2.4.3

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 21 Jan 2022 08:05:26 UTC

--- Comment #5 from commit-hook@FreeBSD.org ---
A commit in branch 2022Q1 references this bug:


commit 13b8735a3908eaceaf9053a78d0c0120bef83e7f
Author:     Tobias C. Berner <tcberner@FreeBSD.org>
AuthorDate: 2022-01-17 18:59:30 +0000
Commit:     Tobias C. Berner <tcberner@FreeBSD.org>
CommitDate: 2022-01-21 08:04:50 +0000

    textproc/expat2: update to 2.4.3

    From [1]:

    libexpat is a fast streaming XML parser. Alongside libxml2, Expat is one
    of the most widely used software libre XML parsers written in C,
    precisely C99. It is cross-platform and licensed under the MIT license.

    Expat 2.4.3 has been released earlier today. Besides two minor fixes to
    the build system, this release is about security fixes. There is a total
    of 8 CVEs fixed, all related to fixed-size integer math (integer
    overflow and invalid shifts) near memory allocation. Impact is denial of
    service, or more.

      *  CVE-2021-45960
      *  CVE-2021-46143
      *  CVE-2022-22822
      *  CVE-2022-22823
      *  CVE-2022-22824
      *  CVE-2022-22825
      *  CVE-2022-22826
      *  CVE-2022-22827

    For more details, please check out the change log [2].

    [1] https://blog.hartwork.org/posts/expat-2-4-3-released/
    [2] https://github.com/libexpat/libexpat/blob/R_2_4_3/expat/Changes

    Exp-run by:     antoine
    PR:             261285

    (cherry picked from commit 97d40c6bda0656833e3e16d9364a5dc1b9587200)

 textproc/expat2/Makefile  | 2 +-
 textproc/expat2/distinfo  | 6 +++---
 textproc/expat2/pkg-plist | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

You are receiving this mail because:
You are on the CC list for the bug.