[Buildroot] [PATCH] package/expat: security bump to version 2.2.8
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Sun Sep 15 20:23:21 UTC 2019
On Sun, 15 Sep 2019 22:21:42 +0200
Peter Korsgaard <peter at korsgaard.com> wrote:
> Fixes the following security vulnerability:
>
> CVE-2019-15903: In libexpat before 2.2.8, crafted XML input could fool the
> parser into changing from DTD parsing to document parsing too early; a
> consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber)
> then resulted in a heap-based buffer over-read.
>
> While we're at it, also change to use .tar.xz rather than the bigger
> .tar.bz2.
>
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> ---
> package/expat/expat.hash | 8 ++++----
> package/expat/expat.mk | 4 ++--
> 2 files changed, 6 insertions(+), 6 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list