Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[depends] expat 2.2.1 #10628

merged 1 commit into from Jun 22, 2017


None yet
4 participants
Copy link

fanquake commented Jun 19, 2017

Full changelog available here.

CVE-2017-9233 -- External entity infinite loop DoS. Details:
CVE-2016-9063 -- Detect integer overflow; (Fixed version of existing downstream patches!)
Fix regression from fix to CVE-2016-0718 cutting off longer tag names;
Detect overflow from len=INT_MAX call to XML_Parse;

libexpat is moving to GitHub, however downloads remain on SF for now.

@fanquake fanquake requested a review from theuni Jun 19, 2017


theuni approved these changes Jun 19, 2017

Copy link

theuni left a comment

utACK 2c3fc51


This comment has been minimized.

Copy link

jonasschnelli commented Jun 20, 2017

@laanwj laanwj merged commit 2c3fc51 into bitcoin:master Jun 22, 2017

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed

laanwj added a commit that referenced this pull request Jun 22, 2017

Merge #10628: [depends] expat 2.2.1
2c3fc51 [depends] expat 2.2.1 (fanquake)

Tree-SHA512: ad0e18f2770c0c4b378123bcbcf93ed0ee0b03dbf6360f02e88b01052ef7b0f5540a0a5cbb6d0d3a3d70db29b0413a43f17e7fa5092185fb874470a9f6be4d76

@fanquake fanquake deleted the fanquake:expat-2-2-1 branch Jun 25, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.