Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[depends] expat 2.2.1 #10628

Merged
merged 1 commit into from Jun 22, 2017

Conversation

Projects
None yet
4 participants
@fanquake
Copy link
Member

fanquake commented Jun 19, 2017

Full changelog available here.

CVE-2017-9233 -- External entity infinite loop DoS. Details: https://libexpat.github.io/doc/cve-2017-9233/
CVE-2016-9063 -- Detect integer overflow; (Fixed version of existing downstream patches!)
Fix regression from fix to CVE-2016-0718 cutting off longer tag names;
Detect overflow from len=INT_MAX call to XML_Parse;

libexpat is moving to GitHub, however downloads remain on SF for now.

@fanquake fanquake requested a review from theuni Jun 19, 2017

@theuni

theuni approved these changes Jun 19, 2017

Copy link
Member

theuni left a comment

utACK 2c3fc51

@jonasschnelli

This comment has been minimized.

Copy link
Member

jonasschnelli commented Jun 20, 2017

@laanwj laanwj merged commit 2c3fc51 into bitcoin:master Jun 22, 2017

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

laanwj added a commit that referenced this pull request Jun 22, 2017

Merge #10628: [depends] expat 2.2.1
2c3fc51 [depends] expat 2.2.1 (fanquake)

Tree-SHA512: ad0e18f2770c0c4b378123bcbcf93ed0ee0b03dbf6360f02e88b01052ef7b0f5540a0a5cbb6d0d3a3d70db29b0413a43f17e7fa5092185fb874470a9f6be4d76

@fanquake fanquake deleted the fanquake:expat-2-2-1 branch Jun 25, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.