Bundles vulnerable copy of Expat - please update to 2.2.1 #157
Comments
89 tasks
alcz
added a commit
that referenced
this issue
Jun 26, 2017
* contrib/hbexpat/3rd/expat/*
! updated to 2.2.1 (from 2.1.0) using 3rdpatch.hb, expat.dif(f) from
Viktor's 3.4 fork was used - but adapted for DOS 8.3 naming
scheme. According to issue #157, previous revisions of expat have
security vulnerabilities, for more information refer to:
https://github.com/libexpat/libexpat/blob/master/expat/Changes
Many thanks to Sebastian Pipping for the information.
* contrib/hbexpat/hbexpat.ch
+ new constant HB_XML_ERROR_INVALID_ARGUMENT added
|
Updated. Thank you very much for the information! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi!
This repository bundles an outdated vulnerable copy of Expat 2.1.0. Please update your copy to version 2.2.1 with the latest security fixes. A change log with details is available at https://github.com/libexpat/libexpat/blob/master/expat/Changes. If you happen to run into compile errors, please check the post-2.2.1 commits in Git as well. Thank you!
Best
Sebastian
The text was updated successfully, but these errors were encountered: