-
Notifications
You must be signed in to change notification settings - Fork 122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Windows: Update Expat to 2.2.3 to fix DLL hijacking (CVE-2017-11742) #29
Comments
Not possible to use Expat 2.2.3 (or 2.2.4) without compiler errors on Windows. As the vulnerable feature is not used in VSTGUI I close this issue now. |
I believe we have a misunderstanding here: There is no way of using that version of Expat without being vulnerable on Windows. You that troublesome call to LoadLibrary and it will be called on Windows.
If you have compile errors, please report bugs upstream, use a post-2.2.4 commit or request a soon release of 2.2.5. I'm quite sure we fixed these errors already. Let's co-operate on this matter. Please re-open this ticket. |
I reverted back to version 2.1.1 now. It's just to much hassle to update expat in its current state. |
Expat 2.2.5 with the compile fixes for Windows has been released now. |
Any news? |
Using XML is now deprecated in VSTGUI, so this issue should fade away |
Hi!
You seem target Windows and bundle Expat 2.2.1.
Please update your bundle to Expat 2.2.3 to fix vulnerability CVE-2017-11742.
Thanks!
The text was updated successfully, but these errors were encountered: