Expat 2.4.0 (and 2.4.1) with security fixes released

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Expat 2.4.0 (and 2.4.1) with security fixes released

From:	Sebastian Pipping
Subject:	Expat 2.4.0 (and 2.4.1) with security fixes released
Date:	Mon, 24 May 2021 01:01:35 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.10.0

Hello everyone!


Expat 2.4.0 (and 2.4.1) most importantly brings protection against
Billion Laughs Attacks (CVE-2013-0340).  There is a blog post [1] and
the change log with more details.

If you have patches for Expat that are still required with version
2.4.1, please send them my way.  Thank you!

Best



Sebastian


[1]
https://blog.hartwork.org/posts/cve-2013-0340-billion-laughs-fixed-in-expat-2-4-0/
[2] https://github.com/libexpat/libexpat/blob/R_2_4_1/expat/Changes

[Prev in Thread]

Current Thread

[Next in Thread]

Expat 2.4.0 (and 2.4.1) with security fixes released, Sebastian Pipping <=

Prev by Date: Re: 1 Guix-devel moderator request(s) waiting
Next by Date: Re: bug#47615: [PATCH 0/9] Add 32-bit powerpc support
Previous by thread: Re: 1 Guix-devel moderator request(s) waiting
Next by thread: Rust freedom issue claim
Index(es):
- Date
- Thread