projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1a050ad) | patch
expat: security bump to version 2.2.1
authorPeter Korsgaard <peter@korsgaard.com>
Sun, 18 Jun 2017 21:20:04 +0000 (23:20 +0200)
committerThomas Petazzoni <thomas.petazzoni@free-electrons.com>
Mon, 19 Jun 2017 20:06:03 +0000 (22:06 +0200)
commitc0ad6ded018ffbc33f7f52a4bbcc6f08a14bfbd6
tree6155e56272c750a4427012a5ea242648f6fb4947tree
parent1a050ad9b378fd5e402985f0caafe5b1b332ad7bcommit | diff
expat: security bump to version 2.2.1

Fixes:

- CVE-2017-9233 - External entity infinite loop DoS. See:
  https://libexpat.github.io/doc/cve-2017-9233/

- CVE-2016-9063 -- Detect integer overflow

And further more:

- Fix regression from fix to CVE-2016-0718 cutting off longer tag names.

- Extend fix for CVE-2016-5300 (use getrandom() if available).

- Extend fix for CVE-2012-0876 (Change hash algorithm to William Ahern's
  version of SipHash).

Also add an upstream patch to fix detection of getrandom().

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
package/expat/0001-configure.ac-Fix-mis-detection-of-getrandom-on-Debia.patch [new file with mode: 0644] blob
package/expat/expat.hash diff | blob | history
package/expat/expat.mk diff | blob | history