Expat 2.4.5 with security fixes released

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Expat 2.4.5 with security fixes released

From:	Sebastian Pipping
Subject:	Expat 2.4.5 with security fixes released
Date:	Sat, 19 Feb 2022 00:05:58 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.6.1

Hello everyone!


Expat 2.4.5 with security fixes has been released.

Please note that different people evaluate the impact of security issuesdifferently: 2 of those 5 vulnerability allow proven code execution notwithin Expat but in (some) applications using Expat, and hence they are"critical" on my personal scale while e.g. Ubuntu considers these two as"low" and "medium" respectively, only. I have contacted Ubuntu securityabout that earlier today but have yet to hear back.

There will be a summary blog post at [1] and the change log is at [2]with more details already.


If you have patches for Expat that are still required with version
2.4.5, please send them my way.  Thank you!

Best



Sebastian


[1] https://blog.hartwork.org/posts/expat-2-4-5-released/
[2] https://github.com/libexpat/libexpat/blob/R_2_4_5/expat/Changes

[Prev in Thread]

Current Thread

[Next in Thread]

Expat 2.4.5 with security fixes released, Sebastian Pipping <=

Prev by Date: Re: Compiling blender
Next by Date: Faster "guix pull" by incremental compilation and non-circular modules?
Previous by thread: How to run a command before shutdown.
Next by thread: Expensive builds when computing channel instance derivations
Index(es):
- Date
- Thread