Opened 8 months ago

Closed 8 months ago

Last modified 8 months ago

#5461 closed enhancement (fixed)

expat-2.6.2

Reported by: Bruce Dubbs Owned by: lfs-book
Priority: high Milestone: 12.2
Component: Book Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (4)

comment:1 by Bruce Dubbs, 8 months ago

Release 2.6.2 Wed March 13 2024 Security fixes:

  • CVE-2024-28757. Prevent billion laughs attacks with isolated use of external parsers.

Bug fixes:

  • Reject direct parameter entity recursion and avoid the related undefined behavior

Other changes:

  • Autotools: Fix build for DOCBOOK_TO_MAN containing spaces
  • Add missing commits to 2.6.1 change log
  • Version info bumped from 10:1:9 (libexpat*.so.1.9.1) to 10:2:9 (libexpat*.so.1.9.2)

comment:2 by Xi Ruoyao, 8 months ago

Priority: normalhigh

comment:3 by Bruce Dubbs, 8 months ago

Resolution: fixed
Status: newclosed

Fixed at commit dcf5543233a7. 

    Update to wheel-0.43.0.
    Update to setuptools-69.2.0 (Python module).
    Update to meson-1.4.0.
    Update to expat-2.6.2 (Security fix).
    Update to iana-etc-20240305.
    Update to vim-9.1.0161.
    Update to xz-5.6.1.
    Update to shadow-4.15.0.
    Update to psmisc-23.7.
    Update to kmod-32.
    Update to elfutils-0.191.

comment:4 by Douglas R. Reno, 8 months ago

SA-12.1-010 issued.

Note: See TracTickets for help on using tickets.