Opened 3 weeks ago
Closed 9 days ago
#5891 closed enhancement (fixed)
expat-2.7.5
| Reported by: | Bruce Dubbs | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | high | Milestone: | 13.1 |
| Component: | Book | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version.
Note:
See TracTickets
for help on using tickets.
Release 2.7.5 Tue March 17 2026 Security fixes: #1158 CVE-2026-32776 -- Fix NULL function pointer dereference for empty external parameter entities; it takes use of both functions XML_ExternalEntityParserCreate and XML_SetParamEntityParsing for an application to be vulnerable. #1161 #1162 CVE-2026-32777 -- Protect from XML_TOK_INSTANCE_START infinite loop in function entityValueProcessor; it takes use of both functions XML_ExternalEntityParserCreate and XML_SetParamEntityParsing for an application to be vulnerable. #1163 CVE-2026-32778 -- Fix NULL dereference in function setContext on retry after an earlier ouf-of-memory condition; it takes use of function XML_ParserCreateNS or XML_ParserCreate_MM for an application to be vulnerable. #1160 Three more unfixed vulnerabilities left Other changes: #1146 #1147 Autotools: Fix condition for symbol versioning check, in particular when compiling with slibtool (not libtool) #1156 Address Cppcheck >=2.20.0 warnings #1153 tests: Make test_buffer_can_grow_to_max work for MinGW on Ubuntu 24.04 #1157 #1159 Version info bumped from 12:2:11 (libexpat*.so.1.11.2) to 12:3:11 (libexpat*.so.1.11.3); see https://verbump.de/ for what these numbers do Infrastructure: #1148 CI: Fix FreeBSD and Solaris CI #1149 CI: Bump to WASI SDK 30 #1153 CI: Adapt to breaking changes with Ubuntu 22.04 #1156 CI: Adapt to breaking changes in Cppcheck