[Buildroot] [PATCH] expat: security bump to version 2.2.1

Peter Korsgaard peter at korsgaard.com
Mon Jun 26 07:49:35 UTC 2017


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes:
 > - CVE-2017-9233 - External entity infinite loop DoS. See:
 >   https://libexpat.github.io/doc/cve-2017-9233/

 > - CVE-2016-9063 -- Detect integer overflow

 > And further more:

 > - Fix regression from fix to CVE-2016-0718 cutting off longer tag names.

 > - Extend fix for CVE-2016-5300 (use getrandom() if available).

 > - Extend fix for CVE-2012-0876 (Change hash algorithm to William Ahern's
 >   version of SipHash).

 > Also add an upstream patch to fix detection of getrandom().

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed this + fixup patch to 2017.02.x and 2017.05.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list