Message296254
| Author |
ned.deily |
| Recipients |
ned.deily, vstinner |
| Date |
2017年06月18日.03:01:26 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1497754887.58.0.724129384272.issue30694@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
From the announcement:
Expat 2.2.1 has been released. The change log has more details [2] than this mail, including commit SHA1s. For a quick overview of the security fixes and CVEs, we have:
CVE-2017-9233 External entity infinite loop DoS [1]
(CVE-2016-9063) Integer overflow (re-fix)
n/a More integer overflow fixes
(CVE-2016-0718) Fix regression bugs from 2.2.0's fix to CVE-2016-0718
(CVE-2016-5300) Use os-specific entropy sources like getrandom
n/a No longer leak parser pointer information
n/a Prevent use of uninitialised variables
n/a Add missing API parameter validation (NULL, len<0)
(CVE-2012-0876) Counter hash flooding with SipHash
https://github.com/libexpat/libexpat/blob/R_2_2_1/expat/Changes
https://libexpat.github.io/doc/cve-2017-9233/ |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2017年06月18日 03:01:27 | ned.deily | set | recipients:
+ ned.deily, vstinner |
| 2017年06月18日 03:01:27 | ned.deily | set | messageid: <1497754887.58.0.724129384272.issue30694@psf.upfronthosting.co.za> |
| 2017年06月18日 03:01:27 | ned.deily | link | issue30694 messages |
| 2017年06月18日 03:01:26 | ned.deily | create |
|