Release date:
2022-09-26 11:42:33 UTC
Description:
* SECURITY UPDATE: Unsafe exiting internalEntityParser
- debian/patches/CVE-2022-40674.patch: Ensure raw tagnames are
safe exiting internalEntityParser
- CVE-2022-40674
* tests were activated
* some leaks fixed:
- debian/patches/fix-leak-xmlparse.patch: tidy up attribute prefix
bindings on error (fixes #17)
- debian/patches/fix-tests-leak.patch: free the external entity
parser in external_entity_loader_set_encoding()
- debian/patches/fix-tests-leak2.patch: free the content model in
dummy_element_decl_handler()
- debian/patches/dispose-test-stuff.patch: removes some of the
memory leaks discovered by AddressSanitizer in the test suite
(Issue #23)
Updated packages:
-
expat_2.1.0-7ubuntu0.16.04.5+tuxcare.els2_amd64.deb
sha:eb4834174a039ca1bac8398ad2f992fb272469a6
-
libexpat1_2.1.0-7ubuntu0.16.04.5+tuxcare.els2_amd64.deb
sha:2cad8402d84e8381b68993a92991a8ad9ec3c240
-
libexpat1-dev_2.1.0-7ubuntu0.16.04.5+tuxcare.els2_amd64.deb
sha:63ed6fd400ef8b8c0d432151f7bc2b1d27bb6b7c
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
