[ol8_baseos_latest] expat-devel-2.2.5-8.0.1.el8_6.2.x86_64

Name:	expat-devel
Version:	2.2.5
Release:	8.0.1.el8_6.2
Architecture:	x86_64
Group:	Unspecified
Size:	159404
License:	MIT
RPM:	expat-devel-2.2.5-8.0.1.el8_6.2.x86_64.rpm
Source RPM:	expat-2.2.5-8.0.1.el8_6.2.src.rpm
Build Date:	Wed Jun 29 2022
Build Host:	build-ol8-x86_64.oracle.com
Vendor:	Oracle America
URL:	https://libexpat.github.io/
Summary:	Libraries and header files to develop applications using expat
Description:	The expat-devel package contains the libraries, include files and documentation to develop XML applications with expat.

Changelog (Show File list) (Show related packages)

Wed Jun 29 2022 EL Errata <el-errata_ww@oracle.com> - 2.2.5-8.0.1.2

- lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910314]

Tue May 03 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-8.2
```
- Improve fix for CVE-2022-25313
- Related: CVE-2022-25313
```

Mon May 02 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-8.1

- Fix multiple CVEs
- Resolves: CVE-2022-25314
- Resolves: CVE-2022-25313

Mon Mar 14 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-8

- Improve patch for CVE-2022-25236
- Related: CVE-2022-25236

Fri Mar 04 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-7
```
- Fix patch for CVE-2022-25235
- Resolves: CVE-2022-25235
```

Thu Mar 03 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-6

- Fix multiple CVEs
- CVE-2022-25236 expat: namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
- CVE-2022-25235 expat: malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
- CVE-2022-25315 expat: integer overflow in storeRawNames()
- Resolves: CVE-2022-25236
- Resolves: CVE-2022-25235
- Resolves: CVE-2022-25315

Mon Feb 14 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-5

- Fix multiple CVEs
- CVE-2022-23852 expat: integer overflow in function XML_GetBuffer
- CVE-2021-45960 expat: Large number of prefixed XML attributes on a single tag can crash libexpat
- CVE-2021-46143 expat: Integer overflow in doProlog in xmlparse.c
- CVE-2022-22827 Integer overflow in storeAtts in xmlparse.c
- CVE-2022-22826 Integer overflow in nextScaffoldPart in xmlparse.c
- CVE-2022-22825 Integer overflow in lookup in xmlparse.c
- CVE-2022-22824 Integer overflow in defineAttribute in xmlparse.c
- CVE-2022-22823 Integer overflow in build_model in xmlparse.c
- CVE-2022-22822 Integer overflow in addBinding in xmlparse.c
- Resolves: CVE-2022-23852
- Resolves: CVE-2021-45960
- Resolves: CVE-2021-46143
- Resolves: CVE-2022-22827
- Resolves: CVE-2022-22826
- Resolves: CVE-2022-22825
- Resolves: CVE-2022-22824
- Resolves: CVE-2022-22823
- Resolves: CVE-2022-22822

Fri Apr 24 2020 Joe Orton <jorton@redhat.com> - 2.2.5-4

- add security fixes for CVE-2018-20843, CVE-2019-15903

Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.5-3
```
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
```
Sat Feb 03 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.2.5-2
```
- Switch to %ldconfig_scriptlets
```