[ol9_appstream] expat-devel-2.2.10-12.el9_0.3.aarch64

Name:	expat-devel
Version:	2.2.10
Release:	12.el9_0.3
Architecture:	aarch64
Group:	Unspecified
Size:	157107
License:	MIT
RPM:	expat-devel-2.2.10-12.el9_0.3.aarch64.rpm
Source RPM:	expat-2.2.10-12.el9_0.3.src.rpm
Build Date:	Thu Oct 06 2022
Build Host:	build-ol9-aarch64.oracle.com
Vendor:	Oracle America
URL:	https://libexpat.github.io/
Summary:	Libraries and header files to develop applications using expat
Description:	The expat-devel package contains the libraries, include files and documentation to develop XML applications with expat.

Changelog (Show File list) (Show related packages)

Thu Sep 29 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.10-12.3

- Ensure raw tagnames are safe exiting internalEntityParser
- Resolves: CVE-2022-40674

Tue May 03 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.10-12.2
```
- Improve fix for CVE-2022-25313
- Related: CVE-2022-25313
```

Tue Apr 26 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.10-12.1

- Fix multiple CVEs
- Resolves: CVE-2022-25314
- Resolves: CVE-2022-25313

Wed Mar 16 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.10-12

- Build fix for CVE-2022-25236 in rhel-9.0.0
- Related: CVE-2022-25236

Mon Mar 14 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.10-11
```
- Improve fix for CVE-2022-25236
- Related: CVE-2022-25236
```

Mon Feb 28 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.10-10

- Fix multiple CVEs
- CVE-2022-25236 expat: namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
- CVE-2022-25235 expat: malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
- CVE-2022-25315 expat: integer overflow in storeRawNames()
- Resolves: CVE-2022-25236
- Resolves: CVE-2022-25235
- Resolves: CVE-2022-25315

Thu Feb 10 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.10-9

- CVE-2022-23852 expat: integer overflow in function XML_GetBuffer
- Resolves: CVE-2022-23852

Thu Feb 10 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.10-8

- CVE-2021-45960 expat: Large number of prefixed XML attributes on a single tag can crash libexpat
- Resolves: CVE-2021-45960

Wed Feb 09 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.10-7

- CVE-2021-46143 expat: Integer overflow in doProlog in xmlparse.c
- Resolves: CVE-2021-46143

Wed Feb 09 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.10-6

- CVE-2022-22827 Integer overflow in storeAtts in xmlparse.c
- CVE-2022-22826 Integer overflow in nextScaffoldPart in xmlparse.c
- CVE-2022-22825 Integer overflow in lookup in xmlparse.c
- CVE-2022-22824 Integer overflow in defineAttribute in xmlparse.c
- CVE-2022-22823 Integer overflow in build_model in xmlparse.c
- CVE-2022-22822 Integer overflow in addBinding in xmlparse.c
- Resolves: CVE-2022-22827
- Resolves: CVE-2022-22826
- Resolves: CVE-2022-22825
- Resolves: CVE-2022-22824
- Resolves: CVE-2022-22823
- Resolves: CVE-2022-22822