| Name: | expat-devel |
|---|---|
| Version: | 2.5.0 |
| Release: | 2.el9_4 |
| Architecture: | x86_64 |
| Group: | Unspecified |
| Size: | 195911 |
| License: | MIT |
| RPM: | expat-devel-2.5.0-2.el9_4.x86_64.rpm |
| Source RPM: | expat-2.5.0-2.el9_4.src.rpm |
| Build Date: | Wed May 01 2024 |
| Build Host: | build-ol9-x86_64.oracle.com |
| Vendor: | Oracle America |
| URL: | https://libexpat.github.io/ |
| Summary: | Libraries and header files to develop applications using expat |
| Description: | The expat-devel package contains the libraries, include files and documentation to develop XML applications with expat. |
- Fix parsing of large tokens - Reject direct parameter entity recursion - Resolves: RHEL-29699 - Resolves: RHEL-29696
- Rebase to version 2.5.0 - Resolves: CVE-2022-43680
- Rebase to version 2.4.9 - Resolves: CVE-2022-40674
- Rebase to version 2.4.7 - Resolves: rhbz#2067201 - Resolves: CVE-2022-25313 - Resolves: CVE-2022-25314 - Resolves: CVE-2022-25236
- Improve fix for CVE-2022-25236 - Related: CVE-2022-25236
- Fix multiple CVEs - CVE-2022-25236 expat: namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution - CVE-2022-25235 expat: malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution - CVE-2022-25315 expat: integer overflow in storeRawNames() - Resolves: CVE-2022-25236 - Resolves: CVE-2022-25235 - Resolves: CVE-2022-25315