| Name: | expat |
|---|---|
| Version: | 2.5.0 |
| Release: | 2.el9_4 |
| Architecture: | x86_64 |
| Group: | Unspecified |
| Size: | 309434 |
| License: | MIT |
| RPM: | expat-2.5.0-2.el9_4.x86_64.rpm |
| Source RPM: | expat-2.5.0-2.el9_4.src.rpm |
| Build Date: | Wed May 01 2024 |
| Build Host: | build-ol9-x86_64.oracle.com |
| Vendor: | Oracle America |
| URL: | https://libexpat.github.io/ |
| Summary: | An XML parser library |
| Description: | This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. A start tag is an example of the kind of structures for which you may register handlers. |
- Fix parsing of large tokens - Reject direct parameter entity recursion - Resolves: RHEL-29699 - Resolves: RHEL-29696
- Rebase to version 2.5.0 - Resolves: CVE-2022-43680
- Rebase to version 2.4.9 - Resolves: CVE-2022-40674
- Rebase to version 2.4.7 - Resolves: rhbz#2067201 - Resolves: CVE-2022-25313 - Resolves: CVE-2022-25314 - Resolves: CVE-2022-25236
- Improve fix for CVE-2022-25236 - Related: CVE-2022-25236
- Fix multiple CVEs - CVE-2022-25236 expat: namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution - CVE-2022-25235 expat: malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution - CVE-2022-25315 expat: integer overflow in storeRawNames() - Resolves: CVE-2022-25236 - Resolves: CVE-2022-25235 - Resolves: CVE-2022-25315