diff options
| author | Sebastian Pipping <sebastian@pipping.org> | 2022-10-25 15:21:40 +0200 |
|---|---|---|
| committer | Sebastian Pipping <sebastian@pipping.org> | 2022-10-25 15:21:40 +0200 |
| commit | fe8ff0345f889b322215739a3fa7b6ca8a8a6bbe (patch) | |
| tree | 1d44e65d617abf6ecb6b5e4be7ff926abbca4a90 | |
| parent | acbbef94204b280b2d3492e6daa9fd19e51d6cac (diff) | |
| download | libexpat-git-fe8ff0345f889b322215739a3fa7b6ca8a8a6bbe.tar.gz | |
Changes: Add note on impact of CVE-2022-43680
| -rw-r--r-- | expat/Changes | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/expat/Changes b/expat/Changes index fc70198e..e6717105 100644 --- a/expat/Changes +++ b/expat/Changes @@ -6,7 +6,9 @@ Release 2.5.0 Tue October 25 2022 Security fixes: #616 #649 #650 CVE-2022-43680 -- Fix heap use-after-free after overeager destruction of a shared DTD in function - XML_ExternalEntityParserCreate in out-of-memory situations + XML_ExternalEntityParserCreate in out-of-memory situations. + Expected impact is denial of service or potentially + arbitrary code execution. Bug fixes: #612 #645 Fix curruption from undefined entities |