Changes: Document CVE-2022-25236

author: Sebastian Pipping <sebastian@pipping.org> 2022-02-12 01:30:47 +0100
committer: Sebastian Pipping <sebastian@pipping.org> 2022-02-16 02:07:31 +0100
commit: e4d7e49782dafed160f0af8af907681dfd35bda7 (patch)
tree: 375519e69bf6d6f8475c2d61e2d0f6aa351c0056
parent: 2de077423fb22750ebea599677d523b53cb93b1d (diff)
download: libexpat-git-e4d7e49782dafed160f0af8af907681dfd35bda7.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/expat/Changes b/expat/Changes
index 9c1b5c7b..6198e4ff 100644
--- a/expat/Changes
+++ b/expat/Changes
@@ -2,6 +2,22 @@ NOTE: We are looking for help with a few things:
       https://github.com/libexpat/libexpat/labels/help%20wanted
       If you can help, please get in touch.  Thanks!
 
+Release X.X.X XXX XXXXXXX XX XXXX
+        Security fixes:
+            #561  CVE-2022-25236 -- Passing (one or more) namespace separator
+                    characters in "xmlns[:prefix]" attribute values
+                    made Expat send malformed tag names to the XML
+                    processor on top of Expat which can cause
+                    arbitrary damage (e.g. code execution) depending
+                    on such unexpectable cases are handled inside the XML
+                    processor; validation was not their job but Expat's.
+                    Exploits with code execution are known to exist.
+
+        Special thanks to:
+            Ivan Fratric
+                 and
+            Google Project Zero
+
 Release 2.4.4 Sun January 30 2022
         Security fixes:
             #550  CVE-2022-23852 -- Fix signed integer overflow
author	Sebastian Pipping <sebastian@pipping.org>	2022-02-12 01:30:47 +0100
committer	Sebastian Pipping <sebastian@pipping.org>	2022-02-16 02:07:31 +0100
commit	e4d7e49782dafed160f0af8af907681dfd35bda7 (patch)
tree	375519e69bf6d6f8475c2d61e2d0f6aa351c0056
parent	2de077423fb22750ebea599677d523b53cb93b1d (diff)
download	libexpat-git-e4d7e49782dafed160f0af8af907681dfd35bda7.tar.gz