diff options
| author | Sebastian Pipping <sebastian@pipping.org> | 2022-01-05 18:25:41 +0100 |
|---|---|---|
| committer | Sebastian Pipping <sebastian@pipping.org> | 2022-01-10 16:51:50 +0100 |
| commit | f488b072b75d090f76aa61146ddf743813e9b81b (patch) | |
| tree | c197797f03fa6b60c858382ac57801f74c462723 | |
| parent | 85ae9a2d7d0e9358f356b33977b842df8ebaec2b (diff) | |
| download | libexpat-git-f488b072b75d090f76aa61146ddf743813e9b81b.tar.gz | |
Changes: Document integer overflow CVE-2021-46143
| -rw-r--r-- | expat/Changes | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/expat/Changes b/expat/Changes index 4d4de0bb..98d4f53c 100644 --- a/expat/Changes +++ b/expat/Changes @@ -16,6 +16,10 @@ Release x.x.x xxx xxxxxxxx xx xxxx where XML_ParserCreateNS is used to create the parser (which needs argument "-n" when running xmlwf). Impact is denial of service, or more. + #532 #538 CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow + on variable m_groupSize in function doProlog leading + to realloc acting as free. + Impact is denial of service or more. Other changes: #535 CMake: Make call to file(GENERATE [..]) work for CMake <3.19 @@ -27,11 +31,13 @@ Release x.x.x xxx xxxxxxxx xx xxxx #536 CI: Check for realistic minimum CMake version Special thanks to: + An anonymous whitehat Christopher Degawa J. Peter Mugaas Tyson Smith and GCC Farm Project + Trend Micro Zero Day Initiative Release 2.4.2 Sun December 19 2021 Other changes: |