Changes: Document CVE-2022-23990

author: Sebastian Pipping <sebastian@pipping.org> 2022-01-26 02:51:39 +0100
committer: Sebastian Pipping <sebastian@pipping.org> 2022-01-26 19:33:23 +0100
commit: 6e3449594fb2f61c92fc561f51f82196fdd15d63 (patch)
tree: aafaa25594cf036b1b0d10c8ab2d8cbe1fa45d53
parent: ede41d1e186ed2aba88a06e84cac839b770af3a1 (diff)
download: libexpat-git-6e3449594fb2f61c92fc561f51f82196fdd15d63.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/expat/Changes b/expat/Changes
index 5ff5da5e..ec1f7604 100644
--- a/expat/Changes
+++ b/expat/Changes
@@ -10,12 +10,18 @@ Release x.x.x xxx xxxxxxx xx xxxx
                     for when XML_CONTEXT_BYTES is defined to >0 (which is both
                     common and default).
                     Impact is denial of service or more.
+            #551  CVE-2022-23990 -- Fix unsigned integer overflow in function
+                    doProlog triggered by large content in element type
+                    declarations when there is an element declaration handler
+                    present (from a prior call to XML_SetElementDeclHandler).
+                    Impact is denial of service or more.
 
         Bug fixes:
        #544 #545  xmlwf: Fix a memory leak on output file opening error
 
         Special thanks to:
             hwt0415
+            Roland Illig
             Samanta Navarro
                  and
             Clang LeakSan and the Clang team
author	Sebastian Pipping <sebastian@pipping.org>	2022-01-26 02:51:39 +0100
committer	Sebastian Pipping <sebastian@pipping.org>	2022-01-26 19:33:23 +0100
commit	6e3449594fb2f61c92fc561f51f82196fdd15d63 (patch)
tree	aafaa25594cf036b1b0d10c8ab2d8cbe1fa45d53
parent	ede41d1e186ed2aba88a06e84cac839b770af3a1 (diff)
download	libexpat-git-6e3449594fb2f61c92fc561f51f82196fdd15d63.tar.gz