diff options
author | Sebastian Pipping <sebastian@pipping.org> | 2022-01-07 23:51:14 +0100 |
---|---|---|
committer | Sebastian Pipping <sebastian@pipping.org> | 2022-01-12 17:01:55 +0100 |
commit | 8e9f6ea08c0fdded06efcc4c124872bb4c82c89e (patch) | |
tree | 1a09e20612cef979877ca0e15df9ac796d56f54b /expat/Changes | |
parent | 9f93e8036e842329863bf20395b8fb8f73834d9e (diff) | |
download | libexpat-git-8e9f6ea08c0fdded06efcc4c124872bb4c82c89e.tar.gz |
Changes: Document CVE-2022-22822 to CVE-2022-22827prevent-more-integer-overflows
Diffstat (limited to 'expat/Changes')
-rw-r--r-- | expat/Changes | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/expat/Changes b/expat/Changes index 98d4f53c..d035bad6 100644 --- a/expat/Changes +++ b/expat/Changes @@ -20,6 +20,16 @@ Release x.x.x xxx xxxxxxxx xx xxxx on variable m_groupSize in function doProlog leading to realloc acting as free. Impact is denial of service or more. + #539 CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows + near memory allocation at multiple places. Mitre assigned + a dedicated CVE for each involved internal C function: + - CVE-2022-22822 for function addBinding + - CVE-2022-22823 for function build_model + - CVE-2022-22824 for function defineAttribute + - CVE-2022-22825 for function lookup + - CVE-2022-22826 for function nextScaffoldPart + - CVE-2022-22827 for function storeAtts + Impact is denial of service or more. Other changes: #535 CMake: Make call to file(GENERATE [..]) work for CMake <3.19 |