Changes: Document regression from CVE-2022-25313 fix

author: Sebastian Pipping <sebastian@pipping.org> 2022-02-20 04:25:52 +0100
committer: Samanta Navarro <ferivoz@riseup.net> 2022-02-20 11:55:54 +0000
commit: 2722201a5baffbbe5c4942a42dd1fa21b8d22ccc (patch)
tree: da9bf35d91800e3a3bb8e3d82defccdfa5d2bdb4 /expat
parent: 154e565f6ef329c9ec97e6534c411ddde0b320c8 (diff)
download: libexpat-git-2722201a5baffbbe5c4942a42dd1fa21b8d22ccc.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/expat/Changes b/expat/Changes
index d122ac49..e3cf45a3 100644
--- a/expat/Changes
+++ b/expat/Changes
@@ -2,6 +2,22 @@ NOTE: We are looking for help with a few things:
       https://github.com/libexpat/libexpat/labels/help%20wanted
       If you can help, please get in touch.  Thanks!
 
+Release x.x.x xxx xxxxxxxx xx xxxx
+        Bug fixes:
+            #???  Fix a regression intruced by the fix for CVE-2022-25313
+                    in release 2.4.5 that affects applications that (1)
+                    call function XML_SetElementDeclHandler and (2) are
+                    parsing XML that contains nested element declarations
+                    (e.g. "<!ELEMENT junk ((bar|foo|xyz+), zebra*)>").
+
+        Special thanks to:
+            Matt Sergeant
+            Samanta Navarro
+            Sergei Trofimovich
+                 and
+            NixOS
+            Perl XML::Parser
+
 Release 2.4.5 Fri February 18 2022
         Security fixes:
             #562  CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8
author	Sebastian Pipping <sebastian@pipping.org>	2022-02-20 04:25:52 +0100
committer	Samanta Navarro <ferivoz@riseup.net>	2022-02-20 11:55:54 +0000
commit	2722201a5baffbbe5c4942a42dd1fa21b8d22ccc (patch)
tree	da9bf35d91800e3a3bb8e3d82defccdfa5d2bdb4 /expat
parent	154e565f6ef329c9ec97e6534c411ddde0b320c8 (diff)
download	libexpat-git-2722201a5baffbbe5c4942a42dd1fa21b8d22ccc.tar.gz