summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--expat/Changes10
1 files changed, 10 insertions, 0 deletions
diff --git a/expat/Changes b/expat/Changes
index 98d4f53c..d035bad6 100644
--- a/expat/Changes
+++ b/expat/Changes
@@ -20,6 +20,16 @@ Release x.x.x xxx xxxxxxxx xx xxxx
on variable m_groupSize in function doProlog leading
to realloc acting as free.
Impact is denial of service or more.
+ #539 CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
+ near memory allocation at multiple places. Mitre assigned
+ a dedicated CVE for each involved internal C function:
+ - CVE-2022-22822 for function addBinding
+ - CVE-2022-22823 for function build_model
+ - CVE-2022-22824 for function defineAttribute
+ - CVE-2022-22825 for function lookup
+ - CVE-2022-22826 for function nextScaffoldPart
+ - CVE-2022-22827 for function storeAtts
+ Impact is denial of service or more.
Other changes:
#535 CMake: Make call to file(GENERATE [..]) work for CMake <3.19