diff options
Diffstat (limited to 'expat/Changes')
| -rw-r--r-- | expat/Changes | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/expat/Changes b/expat/Changes index 6198e4ff..2a898778 100644 --- a/expat/Changes +++ b/expat/Changes @@ -4,6 +4,13 @@ NOTE: We are looking for help with a few things: Release X.X.X XXX XXXXXXX XX XXXX Security fixes: + #562 CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8 + sequences (e.g. from start tag names) to the XML + processing application on top of Expat can cause + arbitrary damage (e.g. code execution) depending + on how invalid UTF-8 is handled inside the XML + processor; validation was not their job but Expat's. + Exploits with code execution are known to exist. #561 CVE-2022-25236 -- Passing (one or more) namespace separator characters in "xmlns[:prefix]" attribute values made Expat send malformed tag names to the XML |