| Message ID | 20200106175038.22485-1-pepe.schlehofer@gmail.com |
|---|---|
| State | Accepted |
| Delegated to: | Hauke Mehrtens |
| Headers | show |
| Series | [OpenWrt-Devel,18.06] tools/expat: Update to version 2.2.9 | expand |
Hello, Someone can be asking why I'm sending this patch just now when Hauke wants to tag the new release of OpenWrt 18.06. I sent this patch on 1st January 2020, but since then it is waiting for moderator approval because my message is being held. Unfortunately, I wrote about this a few times in IRC channel #openwrt-devel on Freenode, but it didn't help. That's why I resend it. Regards, Josef On 06. 01. 20 18:50, Josef Schlehofer wrote: > Fixes two CVEs: > - CVE-2019-15903 (Fix heap overflow triggered by XML_GetCurrentLineNumber) > - CVE-2018-20843 (Fix extraction of namespace prefixes from XML names) > > Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> > --- > tools/expat/Makefile | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/tools/expat/Makefile b/tools/expat/Makefile > index 54527a7d0a..de7f2a0deb 100644 > --- a/tools/expat/Makefile > +++ b/tools/expat/Makefile > @@ -9,10 +9,10 @@ include $(TOPDIR)/rules.mk > > PKG_NAME:=expat > PKG_CPE_ID:=cpe:/a:libexpat:expat > -PKG_VERSION:=2.2.5 > +PKG_VERSION:=2.2.9 > > PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 > -PKG_HASH:=d9dc32efba7e74f788fcc4f212a43216fc37cf5f23f4c2339664d473353aedf6 > +PKG_HASH:=f1063084dc4302a427dabcca499c8312b3a32a29b7d2506653ecc8f950a9a237 > PKG_SOURCE_URL:=@SF/expat > > HOST_BUILD_PARALLEL:=1
diff --git a/tools/expat/Makefile b/tools/expat/Makefile index 54527a7d0a..de7f2a0deb 100644 --- a/tools/expat/Makefile +++ b/tools/expat/Makefile @@ -9,10 +9,10 @@ include $(TOPDIR)/rules.mk PKG_NAME:=expat PKG_CPE_ID:=cpe:/a:libexpat:expat -PKG_VERSION:=2.2.5 +PKG_VERSION:=2.2.9 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 -PKG_HASH:=d9dc32efba7e74f788fcc4f212a43216fc37cf5f23f4c2339664d473353aedf6 +PKG_HASH:=f1063084dc4302a427dabcca499c8312b3a32a29b7d2506653ecc8f950a9a237 PKG_SOURCE_URL:=@SF/expat HOST_BUILD_PARALLEL:=1
Fixes two CVEs: - CVE-2019-15903 (Fix heap overflow triggered by XML_GetCurrentLineNumber) - CVE-2018-20843 (Fix extraction of namespace prefixes from XML names) Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> --- tools/expat/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)