deepcrayon/buildroot
deepcrayon/buildroot
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

package/expat: security bump to version 2.2.7

Browse source 
Fixes the following security vulnerabilites:

CVE-2018-20843: In libexpat in Expat before 2.2.7, XML input including XML
names that contain a large number of colons could make the XML parser
consume a high amount of RAM and CPU resources while processing (enough to
be usable for denial-of-service attacks).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This commit is contained in:
Peter Korsgaard 2019-06-28 15:26:13 +02:00 committed by Arnout Vandecappelle (Essensium/Mind)
parent cdbb3ced00
commit 84fd08cf4f
2 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
package/expat/expat.hash
View file

@ -1,7 +1,7 @@
# From https://sourceforge.net/projects/expat/files/expat/2.2.6/
md5 ca047ae951b40020ac831c28859161b2 expat-2.2.6.tar.bz2
sha1 c8947fc3119a797b55485f2f7bdaaeb49cc9df01 expat-2.2.6.tar.bz2
# From https://sourceforge.net/projects/expat/files/expat/2.2.7/
md5 72f36b87cdb478aba1e78473393766aa expat-2.2.7.tar.bz2
sha1 9c8a268211e3f1ae31c4d550e5be7708973ec6a6 expat-2.2.7.tar.bz2
# Locally calculated
sha256 17b43c2716d521369f82fc2dc70f359860e90fa440bea65b3b85f0b246ea81f2 expat-2.2.6.tar.bz2
sha256 cbc9102f4a31a8dafd42d642e9a3aa31e79a0aedaa1f6efd2795ebc83174ec18 expat-2.2.7.tar.bz2
sha256 46336ab2fec900803e2f1a4253e325ac01d998efb09bc6906651f7259e636f76 COPYING

2
package/expat/expat.mk
View file

@ -4,7 +4,7 @@
#
################################################################################
EXPAT_VERSION = 2.2.6
EXPAT_VERSION = 2.2.7
EXPAT_SITE = http://downloads.sourceforge.net/project/expat/expat/$(EXPAT_VERSION)
EXPAT_SOURCE = expat-$(EXPAT_VERSION).tar.bz2
EXPAT_INSTALL_STAGING = YES