[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Expat 2.2.8 with security fixes has been released
Hi everyone! Expat 2.2.8 [1] has been released yesterday. This release fixes a security issue — a heap buffer over-read known as CVE-2019-15903 [2] reported by Joonun Jang resulting in Denial of Service —, starts using the rand_s function on Windows and MinGW (ending the previous LoadLibrary hack), includes non-security bugfixes, many build system fixes and improvements, improvements to xmlwf usability, and more. For more details regarding the latest release, please check out the changelog [3]. If you maintain Expat packaging or a bundled copy of Expat or a pinned version of Expat somewhere, please update to 2.2.8. Thank you! Best Sebastian Pipping [1] https://github.com/libexpat/libexpat/releases/tag/R_2_2_8 [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903 [3] https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|