commit expat for openSUSE:Factory

Wed, 04 Feb 2026 12:07:04 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package expat for openSUSE:Factory checked 
in at 2026-02-04 21:06:08
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/expat (Old)
 and      /work/SRC/openSUSE:Factory/.expat.new.1670 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "expat"

Wed Feb  4 21:06:08 2026 rev:84 rq:1330687 version:2.7.4

Changes:
--------
--- /work/SRC/openSUSE:Factory/expat/expat.changes      2025-09-30 
17:34:22.669065187 +0200
+++ /work/SRC/openSUSE:Factory/.expat.new.1670/expat.changes    2026-02-04 
21:06:10.828808925 +0100
@@ -1,0 +2,21 @@
+Tue Feb  3 08:17:21 UTC 2026 - Petr Gajdos <[email protected]>
+
+- version update to 2.7.4
+  * CVE-2026-24515 -- Function XML_ExternalEntityParserCreate
+            failed to copy the encoding handler data passed to
+            XML_SetUnknownEncodingHandler from the parent to the new
+            subparser. This can cause a NULL dereference (CWE-476) from
+            external entities that declare use of an unknown encoding.
+            The expected impact is denial of service. It takes use of
+            both functions XML_ExternalEntityParserCreate and
+            XML_SetUnknownEncodingHandler for an application to be
+            vulnerable.
+  * CVE-2026-25210 -- Add missing check for integer overflow
+            related to buffer size determination in function doContent
+  * lib: Fix missing undoing of group size expansion in doProlog
+            failure cases
+  * xmlwf: Fix a memory leak
+  * WASI: Fix format specifiers for 32bit WASI SDK
+- fixes [bsc#1257144] and [bsc#1257496]
+
+-------------------------------------------------------------------

Old:
----
  expat-2.7.3.tar.xz
  expat-2.7.3.tar.xz.asc

New:
----
  expat-2.7.4.tar.xz
  expat-2.7.4.tar.xz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ expat.spec ++++++
--- /var/tmp/diff_new_pack.4OeQlH/_old  2026-02-04 21:06:11.848851644 +0100
+++ /var/tmp/diff_new_pack.4OeQlH/_new  2026-02-04 21:06:11.852851811 +0100
@@ -17,10 +17,10 @@
 #
 
 
-%global unversion 2_7_3
+%global unversion 2_7_4
 %define sover 1
 Name:           expat
-Version:        2.7.3
+Version:        2.7.4
 Release:        0
 Summary:        XML Parser Toolkit
 License:        MIT

++++++ expat-2.7.3.tar.xz -> expat-2.7.4.tar.xz ++++++
++++ 8927 lines of diff (skipped)

Reply via email to