Hello, Someone can be asking why I'm sending this patch just now when Hauke wants to tag the new release of OpenWrt 18.06. I sent this patch on 1st January 2020, but since then it is waiting for moderator approval because my message is being held.
Unfortunately, I wrote about this a few times in IRC channel #openwrt-devel on Freenode, but it didn't help. That's why I resend it. Regards, Josef On 06. 01. 20 18:50, Josef Schlehofer wrote: > Fixes two CVEs: > - CVE-2019-15903 (Fix heap overflow triggered by XML_GetCurrentLineNumber) > - CVE-2018-20843 (Fix extraction of namespace prefixes from XML names) > > Signed-off-by: Josef Schlehofer <pepe.schleho...@gmail.com> > --- > tools/expat/Makefile | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/tools/expat/Makefile b/tools/expat/Makefile > index 54527a7d0a..de7f2a0deb 100644 > --- a/tools/expat/Makefile > +++ b/tools/expat/Makefile > @@ -9,10 +9,10 @@ include $(TOPDIR)/rules.mk > > PKG_NAME:=expat > PKG_CPE_ID:=cpe:/a:libexpat:expat > -PKG_VERSION:=2.2.5 > +PKG_VERSION:=2.2.9 > > PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 > -PKG_HASH:=d9dc32efba7e74f788fcc4f212a43216fc37cf5f23f4c2339664d473353aedf6 > +PKG_HASH:=f1063084dc4302a427dabcca499c8312b3a32a29b7d2506653ecc8f950a9a237 > PKG_SOURCE_URL:=@SF/expat > > HOST_BUILD_PARALLEL:=1 _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel