CVS: cvs.openbsd.org: src

Alexander Bluhm Thu, 12 Sep 2019 08:35:23 -0700

CVSROOT:        /cvs
Module name:    src
Changes by:     bl...@cvs.openbsd.org   2019/09/12 09:34:20


Modified files:
        lib/libexpat/lib: Tag: OPENBSD_6_4 xmlparse.c 

Log message:
Fix heap overflow in libexpat 2.2.6 triggered by XML_GetCurrentLineNumber
(or XML_GetCurrentColumnNumber), and deny internal entities closing
the doctype; CVE-2019-15903
fixed in commit c20b758c332d9a13afbbb276d30db1d183a85d43
OK tb@, Sebastian Pipping

OpenBSD 6.4 errata 024

CVS: cvs.openbsd.org: src

Reply via email to