On 05/31/16 21:47, Remi Pointel wrote:
CVSROOT: /cvs
Module name: src
Changes by: rpoin...@cvs.openbsd.org 2016/05/31 13:47:31
Modified files:
lib/libexpat/lib: xmlparse.c xmltok.c xmltok.h xmltok_impl.c
Log message:
fix CVE-2016-0718.
Details for this fix:
The Expat XML parser mishandles certain kinds of malformed
input documents, resulting in buffer overflows during processing and
error reporting. The overflows can manifest as a segmentation fault or
as memory corruption during a parse operation. The bugs allow for a
denial of service attack in many applications by an unauthenticated
attacker, and could conceivably result in remote code execution.
Remi.
