From 99cec436fbd9444f57ee74ca8ae4c0a13e561a4f Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Sat, 22 Jan 2022 17:49:17 +0100 Subject: [PATCH] Changes: Document CVE-2022-23852 --- expat/Changes | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/expat/Changes b/expat/Changes index 7540d38c..64d75d05 100644 --- a/expat/Changes +++ b/expat/Changes @@ -2,6 +2,18 @@ NOTE: We are looking for help with a few things: https://github.com/libexpat/libexpat/labels/help%20wanted If you can help, please get in touch. Thanks! +Release x.x.x xxx xxxxxxx xx xxxx + Security fixes: + #550 CVE-2022-23852 -- Fix signed integer overflow + (undefined behavior) in function XML_GetBuffer + (that is also called by function XML_Parse internally) + for when XML_CONTEXT_BYTES is defined to >0 (which is both + common and default). + Impact is denial of service or more. + + Special thanks to: + Samanta Navarro + Release 2.4.3 Sun January 16 2022 Security fixes: #531 #534 CVE-2021-45960 -- Fix issues with left shifts by >=29 places