Changes: Document CVE-2022-25236

2022-02-12 01:30:47 +01:00 · 2022-02-12 01:30:47 +01:00 · e4d7e49782
commit e4d7e49782
parent 2de077423f
1 changed files with 16 additions and 0 deletions
--- a/expat/Changes
+++ b/expat/Changes
@ -2,6 +2,22 @@ NOTE: We are looking for help with a few things:
      https://github.com/libexpat/libexpat/labels/help%20wanted
      If you can help, please get in touch.  Thanks!

+Release X.X.X XXX XXXXXXX XX XXXX
+        Security fixes:
+            #561  CVE-2022-25236 -- Passing (one or more) namespace separator
+                    characters in "xmlns[:prefix]" attribute values
+                    made Expat send malformed tag names to the XML
+                    processor on top of Expat which can cause
+                    arbitrary damage (e.g. code execution) depending
+                    on such unexpectable cases are handled inside the XML
+                    processor; validation was not their job but Expat's.
+                    Exploits with code execution are known to exist.
+
+        Special thanks to:
+            Ivan Fratric
+                 and
+            Google Project Zero
+
 Release 2.4.4 Sun January 30 2022
        Security fixes:
            #550  CVE-2022-23852 -- Fix signed integer overflow